| xecureusaa.com/ | 104.16.244.78 | 301 Moved Permanently | 0 B |
IP104.16.244.78:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET / HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Feb 2023 02:09:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 09 Feb 2023 03:09:29 GMT
Location: https://xecureusaa.com/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7969102e1d681c02-OSL
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb7407cc102d62a5acd5e61f8a79bed36 c2f4890a62454e514962b55b7fc14228339c8e90 be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3417
Expires: Thu, 09 Feb 2023 03:06:26 GMT
Date: Thu, 09 Feb 2023 02:09:29 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash565c1bbc5c1c40be1988b3bf6fd9dc1a cfdba5bc597130461dd67bf6cda53183be592493 60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11649
Expires: Thu, 09 Feb 2023 05:23:38 GMT
Date: Thu, 09 Feb 2023 02:09:29 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashcc14b0d2f7c451f6431dc87ba54d1d60 bab8bfda6fa3e2f17125353f5147211787dc25d0 b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19438
Expires: Thu, 09 Feb 2023 07:33:27 GMT
Date: Thu, 09 Feb 2023 02:09:29 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashbf0c602d32b3c14606f22a86183b5e3c 6eabd8d83475eba731968abe1a05a8bfd272f160 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 01:34:15 GMT
content-type: application/json
age: 2114
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashe76071a28ee566dababb3834f46d68ed aebb4e68c1ba2de0f90025283e8ed8470944fde0 78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JzZSV7kqHIsdNpzYQ5pfz62NcJKW/UJAxWKdY9OlARv09rtphqeRXtcWIYWE96ARblY9HJ/YzLXD0brrLAY0ig==
x-amz-request-id: HX3JF7VT0T251CW2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 01:46:11 GMT
age: 1398
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 02:09:29 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 278 B |
IP93.184.220.29:0
Hashc624890df7b4f632297bae28915fde5c 3afbdf9ab32b4bbbc81a402572087e817c5c0219 429dd754984b7b50266ee46f01f2a72a6f8b65fe21bd210f1266c1f055f0f8fc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=147932
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:09:29 GMT
Etag: "63e3f4b5-116"
Expires: Fri, 10 Feb 2023 19:15:01 GMT
Last-Modified: Wed, 08 Feb 2023 19:15:01 GMT
Server: nginx
Content-Length: 278
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 01:14:53 GMT
age: 3277
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash248ce16379b12f11927ecc3142aec450 fa5b189f2d9182479170cb61cc1723571e437bd2 a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2454
Expires: Thu, 09 Feb 2023 02:50:24 GMT
Date: Thu, 09 Feb 2023 02:09:30 GMT
Connection: keep-alive
|
|
| push.services.mozilla.com/ | 54.149.190.160 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.149.190.160:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TshT9aox1zfJKetrbyv0YQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: C1VNqFJsf5UxI4gRjRW9WSAxWKk=
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8045
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 02:09:31 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8045
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 02:09:31 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8045
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 02:09:31 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8045
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 02:09:31 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8045
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 02:09:31 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg | 34.120.237.76 | 200 OK | 6.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashe6c45da743665658afcfbf2309e1594b 04d025452dcec571f3eb6068499290d86e0c4c30 3ddfcf83ea18ba20700364c7095750a142a15575c988ba5688ed2f4dbbba4ee8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6471
x-amzn-requestid: ab4c8119-a2f0-4b3d-bbed-b34c5a0a7a30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGaGsjoAMFmZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f5-7298e0530bee8f997b552e6e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qxzdVgRauaFA1GnS6m2WJr7zkXVIpFUNZN0r_mdAQvkDu4nzYanjzQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:10:41 GMT
age: 14330
etag: "04d025452dcec571f3eb6068499290d86e0c4c30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg | 34.120.237.76 | 200 OK | 4.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash113363afa7cfd484dbc115a9f44c1723 2f9dfb845aa919a51a0b5fa9a824ac4845f669be a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R_VDTHUaRhwthD0THsWg42L1OF7lZAX3ENsTfV0U7kkn9o0x-mQ_9g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 13:53:53 GMT
age: 44138
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/chunks/378-7f91520e427c4e29.js | 104.16.243.78 | 200 OK | 23 kB |
URL HTTP/2xecureusaa.com/_next/static/chunks/378-7f91520e427c4e29.js IP104.16.243.78:0
File typeASCII text, with very long lines (23757) Hash08908bf8e58ced62e0b53735b9a8ebcc d006b2b72ea7586ba344fa75fa7f695ca805f509 5a322df55ba43d5c27f838a3a316b41460f0408f62293c73a537ddfbc5f00784
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/chunks/378-7f91520e427c4e29.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"b13a-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039bebab523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg | 34.120.237.76 | 200 OK | 7.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash5fc553a8677d9c0bf4835a0c29a7345c ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8 e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: a900a5b4-85cd-4817-8e70-2516eb33a0a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fox8IHMuIAMFdHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c9e7-1122726b315a7c5623d1ff3f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 02:09:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0giOb6VA3jgf_3ep6DqSBrFhYz8aBNWTjxpitvm9NWe2oNQlJ5UbEA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:09:32 GMT
age: 14399
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/chunks/pages/my/logon-d1434cbf4a679a0f.js | 104.16.243.78 | 200 OK | 42 kB |
URL HTTP/2xecureusaa.com/_next/static/chunks/pages/my/logon-d1434cbf4a679a0f.js IP104.16.243.78:0
File typeASCII text, with very long lines (65536), with no line terminators Hashf35f936b671439e8c5a164a5a8aa3b90 22369a09e7f3f80be5537d79023ae3e55c4642ec 360f76d73f1fed64b7395c55c8f73be46d81336b923e6ff0d254fe69a08dce1b
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/chunks/pages/my/logon-d1434cbf4a679a0f.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"24268-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039cebdb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb11f9f70f5e8af4de6d9fc5b9f50ccbe 753cb08c3f8c7c0750d113253790a08db01986bc d4b77ba995ea274fd169fc9bc66919b23e72a8edb88d6184bf3d7f3ab398c645
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11036
x-amzn-requestid: 4bd4976c-9500-4d6d-a447-dd2873987d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswexHCYIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-61d430202cbbf52823f38c49;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3U29-_iFXSAoG74d9-pJmmWfVbO6f2Y91lLvi7nXxgNYWKNvbFTRyQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 08:48:54 GMT
age: 62437
etag: "753cb08c3f8c7c0750d113253790a08db01986bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/fonts/C1B705B7AD8D5B4C6.woff2 | 104.16.243.78 | 200 OK | 23 kB |
URL HTTP/2xecureusaa.com/fonts/C1B705B7AD8D5B4C6.woff2 IP104.16.243.78:0
File typeWeb Open Font Format (Version 2), TrueType, length 22828, version 1.19726\012- data Hash085f40d84a8004717ea42b286d93b0e4 d7ff2c4d9fd27ea536ab3dcd220cea2fa0076497 8ca92c098205eebe75921badb282e0219fba6b69f74f71a06afc6e4521462ecf
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /fonts/C1B705B7AD8D5B4C6.woff2 HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: font/woff2
content-length: 22828
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"592c-49773873e8"
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7969103a1eefb523-OSL
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/chunks/107-add5848df9a737ae.js | 104.16.243.78 | 200 OK | 50 kB |
URL HTTP/2xecureusaa.com/_next/static/chunks/107-add5848df9a737ae.js IP104.16.243.78:0
File typeUnicode text, UTF-8 text, with very long lines (39754) Hash7de0fb3ef1aab3f7e7c45b710b7980db 8fb7c65f8a5e8133fc5d754df2fbc046b4f76931 5c225c5dc80dba4d180af8c65314822f7cc9d990399016c1dc6ef16fb68b34b2
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/chunks/107-add5848df9a737ae.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"138fb-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039bebbb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/ | 104.16.243.78 | 307 Temporary Redirect | 61 kB |
IP104.16.243.78:0
Hasha18a0a59e45145ab6b20d2ea4fa0bf6d 3550dadd1151d399dadfba80ac5a293ef960fe68 769d2cd07ed33e8fa72388251031244b0fc7e33c60eb02e5f845298827caf17e
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET / HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
date: Thu, 09 Feb 2023 02:09:30 GMT
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
location: /my/logon
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 307
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 796910317a34b523-OSL
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/chunks/webpack-bb469f829a664d48.js | 104.16.243.78 | 200 OK | 23 kB |
URL HTTP/2xecureusaa.com/_next/static/chunks/webpack-bb469f829a664d48.js IP104.16.243.78:0
File typeASCII text, with very long lines (2193), with no line terminators Hash138c890fc9c1fd2069d1ef95a8c21050 1fc83419902495c94d66175f859f3cab176556d1 c18f2c11b77653da4eeefe7da05d80a1ac4907c651ff2f49c3d2c0f0a79fa768
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/chunks/webpack-bb469f829a664d48.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"891-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039beb5b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/fonts/12C383965421BC56F.woff2 | 104.16.243.78 | 200 OK | 14 kB |
URL HTTP/2xecureusaa.com/fonts/12C383965421BC56F.woff2 IP104.16.243.78:0
File typeWeb Open Font Format (Version 2), CFF, length 14408, version 1.13173\012- data Hash9cfc4e859f5ef4d0ab77df4f8698a7ab 1aa7edc7b3e7da125452b7fad636ef42fb723373 dbcf49bfa4184ed509854e05cd53df0426b5ea1856f6f4aad1f93b2d355d7e1c
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /fonts/12C383965421BC56F.woff2 HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: font/woff2
content-length: 14408
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"3848-49773873e8"
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7969103a1ef0b523-OSL
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/chunks/443-62dd299028d36af5.js | 104.16.243.78 | 200 OK | 29 kB |
URL HTTP/2xecureusaa.com/_next/static/chunks/443-62dd299028d36af5.js IP104.16.243.78:0
File typeASCII text, with very long lines (18726), with no line terminators Hash1c4a556c2816aac2950e058bfec1519e 4c6b540dc9529eef1a0a3d9abded9c552f2721fc 732d92235237c3dc098495f5947d0f6c2fb1360adb05bb8dfd6b770fe72f9745
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/chunks/443-62dd299028d36af5.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4926-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039bebcb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/chunks/main-3123a443c688934f.js | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2xecureusaa.com/_next/static/chunks/main-3123a443c688934f.js IP104.16.243.78:0
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/chunks/main-3123a443c688934f.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"199f6-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039beb7b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/SnCK853SShVKpd7mPMmEl/_ssgManifest.js | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2xecureusaa.com/_next/static/SnCK853SShVKpd7mPMmEl/_ssgManifest.js IP104.16.243.78:0
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/SnCK853SShVKpd7mPMmEl/_ssgManifest.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4c-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039cec1b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/my/logon | 104.16.243.78 | 200 OK | 0 B |
IP104.16.243.78:0
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /my/logon HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 79691034ebf5b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/css/7c01fc0737b1c331.css | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2xecureusaa.com/_next/static/css/7c01fc0737b1c331.css IP104.16.243.78:0
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | |
GET /_next/static/css/7c01fc0737b1c331.css HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"16a9-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039beb4b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/favicon.ico | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2xecureusaa.com/favicon.ico IP104.16.243.78:0
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | |
GET /favicon.ico HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:32 GMT
content-type: image/x-icon
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"1cee-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 7969103e8964b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/chunks/pages/_app-3f4ecf471eb01eda.js | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2xecureusaa.com/_next/static/chunks/pages/_app-3f4ecf471eb01eda.js IP104.16.243.78:0
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/chunks/pages/_app-3f4ecf471eb01eda.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4cc-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039beb8b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| xecureusaa.com/_next/static/SnCK853SShVKpd7mPMmEl/_buildManifest.js | 104.16.243.78 | 200 OK | 0 B |
URL HTTP/2xecureusaa.com/_next/static/SnCK853SShVKpd7mPMmEl/_buildManifest.js IP104.16.243.78:0
Analyzer | Verdict | Alert | openphish | United Services Automobile Association | | fortinet | Phishing | |
GET /_next/static/SnCK853SShVKpd7mPMmEl/_buildManifest.js HTTP/1.1
Host: xecureusaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xecureusaa.com/my/logon
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:09:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"888-49773873e8"
vary: Accept-Encoding
x-do-app-origin: 900c5c5f-d19b-485b-ba14-86a7e0f5009d
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 79691039cebfb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|