Report - rogeredde.com/Huntington/

Report Overview

URL

rogeredde.com/Huntington/
IP

160.153.59.9

ASN

#398101 GO-DADDY-COM-LLC
Submitted

2022-11-27T04:25:37Z

Access
Tags

None
urlquery detections

Phishing - Huntington

Detections

urlquery

31
Network Intrusion Detection

0
Threat Detection Systems

61

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
fls.doubleclick.net (1)	436	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454	635	172.217.21.166
huntingtonbank.inq.com (2)	92998	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	802	5248	52.189.67.17
snap.licdn.com (1)	1044	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	297	4963	23.36.76.121
connect.facebook.net (1)	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370	28621	31.13.72.12
www.googletagmanager.com (6)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1941	47838	142.250.74.168
cdn.clinch.co (1)	7154	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382	5261	23.36.79.32
ocsp.pki.goog (16)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5488	11198	142.250.74.35
adservice.google.com (1)	76	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	578	870	142.250.74.66
www.google.tn (2)	31592	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1739	1514	142.250.74.99
px.ads.linkedin.com (1)	522	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	462	1092	13.107.42.14
www.facebook.com (1)	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	673	86573	31.13.72.36
mef957.dynatrace-managed.com (2)	107553	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1244	334	100.24.162.178
www.google.no (7)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5525	5299	142.250.74.35
googleads.g.doubleclick.net (4)	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3028	7414	142.250.74.98
ocsp.digicert.com (10)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3410	7815	93.184.220.29
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	34.216.88.5
ensighten.huntingtonbank.com (3)	91425	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1300	39050	52.51.219.145
players.brightcove.net (1)	3805	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397	113344	23.38.201.31
f1.media.brightcove.com (1)	21505	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	483	51934	151.101.86.27
media-lax1.inq.com (1)	41901	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408	402	35.186.193.174
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2372	34.102.187.140
www.google.com (3)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2114	2281	142.250.74.164
cdn.linkedin.oribi.io (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	972	982	54.230.111.8
rogeredde.com (73)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	25936	1782766	160.153.59.9
2782440.fls.doubleclick.net (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	462	897	142.250.74.70
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7089	23.36.76.226
www.huntington.com (29)	56151	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14061	587321	104.84.152.187
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	45968	34.120.237.76
adservice.google.no (1)	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	571	1064	216.58.211.2
trk.clinch.co (3)	5423	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1793	1245	3.216.85.62
ocsp.godaddy.com (1)	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340	2285	192.124.249.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	rogeredde.com/Huntington/	Huntington Bank

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-27	medium	rogeredde.com/Huntington/	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/f.txt	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/bat.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/serverComponent.php	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/jquery-3.4.1.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/82154ef468aff3ad267e57006a5dd605.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/ruxitagentjs_ICA27SVfjoqrux_10183200114120852.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/js	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/5151e22e	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/Bootstrap.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/inqChatLaunch10006663.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/oo_engine.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/f(1).txt	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/toolkit.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/f(2).txt	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/chat-fab.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/insight.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/fbevents.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/ytc.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/vtt.global.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/outdated.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/site-survey.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/sp.pl(1).download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/sp.pl.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/lockup.svg	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/121543311796381	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/eeb40badb221607a1bf7e89412ef77	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/muli-v11-latin-700.woff2	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/HuntingtonApexWeb-Medium.woff2	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/muli-v11-latin-300.woff2	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/HuntingtonApexWeb-Book.woff2	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/sp.pl.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/index.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/muli-v11-latin-600.woff2	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/dest5.html	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/nuanceChat.html	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/activityi.html	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/activityi(1).html	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/activityi(2).html	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/muli-v11-latin-700.woff	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/HuntingtonApexWeb-Medium.woff	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/HuntingtonApexWeb-Book.woff	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/site_10006663_default.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/ads-blocking-detector.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/muli-v11-latin-300.woff	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/muli-v11-latin-600.woff	Malware
2022-11-27	medium	rogeredde.com/Huntington/fonts/HuntingtonApexWeb-Bold.woff	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/icon_arrow-simple-right-lightgreen.svg	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/tcFramework.min.js.download	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/icon_arrow-simple-down-green.svg	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/icon_arrow-simple-right-green.svg	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/EHL_Black_HouseOnly.svg	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/logo-honeycomb.svg	Malware
2022-11-27	medium	rogeredde.com/akam/11/pixel_5151e22e	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/0	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/postToServer.min.html	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/0(1)	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/dc_pre=COLax8Lq_OgCFcHiGwodQuAFKA	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/dc_pre=CLzUyMLq_OgCFcxIGwod_Z0CmA	Malware
2022-11-27	medium	rogeredde.com/Huntington/index_files/dc_pre=CM6-vsLq_OgCFVKRGwod-FIBAA	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (194)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

150792cfc458af013998f4ef6bdf5f74

d5179b2dcb11d06f82606bf6eb6648319998d63e

72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4284
Expires: Sun, 27 Nov 2022 05:36:49 GMT
Date: Sun, 27 Nov 2022 04:25:25 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

15b59d5e62caedb4bec3ba6724906c1e

960f801e608a56fdd11449f4face29f62cad2b21

8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4555
Cache-Control: max-age=112898
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 04:25:25 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:47:03 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

d130218d0e2841f39c99610fe1a2ab90

29fbe1e177ee55c7a61ae0a206afff271cf5f945

6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 04:19:21 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 364
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

71f9c681a82440fd55e76c780a20e55d

3147768cfbcdd06e0c6e69684292e68e99917a80

5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3776
Expires: Sun, 27 Nov 2022 05:28:21 GMT
Date: Sun, 27 Nov 2022 04:25:25 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: 8DYADUdJh0ZS7DIBXr/CfIUe1DVVt5cShJ4swzQS3IVs5y4DQXl1a7uDk3w1iHW/SsOVyPVl5Zo=
x-amz-request-id: BPEQYCAHY2D1RDZ1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 03:44:29 GMT
age: 2456
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 04:25:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

rogeredde.com/Huntington/

160.153.59.9

200 OK

76254

URL HTTP/1.1

rogeredde.com/Huntington/
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (65462)

Size

76254
Hash

1e1f390731720c002caf1f9a21bb4131

bce599cc78dc22ee48bcac16c2660f878d1070d6

81dd617cae297d38c20d6ff932f3bf9df744051c2c7f9c2587cdc0d967b00514

Detections

Analyzer	Verdict	Alert
openphish	Huntington Bank
fortinet	Malware

HTTP Headers

                                        GET /Huntington/ HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:24 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

rogeredde.com/Huntington/index_files/f.txt

160.153.59.9

200 OK

10652

URL HTTP/1.1

rogeredde.com/Huntington/index_files/f.txt
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (2178)

Size

10652
Hash

ddbb0a7f7037e21adde4a759f83a0bb1

937d8afdb8d5f275c5e68b165cc5f990f3378cc4

3268fbdfd056ac918332b09f134454d672046a38069d92c14c0fdd35946f33b2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/f.txt HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Apr 2020 05:07:36 GMT
ETag: "1801ce9-6f48-5a3ee3a1bd600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10652
Keep-Alive: timeout=5
Content-Type: text/plain

rogeredde.com/Huntington/index_files/bat.js.download

160.153.59.9

200 OK

7626

URL HTTP/1.1

rogeredde.com/Huntington/index_files/bat.js.download
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (25365), with no line terminators

Size

7626
Hash

1dc0094864b6f9f5a7c3c524167fb53d

1e05c2b3501d65e749ddcc5e0817b1b76a16fe11

4c8dbc5108d18eeebdae208cde39342f3ccbd43adb684d7bbe44024789b97e85

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/bat.js.download HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801cdc-6315-5a3ee3a3a5a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7626
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript

rogeredde.com/Huntington/index_files/serverComponent.php

160.153.59.9

200 OK

245

URL HTTP/1.1

rogeredde.com/Huntington/index_files/serverComponent.php
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (317)

Size

245
Hash

a7309779c48b334d766b986aecf5cddb

714a41e74edf262392c590e60e6eef99869d307a

49fd8d1bdd49f9207bc8dfe11bbd93dbaebd3b51218a2e294786703797a6554d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/serverComponent.php HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 245
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8

rogeredde.com/Huntington/index_files/jquery-3.4.1.min.js.download

160.153.59.9

200 OK

30677

URL HTTP/1.1

rogeredde.com/Huntington/index_files/jquery-3.4.1.min.js.download
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (65451)

Size

30677
Hash

c65598a79e692c79f732ea0b099f9da7

5459de784144478c4a5088437bf5da4690dbae5f

653cc57da3a15e7ba824119d448c287f3c1a9a0afb400970ed3658d48765984a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/jquery-3.4.1.min.js.download HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801cf4-15851-5a3ee3a3a5a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30677
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript

rogeredde.com/Huntington/index_files/82154ef468aff3ad267e57006a5dd605.js.download

160.153.59.9

200 OK

29043

URL HTTP/1.1

rogeredde.com/Huntington/index_files/82154ef468aff3ad267e57006a5dd605.js.download
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (1076)

Size

29043
Hash

258d9a6b0e50bab88eb3e346fc15daae

28412344159baa86ac64529a06af92283633c23c

198f34845c874d3b9dfc4a0b6112d10e24c465e3ed38c03e5dbe49301d8e7937

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/82154ef468aff3ad267e57006a5dd605.js.download HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801cd7-1ff13-5a3ee3a3a5a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 29043
Keep-Alive: timeout=5
Content-Type: application/javascript

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 04:11:12 GMT
cache-control: public,max-age=3600
age: 853
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

db6e0d3e826b5e702930cf39fbf804e1

de2e18ac2b0da7fd0d4a51ce0e0d7a592f46fd79

e6a8dfba7490716376cb4256d44f0a207b0c6042cd91865fa9473e5c92d195c5

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1713
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 04:25:25 GMT
Last-Modified: Sun, 27 Nov 2022 03:56:52 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

rogeredde.com/Huntington/index_files/ruxitagentjs_ICA27SVfjoqrux_10183200114120852.js.download

160.153.59.9

200 OK

61787

URL HTTP/1.1

rogeredde.com/Huntington/index_files/ruxitagentjs_ICA27SVfjoqrux_10183200114120852.js.download
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (1626)

Size

61787
Hash

e91117c9f071fd0b599a36cffbf12b28

a9f2a2affa25fe413b0924bcb7e4850f99e04f83

05f6632a7fb7a425097538c45fb8e8069066f365bc099e99db834350bb9b8344

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/ruxitagentjs_ICA27SVfjoqrux_10183200114120852.js.download HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801cfe-27f76-5a3ee3a3a5a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

db6e0d3e826b5e702930cf39fbf804e1

de2e18ac2b0da7fd0d4a51ce0e0d7a592f46fd79

e6a8dfba7490716376cb4256d44f0a207b0c6042cd91865fa9473e5c92d195c5

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1714
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 04:25:26 GMT
Last-Modified: Sun, 27 Nov 2022 03:56:52 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

db6e0d3e826b5e702930cf39fbf804e1

de2e18ac2b0da7fd0d4a51ce0e0d7a592f46fd79

e6a8dfba7490716376cb4256d44f0a207b0c6042cd91865fa9473e5c92d195c5

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6348
Cache-Control: max-age=167987
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 04:25:26 GMT
Etag: "6382bb1d-1d7"
Expires: Tue, 29 Nov 2022 03:05:13 GMT
Last-Modified: Sun, 27 Nov 2022 01:19:25 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

db6e0d3e826b5e702930cf39fbf804e1

de2e18ac2b0da7fd0d4a51ce0e0d7a592f46fd79

e6a8dfba7490716376cb4256d44f0a207b0c6042cd91865fa9473e5c92d195c5

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6348
Cache-Control: max-age=167987
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 04:25:26 GMT
Etag: "6382bb1d-1d7"
Expires: Tue, 29 Nov 2022 03:05:13 GMT
Last-Modified: Sun, 27 Nov 2022 01:19:25 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Book.woff2

104.84.152.187

200 OK

20592

URL HTTP/2

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Book.woff2
IP

104.84.152.187:0
ASN

#20940 Akamai International B.V.

Magic

Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data

Size

20592
Hash

a075767d12a8cc86d52367ef3aacec11

9aef8898e7a319ee5cbe08c5b0cec63512561d7d

e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555

HTTP Headers

                                        GET /Presentation/fonts/HuntingtonApexWeb-Book.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rogeredde.com
Connection: keep-alive
Referer: http://rogeredde.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
content-length: 20592
content-type: application/font-woff2
etag: "0f59ebaf2e3d81:0:dtagent10249220905100923HoHr"
last-modified: Wed, 19 Oct 2022 19:41:05 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-1319731539"
x-ua-compatible: IE=edge
cache-control: public, max-age=803262
expires: Tue, 06 Dec 2022 11:33:08 GMT
date: Sun, 27 Nov 2022 04:25:26 GMT
X-Firefox-Spdy: h2

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Medium.woff2

104.84.152.187

200 OK

19976

URL HTTP/2

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Medium.woff2
IP

104.84.152.187:0
ASN

#20940 Akamai International B.V.

Magic

Web Open Font Format (Version 2), TrueType, length 19976, version 1.131\012- data

Size

19976
Hash

3a077fd2bd5357dd3e08636baa59af5b

266784e6eb28365e3779a398e462193572b0278a

04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d

HTTP Headers

                                        GET /Presentation/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rogeredde.com
Connection: keep-alive
Referer: http://rogeredde.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
content-length: 19976
content-type: application/font-woff2
etag: "01efff054ccd81:0:dtagent10243220606153550wO3Q"
last-modified: Mon, 19 Sep 2022 18:23:39 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1522232364"
x-ua-compatible: IE=edge
cache-control: public, max-age=2208498
expires: Thu, 22 Dec 2022 17:53:44 GMT
date: Sun, 27 Nov 2022 04:25:26 GMT
X-Firefox-Spdy: h2

rogeredde.com/Huntington/index_files/toolkit.min.css

160.153.59.9

200 OK

49986

URL HTTP/1.1

rogeredde.com/Huntington/index_files/toolkit.min.css
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

49986
Hash

332f06299852a29d4b0ae5eeea6c61d6

a215cf87d3d87067033565f03789df494e07a5b5

e39ddb994de71b366a95aa53fa91f857c157e9a3c1c4555a21d80bbd9a165bc1

HTTP Headers

                                        GET /Huntington/index_files/toolkit.min.css HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801d06-53e06-5a3ee3a3a5a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 49986
Keep-Alive: timeout=5
Content-Type: text/css

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Bold.woff2

104.84.152.187

200 OK

19712

URL HTTP/2

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Bold.woff2
IP

104.84.152.187:0
ASN

#20940 Akamai International B.V.

Magic

Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data

Size

19712
Hash

ee5e65624970575e475f375b29b0b22b

6e622749b6f7092e825eb7ed90b74c3d70fa43b9

deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215

HTTP Headers

                                        GET /Presentation/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rogeredde.com
Connection: keep-alive
Referer: http://rogeredde.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
content-length: 19712
content-type: application/font-woff2
etag: "09cbc8223f9d81:0:dtagent10249220905100923HoHr"
last-modified: Tue, 15 Nov 2022 18:53:11 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1293310310", dtTao;desc="1"
x-ua-compatible: IE=edge
cache-control: public, max-age=2023165
expires: Tue, 20 Dec 2022 14:24:51 GMT
date: Sun, 27 Nov 2022 04:25:26 GMT
X-Firefox-Spdy: h2

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-MediumCaps.woff2

104.84.152.187

200 OK

18636

URL HTTP/2

www.huntington.com/Presentation/fonts/HuntingtonApexWeb-MediumCaps.woff2
IP

104.84.152.187:0
ASN

#20940 Akamai International B.V.

Magic

Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data

Size

18636
Hash

6bcfcbed1f0aa26a245423d2e4bcde4f

d17df2ba457e3009ee38db903b88671885c3984e

9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22

HTTP Headers

                                        GET /Presentation/fonts/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rogeredde.com
Connection: keep-alive
Referer: http://rogeredde.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
content-length: 18636
content-type: application/font-woff2
etag: "0f59ebaf2e3d81:0:dtagent10243220606153550xoQJ"
last-modified: Wed, 19 Oct 2022 19:41:05 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-591602681"
x-ua-compatible: IE=edge
cache-control: public, max-age=365664
expires: Thu, 01 Dec 2022 09:59:50 GMT
date: Sun, 27 Nov 2022 04:25:26 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

d3df71aab146eefc49acb608796aab63

8401892995193919376dfcd798b09c8261579454

a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3799
Cache-Control: max-age=107084
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 04:25:26 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:10:10 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

rogeredde.com/Huntington/index_files/js

160.153.59.9

200 OK

81640

URL HTTP/1.1

rogeredde.com/Huntington/index_files/js
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (1571)

Size

81640
Hash

0e1b94c35c3e58f7059b59118be1c387

06ba4e408df4181416c1e5a7844411cbd7bc02a3

d5cbc3f2b867dbae56c27bf27417de0d73bba4a578d98d568c43ef92f7bad4b8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/js HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801cf5-13ee8-5a3ee3a3a5a80"
Accept-Ranges: bytes
Content-Length: 81640
Vary: Accept-Encoding
Keep-Alive: timeout=5

rogeredde.com/Huntington/index_files/5151e22e

160.153.59.9

200 OK

32829

URL HTTP/1.1

rogeredde.com/Huntington/index_files/5151e22e
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (19024)

Size

32829
Hash

0efa0e41898f378d45b2e935e65175ce

8c4205a8e2286045d4d6af9403025b658c538e1a

1d4cab71cdc96860f4a8e41483bba4d5ec05b02a68244c77750207d799210fcf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/5151e22e HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801cd6-803d-5a3ee3a3a5a80"
Accept-Ranges: bytes
Content-Length: 32829
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive

rogeredde.com/Huntington/index_files/Bootstrap.js.download

160.153.59.9

200 OK

71955

URL HTTP/1.1

rogeredde.com/Huntington/index_files/Bootstrap.js.download
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (598)

Size

71955
Hash

b9a9ee058db1369d0ac507f0a1b3fee5

6aaf614a617bd95fce7d356fe5ccc43ef2e3930e

80a2812ddef42c7d256742ee54ee7ab98e8bc749666d7fe1f30d6608e69c6d13

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/Bootstrap.js.download HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:25 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 05:07:38 GMT
ETag: "1801cdd-37337-5a3ee3a3a5a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

rogeredde.com/Huntington/index_files/inqChatLaunch10006663.js.download

160.153.59.9

200 OK

6554

URL HTTP/1.1

rogeredde.com/Huntington/index_files/inqChatLaunch10006663.js.download
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (999)

Size

6554
Hash

5761170a95b5babdfade32dc33c591d0

434925d2de01f207b781a57d23938d6b0cab55da

7e44c026b2d84ce96a5c9d49157d2fa7c9187aaa2a4ec509e39a1f57972f8ffa

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/inqChatLaunch10006663.js.download HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:26 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 05:07:40 GMT
ETag: "1801cf1-5907-5a3ee3a58df00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6554
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript

rogeredde.com/Huntington/index_files/site-survey.min.css

160.153.59.9

200 OK

1129

URL HTTP/1.1

rogeredde.com/Huntington/index_files/site-survey.min.css
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (4339)

Size

1129
Hash

c97510fa2447d28179e86c812f2892bd

d4155ed2082d208adf94015e89d43bc21298c0c8

add0f1dac2edc2fc4763afcbb2b339ea2915caec1042da78d3d1d92057901681

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Huntington

HTTP Headers

                                        GET /Huntington/index_files/site-survey.min.css HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

                                        HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 04:25:26 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 05:07:40 GMT
ETag: "1801d00-1124-5a3ee3a58df00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1129
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css

rogeredde.com/Huntington/index_files/oo_engine.min.js.download

160.153.59.9

200 OK

12200

URL HTTP/1.1

rogeredde.com/Huntington/index_files/oo_engine.min.js.download
IP

160.153.59.9:0
ASN

#398101 GO-DADDY-COM-LLC

Magic

ASCII text, with very long lines (45689), with no line terminators

Size

12200
Hash

9d8d80f46837530c71fa8449b9aec510

b4850e30e1fe309f101105855ab68ca56a952e14

e1393b00479b28628ce57eeceaf884ef3c7bfc484f0c273b560996e952614d1a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /Huntington/index_files/oo_engine.min.js.download HTTP/1.1
Host: rogeredde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rogeredde.com/Huntington/

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (70)

#1 JS:Script (size: 2385)

#2 JS:Script (size: 32829)

#3 JS:Script (size: 20751)

#4 JS:Script (size: 33)

#5 JS:Script (size: 14797)

#6 JS:Script (size: 2029)

#7 JS:Script (size: 22791)

#8 JS:Script (size: 130835)

#9 JS:Script (size: 113219)

#10 JS:Script (size: 2031)

#11 JS:Script (size: 2481)

#12 JS:Script (size: 26)

#13 JS:Script (size: 41975)

#14 JS:Script (size: 26)

#15 JS:Script (size: 137948)

#16 JS:Script (size: 0)

#17 JS:Script (size: 537090)

#18 JS:Script (size: 2385)

#19 JS:Script (size: 2363)

#20 JS:Script (size: 66005)

#21 JS:Script (size: 26)

#22 JS:Script (size: 138826)

#23 JS:Script (size: 299984)

#24 JS:Script (size: 28488)

#25 JS:Script (size: 444852)

#26 JS:Script (size: 88145)

#27 JS:Script (size: 447594)

#28 JS:Script (size: 1147)

#29 JS:Script (size: 183142)

#30 JS:Script (size: 16553)

#31 JS:Script (size: 19682)

#32 JS:Script (size: 14425)

#33 JS:Script (size: 318)

#34 JS:Script (size: 21391)

#35 JS:Script (size: 226103)

#36 JS:Script (size: 3578)

#37 JS:Script (size: 25365)

#38 JS:Script (size: 7541)

#39 JS:Script (size: 47055)

#40 JS:Script (size: 962)

#41 JS:Script (size: 26)

#42 JS:Script (size: 6887)

#43 JS:Script (size: 12962)

#44 JS:Script (size: 146)

#45 JS:Script (size: 178273)

#46 JS:Script (size: 81640)

#47 JS:Script (size: 2383)

#48 JS:Script (size: 45689)

#49 JS:Script (size: 203805)

#50 JS:Script (size: 6684)

#51 JS:Script (size: 994987)

#52 JS:Script (size: 7630)

#53 JS:Script (size: 2031)

#54 JS:Script (size: 163702)

#55 JS:Script (size: 26)

#56 JS:Script (size: 2031)

#57 JS:Script (size: 144670)