r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9385
Expires: Thu, 08 Dec 2022 10:59:37 GMT
Date: Thu, 08 Dec 2022 08:23:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20533
Expires: Thu, 08 Dec 2022 14:05:25 GMT
Date: Thu, 08 Dec 2022 08:23:12 GMT
Connection: keep-alive
hungtingon.serveirc.com/vfy/
35.80.21.195301 Moved Permanently 244 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/
IP 35.80.21.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 480ee0139c329ee7ffeeb2b14150b21a
6c8a4bea6236facc716f452136f00b14ff4cb3bc
60aee8e7795d711d8a6cfa1e84b0f808312800c5d16c43e431705301c6f6980c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /vfy/ HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 08:23:12 GMT
Server: Apache
Location: https://hungtingon.serveirc.com/vfy/
Content-Length: 244
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6978
Expires: Thu, 08 Dec 2022 10:19:30 GMT
Date: Thu, 08 Dec 2022 08:23:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 08:08:09 GMT
content-type: application/json
age: 903
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jTa091aZZfGmfBRs3BI/b8UQCtJX8Z5xxCrsq4n9R9WRc+uWVfQzoOfGyD9ZHbTYkItniheV6kA=
x-amz-request-id: 3QY9HARQ102BXP2M
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 07:47:50 GMT
age: 2122
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:23:12 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 08:07:55 GMT
age: 917
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6073
Cache-Control: max-age=95090
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:13 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:48:03 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.237.163.41101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.163.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IKp2RIwcz22yxv++Ylsl5Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HoBMlpNnMfsEaszb93/E888DuU8=
hungtingon.serveirc.com/vfy/
35.80.21.195302 Found 0 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/
IP 35.80.21.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /vfy/ HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Date: Thu, 08 Dec 2022 08:23:12 GMT
Server: Apache
location: login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
35.80.21.195200 OK 147 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
IP 35.80.21.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3686)
Size 147 kB (146775 bytes)
Hash a5d37435ed7dfe018f25f91bf94f8e6d
8e7b44891ec066d77c96d2763fa7a5ddd5f95f75
263c1c214a87243791fd4d0e7167aadc79ef3a3063ee30ab37f44fd63d1f9afc
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:13 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
hungtingon.serveirc.com/vfy/assets/css/site-survey.min.css
35.80.21.195200 OK 4.4 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/css/site-survey.min.css
IP 35.80.21.195:0
File type ASCII text, with very long lines (4339)
Hash b7d2a4622e5ba8af4ae30cd30c8938c1
3626734028846b756f4f0e946b5b815311305b81
8aa0a535b8d47209c6a2dfc8f3168f5922e84d5aafb98e8a9db0300dddadacaf
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/css/site-survey.min.css HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 12:51:36 GMT
Accept-Ranges: bytes
Content-Length: 4388
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-700.woff2
35.80.21.195200 OK 17 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-700.woff2
IP 35.80.21.195:0
File type Web Open Font Format (Version 2), TrueType, length 17128, version 1.0\012- data
Hash 8f65fa68cfb5d8cc4f4fa728a470332b
62b57f937d710caae3ee52435ba0c408e8653c43
34f3c7445d22c1509aeecc5d020b6d24c9e2f63b3c0514cebbc3813798965273
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/fonts/muli-v11-latin-700.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:30 GMT
Accept-Ranges: bytes
Content-Length: 17128
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Bold.woff2
35.80.21.195200 OK 20 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Bold.woff2
IP 35.80.21.195:0
File type Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data
Hash ee5e65624970575e475f375b29b0b22b
6e622749b6f7092e825eb7ed90b74c3d70fa43b9
deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:25:42 GMT
Accept-Ranges: bytes
Content-Length: 19712
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Medium.woff2
35.80.21.195200 OK 20 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Medium.woff2
IP 35.80.21.195:0
File type Web Open Font Format (Version 2), TrueType, length 19976, version 1.131\012- data
Hash 3a077fd2bd5357dd3e08636baa59af5b
266784e6eb28365e3779a398e462193572b0278a
04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:37:44 GMT
Accept-Ranges: bytes
Content-Length: 19976
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Book.woff2
35.80.21.195200 OK 21 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-Book.woff2
IP 35.80.21.195:0
File type Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data
Hash a075767d12a8cc86d52367ef3aacec11
9aef8898e7a319ee5cbe08c5b0cec63512561d7d
e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/fonts/HuntingtonApexWeb-Book.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:02 GMT
Accept-Ranges: bytes
Content-Length: 20592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2
35.80.21.195200 OK 19 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2
IP 35.80.21.195:0
File type Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data
Hash 6bcfcbed1f0aa26a245423d2e4bcde4f
d17df2ba457e3009ee38db903b88671885c3984e
9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:14 GMT
Accept-Ranges: bytes
Content-Length: 18636
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-600.woff2
35.80.21.195200 OK 17 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-600.woff2
IP 35.80.21.195:0
File type Web Open Font Format (Version 2), TrueType, length 17080, version 1.0\012- data
Hash b6e5b86d74352699fff02e4bdc5185e5
f01de24cfaf2f20e715e4d49023fcb19b1a62d1d
d09bb7e3de3760ca1d9375090796e4f1cf180f43c6457a874ed22c3b0a0b07ea
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/fonts/muli-v11-latin-600.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:56 GMT
Accept-Ranges: bytes
Content-Length: 17080
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2
hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-300.woff2
35.80.21.195200 OK 17 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/fonts/muli-v11-latin-300.woff2
IP 35.80.21.195:0
File type Web Open Font Format (Version 2), TrueType, length 16872, version 1.0\012- data
Hash 3d9d9afae68fc95977ec200c119c42a1
2b44b2f5ec04f2f06fd28c9041fb8fa582ab8fcc
f43ea36b900ae7aa4ec07956e9b1223ab00dac1f766d97580b1e2bfe721cdc24
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/fonts/muli-v11-latin-300.woff2 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:26:44 GMT
Accept-Ranges: bytes
Content-Length: 16872
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2
hungtingon.serveirc.com/vfy/assets/js/121543311796381
35.80.21.195200 OK 21 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/121543311796381
IP 35.80.21.195:0
File type ASCII text, with very long lines (6957)
Hash e3bf3fa0a912c14bfe1c0b7282fbfa8a
96b0a4a037c23ce2e7bc90c146610c473549665a
1358a42f383b6e651d8412fbd5ab4c3e89b8c427d325815783e78d00d95e4138
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/121543311796381 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:44 GMT
Accept-Ranges: bytes
Content-Length: 21019
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7675
Expires: Thu, 08 Dec 2022 10:31:09 GMT
Date: Thu, 08 Dec 2022 08:23:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7675
Expires: Thu, 08 Dec 2022 10:31:09 GMT
Date: Thu, 08 Dec 2022 08:23:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7675
Expires: Thu, 08 Dec 2022 10:31:09 GMT
Date: Thu, 08 Dec 2022 08:23:14 GMT
Connection: keep-alive
hungtingon.serveirc.com/vfy/assets/js/bat.js.download
35.80.21.195200 OK 28 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/bat.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (28050), with no line terminators
Hash f07693f6368c988acd20de4362479103
d04355e119fac2c9104c4fe98015e22f3f181d93
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/bat.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:48 GMT
Accept-Ranges: bytes
Content-Length: 28050
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/
35.80.21.195200 OK 16 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/
IP 35.80.21.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fa8316640645cc7682dc72155c9071ab
bc05804a2f8821d7f3426a697f33449ee11db4f5
c3306a4938b8907e33f172d29cea7fd6510ce0ec3df3054e651ca6fb3d029cae
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/ HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 12:11:17 GMT
age: 72717
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 35941
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:35:32 GMT
age: 31662
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51f870bb-e67d-4a93-bab0-cf574561a496.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51f870bb-e67d-4a93-bab0-cf574561a496.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cbd333b74ebe10e77c1bdf1fec0269
bbcfa6a3ae98d5e3f4ffd3b0d6ee6934c7ca33a8
7c868974824cef2f1a08c4500d10490fbaa8515984391b822c70a5009ad8c225
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51f870bb-e67d-4a93-bab0-cf574561a496.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8438
x-amzn-requestid: 79861560-2468-4c0a-afd8-800d1e6d6814
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4A5EbzIAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106d2-0b1efe0b006b8b0b2f69870b;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OInz4Evmbh2Z4PL2ogGsw6iOF9I-u-KhBhAsHHiA46CuHcqHo2Z34A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:07 GMT
age: 36607
etag: "bbcfa6a3ae98d5e3f4ffd3b0d6ee6934c7ca33a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bdf4703f3372054a7aadce1cb0e11bd0
84d060f66accd412503d52c385ee47cb35795c07
c5853b653ee328e567e2456be12450e04c1704ed64fb6234f008532e4b6c8363
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3744
x-amzn-requestid: 73eab74b-e50c-46d1-adde-3ef85fb772f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlj7FDiIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb618-70ffb1925e3a9ef6081d1cd1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mNqZM4645fF2zaqXJgT68q_xIbg2tvE1KaqK1P2LzC307rl4OTZ33Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:58:04 GMT
age: 37510
etag: "84d060f66accd412503d52c385ee47cb35795c07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce35df4fe4f77c950e40dc44b311bab4
aadf97d040e3577599581e892ee20f88d191bf91
f9c4cfc384213f77c0bbb252f3d6fbc22be60e1ecc158eece857d5050c8ced3c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5620
x-amzn-requestid: fadda084-c7fc-4ec0-bad0-27e97b8349d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gHGIMIAMFy_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-5dc824963fe82ab927205128;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MWB80hrfUMDjexNsySVGMXtm6Wva4t1gkJXaesFKRaGSkFS1r1zIrw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:24 GMT
age: 36590
etag: "aadf97d040e3577599581e892ee20f88d191bf91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hungtingon.serveirc.com/vfy/assets/js/ytc.js.download
35.80.21.195200 OK 15 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/ytc.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (14972), with no line terminators
Hash 49db10c8315384e8dad2e92a6841ed81
f576976a579cd50da6b717db5d48e1ea7137f744
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/ytc.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:48 GMT
Accept-Ranges: bytes
Content-Length: 14972
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/jquery-3.5.1.min.js.download
35.80.21.195200 OK 90 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/jquery-3.5.1.min.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/jquery-3.5.1.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 89476
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/fbevents.js.download
35.80.21.195200 OK 90 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/fbevents.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (64379)
Hash 61df3554472fe8057b5ae4537648d00d
125767dc32df57aa86a64801d9457923e378b397
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/fbevents.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:44 GMT
Accept-Ranges: bytes
Content-Length: 90273
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/js
35.80.21.195200 OK 97 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/js
IP 35.80.21.195:0
File type ASCII text, with very long lines (2639)
Hash 67e765e44e7d18ed41711d7e4935bc50
0289b9754b56ba057550a7e7d62e0b3587e43f2d
e5973becebda7e91d869447913826e69cd123d87e1a6f2ddf8897d72a63a3c6c
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/js HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:48 GMT
Accept-Ranges: bytes
Content-Length: 96892
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
hungtingon.serveirc.com/vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download
35.80.21.195200 OK 154 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (543)
Size 154 kB (154122 bytes)
Hash d33104f26092658d2becbbfa66e9d1fb
9c33f190903b2664af1f20b3a16ce2dca13d8a49
4249e4f7acbb2de46e66922b8ae70689820a9a6eb9a6f98a77d13190b7c2559e
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 154122
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/7a8ba97f
35.80.21.195200 OK 33 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/7a8ba97f
IP 35.80.21.195:0
File type ASCII text, with very long lines (19024)
Hash af77eedae6083a5bd6f07cec713ab58d
2804fbe107e6af68bf7e2d39cfb176987e1fc9ad
06af35b557f7713851c46e61fd940a1dcf2381d6372582a63abc43dfdee46c33
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/7a8ba97f HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:48 GMT
Accept-Ranges: bytes
Content-Length: 32863
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
hungtingon.serveirc.com/vfy/assets/js/toolkit.min.js.download
35.80.21.195200 OK 462 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/toolkit.min.js.download
IP 35.80.21.195:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 462 kB (461456 bytes)
Hash 325f5dd8b44503ea1799409a40addb9e
3887ffbc86f01677d34cce7ac8839305e175e97a
dbe44f4b698a44798e63a0177f6283a2dff01335f142be72dccfedd66e91554e
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/toolkit.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 461456
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/inqChatLaunch10006663.js.download
35.80.21.195200 OK 22 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/inqChatLaunch10006663.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (999)
Hash 1c9d96d3f228156fd7e9df9c531871d1
a118554b1208e30af4a0fef948c9566b8e7f4a94
648d971972fc0140127ab99989b3b55a28e8e3c2fcbf281390bbb7edf5000f26
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/inqChatLaunch10006663.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:50 GMT
Accept-Ranges: bytes
Content-Length: 22354
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/oo_engine.min.js.download
35.80.21.195200 OK 46 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/oo_engine.min.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (45689), with no line terminators
Hash 3023bde795e4926691e3691ace0d9356
053c86b53ec7bca624cffc3f6321697d35a1c5d5
1bf7836282cf0a1f1cae452a2b7d03f4857827aa682e36562831fe3bc34f30a5
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/oo_engine.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:50 GMT
Accept-Ranges: bytes
Content-Length: 45689
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/Bootstrap.js.download
35.80.21.195200 OK 226 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/Bootstrap.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (603)
Size 226 kB (225981 bytes)
Hash 8746e0eaa34beca77c5679a495ed1d3a
f8bc25c85508043935f3e63ff5cd1196c35762d6
83acf00ba4050132d8547daca62a4fca4670029aaa75b01c5e99179cbc6d4991
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/Bootstrap.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 225981
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/site-survey.min.js.download
35.80.21.195200 OK 7.5 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/site-survey.min.js.download
IP 35.80.21.195:0
File type ASCII text, with very long lines (7496)
Hash 374ca92abaa98bc7b2f19fe64114a18b
4c0a1441026a9337d322d7ae5536df1427e5c140
7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/site-survey.min.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 10:06:50 GMT
Accept-Ranges: bytes
Content-Length: 7541
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
hungtingon.serveirc.com/vfy/assets/js/06bebd2b36rn240c2a1532a26141a767
35.80.21.195200 OK 72 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/06bebd2b36rn240c2a1532a26141a767
IP 35.80.21.195:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 335f2776eaf4ca7eca9953d2240c3316
5f5702f072d8e721dd3557ccd2a0944b3cc58fa5
ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:48 GMT
Accept-Ranges: bytes
Content-Length: 72012
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
hungtingon.serveirc.com/vfy/assets/css/toolkit.min.css
35.80.21.195200 OK 354 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/css/toolkit.min.css
IP 35.80.21.195:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 354 kB (354237 bytes)
Hash c1a238b15d787d129d19c3b1e840ef82
f0a5a113d05a63617959d39aa735a47762c22a80
9aa364658609b56150bae76849da9138758ad120cb89fea2dd947017ce1c3f25
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/css/toolkit.min.css HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 354237
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
hungtingon.serveirc.com/vfy/assets/img/EHL_Black_HouseOnly.svg
35.80.21.195200 OK 707 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/img/EHL_Black_HouseOnly.svg
IP 35.80.21.195:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 422002ff598ec781dc753d0627bec1ee
d440d6acb305d644a4ba824a28c97f04511aac95
4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/img/EHL_Black_HouseOnly.svg HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 11:24:14 GMT
Accept-Ranges: bytes
Content-Length: 707
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
hungtingon.serveirc.com/vfy/assets/img/oo_icon_retina_black.gif
35.80.21.195200 OK 552 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/img/oo_icon_retina_black.gif
IP 35.80.21.195:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash 0f74fe3f4f85d3c7f096f2416efa893a
bffedd9c6e9b04c0e6f7f77bd689013de5e8d01e
15f5836e52324d46e89eed325a5de5158f0d9bb29d59e1ffc381d961a1f6980d
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/img/oo_icon_retina_black.gif HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 13:29:26 GMT
Accept-Ranges: bytes
Content-Length: 552
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/gif
hungtingon.serveirc.com/vfy/assets/img/lockup.svg
35.80.21.195200 OK 3.9 kB URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/img/lockup.svg
IP 35.80.21.195:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3937), with CRLF line terminators
Hash 760da63259e763df170dc8720b8d8a41
efd755d6b9efdb7ce688a77f4d68dee3498162eb
9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/img/lockup.svg HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 11:24:14 GMT
Accept-Ranges: bytes
Content-Length: 3942
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
hungtingon.serveirc.com/vfy/assets/img/logo-honeycomb.svg
35.80.21.195200 OK 844 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/img/logo-honeycomb.svg
IP 35.80.21.195:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with no line terminators
Hash d7ce1f5e222e75801ed22741962ac64b
3cf38997840e2047e145a747cbb220cee28adaab
83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/img/logo-honeycomb.svg HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:48 GMT
Accept-Ranges: bytes
Content-Length: 844
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
hungtingon.serveirc.com/vfy/assets/js/nuanceChat.html
35.80.21.195404 Not Found 315 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/nuanceChat.html
IP 35.80.21.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/nuanceChat.html HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595014|1670487794484; dtSa=-; dtLatC=689
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767
35.80.21.195404 Not Found 315 B URL HTTP/1.1 hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767
IP 35.80.21.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1335
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595014|1670487794484; dtSa=-; dtLatC=689
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:15 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash da956e057260390fdb0f031611642013
9a6e98aab555fffbb13725ed243d0710de42946f
bde9720713f98ab261e1c89c5981a26ae8120ba67a48d7e0c7214ebeca9529c8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3908
Cache-Control: max-age=151278
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:15 GMT
Etag: "63913b9d-1d7"
Expires: Sat, 10 Dec 2022 02:24:33 GMT
Last-Modified: Thu, 08 Dec 2022 01:19:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9dbb9fb1b63181ccda38275fa8d6d7d5
2cd8350dd8487afcf2bf131f7e0330ae50c6f81c
9106822a6921abeef993518f668a3f73852273493df0409f336f9f981a3c8c9f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4747
Cache-Control: max-age=90179
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:15 GMT
Etag: "639049ab-1d7"
Expires: Fri, 09 Dec 2022 09:26:14 GMT
Last-Modified: Wed, 07 Dec 2022 08:07:07 GMT
Server: ECS (amb/6B95)
X-Cache: HIT
Content-Length: 471
www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
95.101.10.201200 OK 1.2 kB URL HTTP/2 www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
IP 95.101.10.201:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (4339)
Hash 19ac7c952619cab53123eee38648d8bd
47e839324893deeef4e9f6b46dff135e1542dc9a
1a8ffa5f523a7a462b51616592473a2799bb0d687c1391d7d2ba3e5a58f95d78
GET /Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-type: text/css
etag: "01efff054ccd81:0"
last-modified: Mon, 19 Sep 2022 18:23:40 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-943239442"
x-ua-compatible: IE=edge
content-length: 1249
cache-control: public, max-age=1566383
expires: Mon, 26 Dec 2022 11:29:39 GMT
date: Thu, 08 Dec 2022 08:23:16 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
hungtingon.serveirc.com/vfy/assets/img/favicon-16x16.png
35.80.21.195200 OK 629 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/img/favicon-16x16.png
IP 35.80.21.195:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b3edcae46fea41cde6b830ecfe7f89e4
f031fd0f0050d9601254e35eecb6d573585418f9
5c838bb93e9d85d3badb18e708a16a8287505922eada63ed4fb7495eaefb0a17
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/img/favicon-16x16.png HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h6vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595235|1670487794484; dtSa=-; dtLatC=689; loginCookie=personalLogin
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:16 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:32:32 GMT
Accept-Ranges: bytes
Content-Length: 629
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png
hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767
35.80.21.195404 Not Found 315 B URL HTTP/1.1 hungtingon.serveirc.com/resources/06bebd2b36rn240c2a1532a26141a767
IP 35.80.21.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -5$87794474_296h10vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1554
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h10vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595545|1670487794484; dtSa=-; dtLatC=689; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
hungtingon.serveirc.com/akam/11/pixel_7a8ba97f
35.80.21.195404 Not Found 315 B URL HTTP/1.1 hungtingon.serveirc.com/akam/11/pixel_7a8ba97f
IP 35.80.21.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery huntington Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
POST /akam/11/pixel_7a8ba97f HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-dtpc: -5$87794474_296h13vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0
Content-Length: 2834
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Cookie: dtCookie=-5$ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1; rxVisitor=16704877944829MDVIN080N6678MM1R2OCLRI8KP4FFCN; dtPC=-5$87794474_296h13vSVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0; rxvt=1670489595894|1670487794484; dtSa=-; dtLatC=689; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 08:23:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
34.242.179.188200 OK 38 kB URL HTTP/2 ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
IP 34.242.179.188:0
File type ASCII text, with very long lines (823)
Hash c4f4fede393274527dc82a8e3ebb45c8
a77f5236aaae037b33678b765d2ec91483139083
492d14496a0424f3fa4ecef2660cebbd5bc9e9629bffb2bb44d9057a037e9fb9
GET /huntington/com/serverComponent.php?r=2126829006.7238393&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:23:16 GMT
content-type: text/javascript
vary: Accept-Encoding
expires: Thu, 08 Dec 2022 08:23:15 GMT
cache-control: no-cache, no-store
x-cache: Miss from cloudfront
via: 1.1 8c8084716542b7132c319aa80cffeee6.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: l6A3VB8Go5kPIcyWQ766zFu8qwWXgzd1ZXTOu2pTTcLIVXh-9X7hcA==
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=DC-10701487
142.250.74.8200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-10701487
IP 142.250.74.8:0
File type ASCII text, with very long lines (1921)
Hash dc5117400b8c20539b9ccdae5ed5deff
6958b597fd2eed50cc256076ee92da3fff3db2f2
0a04062bccfeeb60b9e96ef69b68ef5567b75ca616334b058f1b99dd5a4da75b
GET /gtag/js?id=DC-10701487 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 08:23:16 GMT
expires: Thu, 08 Dec 2022 08:23:16 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44135
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.clinch.co/a_js/client_pixels/clq/script.min.js
95.101.10.121200 OK 4.6 kB URL HTTP/1.1 cdn.clinch.co/a_js/client_pixels/clq/script.min.js
IP 95.101.10.121:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (14797), with no line terminators
Hash 87474300d7f17748e3ed24b42d4bee2b
9d2c3a1f2b9cffdcb309ea2a2b13bed7b693042c
0388ad3b8fc80cfb336b71fabe7c01a2a8d8ff699fb448f4105a7d9ff5f680ef
GET /a_js/client_pixels/clq/script.min.js HTTP/1.1
Host: cdn.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: GOUPBDUqUrWxvP4/HKrzDYlrArfvlOmQz/pa4jdSpy+ixsYiakPlmO04sxkhp2bewI29qI1gmfQ=
x-amz-request-id: C4V9F73KCAC1YNPX
Last-Modified: Tue, 11 Jan 2022 12:52:46 GMT
ETag: "666e09028e21421106f9ecd0ceb1ddac"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=26879445
Expires: Sun, 15 Oct 2023 10:54:01 GMT
Date: Thu, 08 Dec 2022 08:23:16 GMT
Content-Length: 4567
Connection: keep-alive
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,HEAD,OPTIONS
Access-Control-Allow-Origin: *
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
snap.licdn.com/li.lms-analytics/insight.min.js
95.101.11.57200 OK 4.6 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 95.101.11.57:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12961)
Hash c1a25b303b61b25e995516f5559bcdea
3c16a6fa3a2a6dc59d57a9ea1588c4f259884688
2063d2d1415ce9437e9331cb9a798714a5b2e106a65d6dc0ef0d426a5a4c30f2
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=84462
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 4581
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7d047c6733f9c8d5998cae08d314f084
c23a8dce8a76dd01e22650fc1c19af2bae963008
d13c4f663e010387e21eece93c733faf5f2c3f9ff8ffca7aad99235aa990bea5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6227
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Last-Modified: Thu, 08 Dec 2022 06:39:29 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: R+d3vOq2djJ6zr34iE4F7MknSL1fogWDK5Vxl549tguqM3yXzl8Zuhmfyv5AYbccBt9BtX/7YxRO2jRti5KG2Q==
content-length: 27340
x-fb-trip-id: 1679558926
date: Thu, 08 Dec 2022 08:23:16 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7d047c6733f9c8d5998cae08d314f084
c23a8dce8a76dd01e22650fc1c19af2bae963008
d13c4f663e010387e21eece93c733faf5f2c3f9ff8ffca7aad99235aa990bea5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6227
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:16 GMT
Last-Modified: Thu, 08 Dec 2022 06:39:29 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
s.yimg.com/wi/ytc.js
188.125.94.204200 OK 5.9 kB IP 188.125.94.204:0
File type ASCII text, with very long lines (16553), with no line terminators
Hash 2f6a1b8a4843f74a5ba54c055fcb3850
919a5f9166f3f9c73803cebd312ad016570a30d8
1b6439153633e4e2dc23c743e14218931c1b4912bc7a3ad64bfee1d2d6982f50
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: d3j7rZlGBvV5MnpPwtNmQ7Q2XzQAR3tz7nxMqWf8NlIDcWbRmX5iHkEw2KSXj1GL04wI8bQ9n8w=
x-amz-request-id: 1DE4F7GTKPMVM2E2
date: Thu, 08 Dec 2022 07:46:40 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 2197
content-length: 5929
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token
143.204.55.87200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token
IP 143.204.55.87:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/291554/domain/hungtingon.serveirc.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://hungtingon.serveirc.com/
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Thu, 08 Dec 2022 07:16:26 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MO3Jccg2AITYlgXNg8ORvkAqZd1iYb5PAnbO3klRjvyIZ6p9ZV6IPw==
age: 4011
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 967 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2285), with no line terminators
Hash 9483b5714a4d6b7e76e29b441c3854c3
64fed7e3df0b05557e4080bc504ec09e52b51da8
97c3965e37bbc589a95e1d606d910e849710e6169c2857036dd17e8220155127
GET /pagead/viewthroughconversion/849073348/?random=1670487796391&cv=11&fst=1670487796391&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 967
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 970 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2285), with no line terminators
Hash 7736dc7132fb67175756c1b81ea06015
319cd88e20ed7e3f7501318765e1e4d4c756691f
ab516445b396d567a43f97f1c7ef3590e5b6e87038f7c1fcb4e9fe6d477e3e59
GET /pagead/viewthroughconversion/849063932/?random=1670487796416&cv=11&fst=1670487796416&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 970
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 969 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2283), with no line terminators
Hash 376627b5170ebab942f9f6794bd61daa
2af6363d6ff5e1be78e5c3c64e85c41e4a99de10
ae5d82427de36a5885ca85495c6de8d1c6dc1734f4113ad50e0ae99a10b63ed9
GET /pagead/viewthroughconversion/391028924/?random=1670487796432&cv=11&fst=1670487796432&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 969
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 968 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2285), with no line terminators
Hash 6328c397e1532e8ba7c0f9d9a9719c3c
4a01292d4dd9b58cbc61725dcb66d4714086bec1
90122b6ad0dfa105d25f0038b6781e538d7bcc3689680a8730b39df0c83b677f
GET /pagead/viewthroughconversion/786635084/?random=1670487796375&cv=11&fst=1670487796375&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=802027307.1670487796&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 968
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 08:38:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8274b291596906eb3779dccb82ec41cb
b2ec554df1fa55e18a4316b76ac617dc626b7598
69129be0a1c2e3d1dfc602aea4ef004ea01b3bfa6c5863bd225843472f1bb7c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token
143.204.55.87200 OK 104 B URL HTTP/2 cdn.linkedin.oribi.io/partner/291554/domain/hungtingon.serveirc.com/token
IP 143.204.55.87:0
Hash f300e2a4e2aa8ab2dbe3727e273fe4dd
5aa7e29e67ba7e1c003ea9902d9e407e9ed1de33
aad40f368d389709abeef0de0ac56af4c39ef25c8a5aa91bc851e6088a4366a6
GET /partner/291554/domain/hungtingon.serveirc.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Thu, 08 Dec 2022 08:23:17 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SJbG82DW8qa_9gng0tcMWz1VnAnevvzJOFMIJTCwXFVHx2qNeb3DGg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2008%20Dec%202022%2008%3A23%3A16%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&enc=UTF-8&tagmgr=gtm%2Censighten
212.82.100.181200 OK 0 B URL HTTP/2 sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2008%20Dec%202022%2008%3A23%3A16%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&enc=UTF-8&tagmgr=gtm%2Censighten
IP 212.82.100.181:0
ASN #34010 Yahoo! UK Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sp.pl?a=10000&d=Thu%2C%2008%20Dec%202022%2008%3A23%3A16%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&enc=UTF-8&tagmgr=gtm%2Censighten HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:23:17 GMT
expires: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: application/x-javascript
accept-ranges: bytes
content-length: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPWekWMCEE8IcUepOZJJOG0h_OS-D9QFEgEBAQHwkmObYwAAAAAA_eMAAA&S=AQAAApTlCgf-l36IlpgzFMMdkqk; Expires=Fri, 8 Dec 2023 14:23:17 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&rl=&if=false&ts=1670487796686&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1670487796684.882204831&it=1670487796402&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=a151289a-5a5a-45d4-8547-9be5d7ca5f22&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&rl=&if=false&ts=1670487796686&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1670487796684.882204831&it=1670487796402&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=a151289a-5a5a-45d4-8547-9be5d7ca5f22&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&rl=&if=false&ts=1670487796686&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1670487796684.882204831&it=1670487796402&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=a151289a-5a5a-45d4-8547-9be5d7ca5f22&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 08:23:17 GMT
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1670487796416&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3681601466&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQIKqN-qZ34eFwAAAYTw1O4C3zvlr3TLqppxvNTORxMxfGz9J2PhLSX3xXu30Ev-5cBUAII-rpW1tA; Max-Age=2592000; Expires=Sat, 07 Jan 2023 08:23:17 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIUVv9104ycHgAAAYTw1O4CAbyJ3BD19tESNE9AvogleZNhmCjPYw7iF9yWRqdajEDaPWe8U0xhM19aPckioA; Max-Age=2592000; Expires=Sat, 07 Jan 2023 08:23:17 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&4b7d605f-eaee-4bdf-8797-3dcc92dff8fd"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Dec-2023 08:23:17 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2392:u=1:x=1:i=1670487797:t=1670574197:v=2:sig=AQGXNl2QlJLkaq4FlMKszpoJTiajyYvz"; Expires=Fri, 09 Dec 2022 08:23:17 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXvTL/BkkInJWlB4VTNrQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 793A150653A64F2DB8E7AB5394B80E07 Ref B: OSL30EDGE0217 Ref C: 2022-12-08T08:23:17Z
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 0
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1670487796432&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=590188933&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849073348/?random=1670487796391&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1504173547&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849073348/?random=1670487796391&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1504173547&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1670487796391&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1504173547&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1670487796375&cv=11&fst=1670486400000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2858718718&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 08:23:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:23:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1670487796314%26url%3Dhttps%253A%252F%252Fhungtingon.serveirc.com%252Fvfy%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%2526session%253D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hungtingon.serveirc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&2b17c3f3-6341-4663-8b56-9317912e7a83"; Domain=.linkedin.com; Expires=Fri, 08-Dec-2023 08:23:17 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202212080823170ce418ff-87fb-4cbc-8a00-1d144a9659abAQFtsm8e-EXEAcEz0izOOYzGBoFr9fBl"; Domain=.www.linkedin.com; Expires=Fri, 08-Dec-2023 08:23:17 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzA0ODc3OTc7MjswMjH2hsFifQFJ4iA5kBI3ar9pwxvyeNxnxReBXw0co3qnpA==; Domain=.linkedin.com; Expires=Tue, 06 Jun 2023 08:23:17 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2450:u=1:x=1:i=1670487797:t=1670574197:v=2:sig=AQFSFXsE8FQDFY3or55xbGwZ8sMlDxPH"; Expires=Fri, 09 Dec 2022 08:23:17 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com onyx.www.linkedin.com
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXvTL/EGM6jtd/drr+LhQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 5CCB948D85214FBB88BA67A05CDA06F7 Ref B: OSL30EDGE0217 Ref C: 2022-12-08T08:23:17Z
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1670487796314&url=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hungtingon.serveirc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&744b8f88-a68a-4eab-835a-10fdb585c222"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Dec-2023 08:23:17 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2432:u=1:x=1:i=1670487797:t=1670574197:v=2:sig=AQEcY0cUGLzU59h5W0NrcLskxl22OOL1"; Expires=Fri, 09 Dec 2022 08:23:17 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXvTL/GxN614pqYZ49Ijw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 8E06D121D4224BB7A8E50617FA84FB44 Ref B: OSL30EDGE0217 Ref C: 2022-12-08T08:23:17Z
date: Thu, 08 Dec 2022 08:23:16 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 8a541c10ac474902624085bf2b0b05e1
117daf2204d51ba509228cfab320f6de36b8edd4
e41fe2f2a49964823cd193cdb1f6778481064eb98d339df36d06ecd6fdf466ec
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 08:23:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 20:09:34 GMT
Expires: Thu, 08 Dec 2022 20:09:34 GMT
ETag: "117daf2204d51ba509228cfab320f6de36b8edd4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273
34.203.147.81302 Found 0 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273
IP 34.203.147.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 08 Dec 2022 08:23:20 GMT
content-length: 0
location: https://trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273&try2=true
server: clinch
set-cookie: clinch-sid=a9efb644-f658-4363-b7b8-34c0257458a0; expires=Sun, 08 Dec 2024 08:23:20 GMT; domain=clinch.co; path=/; secure; samesite=none
X-Firefox-Spdy: h2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273&try2=true
34.203.147.81200 OK 79 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273&try2=true
IP 34.203.147.81:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 70c92fdbfdaad0989a68617939cf615c
4cc7e0778377d6e89b665e1741c798b9df21693a
3a2f25076dd3c45cd69196f5c15d3ae2678b208bc5f8ac053d54d4a1fb792006
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&version=3.4&a=1670487799273&try2=true HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hungtingon.serveirc.com/
Connection: keep-alive
Cookie: clinch-sid=a9efb644-f658-4363-b7b8-34c0257458a0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:23:20 GMT
content-type: text/html
content-length: 79
server: clinch
cache-control: no-store
x-robots-tag: none
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d63221bfad18bc76302aa82447ab2376
e3e80b2f3bd9729603da5342416e74a6007b8e34
7aa5721f358062550c450932d22f80617d3b833e9fb95731f8b47c75b9456a0c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7AA5721F358062550C450932D22F80617D3B833E9FB95731F8B47C75B9456A0C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=97
Expires: Thu, 08 Dec 2022 08:24:57 GMT
Date: Thu, 08 Dec 2022 08:23:20 GMT
Connection: keep-alive
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-5%24ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1;dtLatC=689;referer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852;visitID=SVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0;app=0bd76d7cc9264013;end=1
100.24.162.178200 OK 28 B URL HTTP/1.1 mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-5%24ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1;dtLatC=689;referer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852;visitID=SVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0;app=0bd76d7cc9264013;end=1
IP 100.24.162.178:0
File type ASCII text, with no line terminators
Hash b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028
POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-5%24ILMI6FSMABTS0U35LV4M1OKQR0PFJFI1;dtLatC=689;referer=https%3A%2F%2Fhungtingon.serveirc.com%2Fvfy%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852%26session%3D8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852;visitID=SVQRANLNMGCGPKRUHVGNIRHPPCUCCUDS-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3003
Origin: https://hungtingon.serveirc.com
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:20 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28
hungtingon.serveirc.com/vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
35.80.21.195200 OK 0 B URL HTTP/1.1 hungtingon.serveirc.com/vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
IP 35.80.21.195:0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /vfy/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download HTTP/1.1
Host: hungtingon.serveirc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hungtingon.serveirc.com/vfy/login.php?cmd=login_submit&id=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852&session=8325878c03992b755be20e33d647b8528325878c03992b755be20e33d647b852
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 08:23:14 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 09:18:46 GMT
Accept-Ranges: bytes
Content-Length: 182288
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript