Report - www.americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

Report Overview

Submitted URL
www.americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq
IP
107.161.23.11
ASN
#3842 RAMNODE
Submitted
2022-11-29 04:38:12
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.161.230.192
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
americantaxcredit.co	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.0 kB	135 kB	107.161.23.11
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
www.americantaxcredit.co	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	503 B	509 B	107.161.23.11
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	www.americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-29	medium	www.americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	Phishing
2022-11-29	medium	americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	Phishing
2022-11-29	medium	americantaxcredit.co/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4	Phishing
2022-11-29	medium	americantaxcredit.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.7.5	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.9.2	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1	Phishing
2022-11-29	medium	americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css?ver=6.1.1	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	americantaxcredit.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-23
Pretty URL americantaxcredit.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-23 00:53:38 Times Seen68558 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	americantaxcredit.co/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1	19 kB	2023-03-07	2024-04-22
Pretty URL americantaxcredit.co/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-22 15:34:31 Times Seen38020 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	americantaxcredit.co/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2	17 kB	2023-03-07	2024-04-09
Pretty URL americantaxcredit.co/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:33 Last Seen2024-04-09 02:22:09 Times Seen1022 Hash 423e4eab18767461cb68a11c5b2a0cb4 d5c17c5fbecfe815e7c27347155158e90e9fb709 d6a23f9c4dec2f455c8e2340a99ad4db01a1d538bb1f2537bab3991ec64e14c7 Loading...

	americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1	8.1 kB	2023-03-07	2024-04-21
Pretty URL americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:30:33 Last Seen2024-04-21 16:00:55 Times Seen2792 Hash e3317d55ad904d30ea400a2da2a56686 b998595f2c96f76ba65a808ac4029d66021195b4 ecac4fc801141ce552220be4bb12969e2ee625e2cf08cf0edbac579a279b28f1 Loading...

	americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	108 B	2023-03-11	2023-03-11
Pretty URL americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:09:19 Last Seen2023-03-11 22:14:43 Times Seen1 Hash 831ea6b2fbe12d87b213079a81d47077 49cbe88d24ddd421598ce583502f176a0b495260 b014bd2faa617ce0a2ad8960c98cd79219a1aeb300a0ab230f822fbdb217c192 Loading...

	americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	87 B	2023-03-11	2023-03-11
Pretty URL americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:09:19 Last Seen2023-03-11 22:14:43 Times Seen1 Hash 31c6c67780aa0279e4adea4fbdceba96 8b08a691838739638319b3bf4312c2cb1bae2c6a 98e5e6136ff79e293f7c264f8ebd9fa1805e2d012acefa44a58691ff6d9f122c Loading...

	americantaxcredit.co/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3	12 kB	2023-03-07	2024-04-18
Pretty URL americantaxcredit.co/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:48 Last Seen2024-04-18 13:36:03 Times Seen2049 Hash 3f3fc23f477a3849aa5677c585b2a2b4 ccf0865ebd37f76c450c7a377a86ff2448288db3 985fdd42398281348ca133a44750a56fe4909a806b9c075c9443a5d0bd6d2e51 Loading...

	americantaxcredit.co/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3	9.7 kB	2023-03-07	2024-04-18
Pretty URL americantaxcredit.co/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:47 Last Seen2024-04-18 13:36:03 Times Seen1717 Hash 490c29d6776fc430c23403fd845b34b0 817129906b7fef1011895a76f047c7693a852e21 29e8de26576208c07ba0845f604e65c9273b93f9f4d1d66214eb4c586f9938c4 Loading...

	americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4	8.0 kB	2023-03-07	2024-04-18
Pretty URL americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-18 13:36:03 Times Seen327 Hash a889ab4fcd44175db4bf271c83c50d37 dd57bf2e29b28491b610fcb758d8ab53f3c6649d d2f2fe7e10c8a8cf933afea3f0fb4a89cf74262405024cd908e7d59f5f03c16c Loading...

	americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	47 B	2023-03-07	2024-04-22
Pretty URL americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-22 09:02:48 Times Seen2002 Hash 2c51b5be11f71c5e12aff7f05787fdfd 5e99384e82d66bdfa4db7c8b43a9066c2896e46d f305ca5823e9ef3bf3cdd312369057a018addabb859d129e07543349fdd74d35 Loading...

	americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	198 B	2023-03-11	2023-03-11
Pretty URL americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:09:19 Last Seen2023-03-11 22:14:43 Times Seen1 Hash 76e4ef231e6ec61ebb63db2f2a0a1de5 5d562b2a82fa4dbc70b02a0f0299607e4adf33ea 0bc44236fa27c853856d145dfb6a0291d12184b434b49d7e13ec729ff52b446a Loading...

	americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	2.2 kB	2023-03-11	2023-03-11
Pretty URL americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:09:19 Last Seen2023-03-11 22:14:43 Times Seen1 Hash 3285bc837262a4bd5c2f41132436e5fc abdb3823d7ea92d693c34f616fe9ad9301294fc7 3ac6540bc51f830af9d08126a1a96af4b38480642c9930febf170f2f6bf81d5c Loading...

	americantaxcredit.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	90 kB	2023-03-08	2024-04-21
Pretty URL americantaxcredit.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-04-21 21:18:40 Times Seen31789 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq	333 B	2023-03-07	2024-04-22
Pretty URL americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq IP 107.161.23.11 ASN #3842 RAMNODE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-22 23:08:01 Times Seen7458 Hash 3688fd64c409264431201fa55a828e81 2b7eeefaa1edf3a7621f7576b35b01c895ef5367 944433761a880eab1d567dd5389499af76aa03582c82a8aa88838e3c6c2134c6 Loading...

HTTP Transactions (38)

URL IP Response Size

www.americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

107.161.23.11

301 Moved Permanently

0 B

URL HTTP/1.1
www.americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq HTTP/1.1
Host: www.americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq
content-length: 0
date: Tue, 29 Nov 2022 04:38:01 GMT
server: LiteSpeed

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4442
Expires: Tue, 29 Nov 2022 05:52:03 GMT
Date: Tue, 29 Nov 2022 04:38:01 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4403
Cache-Control: max-age=112003
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 04:38:01 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:44:44 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2164
Expires: Tue, 29 Nov 2022 05:14:05 GMT
Date: Tue, 29 Nov 2022 04:38:01 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 04:19:35 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1106
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: jkrqTxpkz4nChcHIRFxtjngabOlYF14AxN/UQUNJA3ke0ZOXL3vrD0ji6YMYjV5FFdzpCDJ2ZsE=
x-amz-request-id: XZE1SG39HEJXZTJM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 03:42:21 GMT
age: 3340
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 04:38:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

107.161.23.11

404 Not Found

16 kB

URL HTTP/1.1
americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (40089), with CRLF, LF line terminators
Size
16 kB (15730 bytes)
Hash
b4764f80d7b2c935daf784c75e10a386
1a5187da7e204e8733521d18d1fd906925b5186e
8490995f945b6294aba98e5e367928607a9ff461f038480a54b992cd53c413ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://americantaxcredit.co/wp-json/>; rel="https://api.w.org/"
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Tue, 29 Nov 2022 04:38:01 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.2

107.161.23.11

200 OK

8.0 kB

URL HTTP/1.1
americantaxcredit.co/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.2
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (38375)
Size
8.0 kB (7970 bytes)
Hash
7c6a576e922be6c4316bd1cc5489fa0c
b7153f1f3d9c744da97c2c3e10aedd76217b7ffa
ec16b846732c97bc9dbf062c9ab1b549daa7d57e4590aada69ae633be877aa16

HTTP Headers

GET /wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.2 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 21:10:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 7970
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2252
Cache-Control: max-age=104785
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 04:38:02 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:44:27 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

americantaxcredit.co/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

107.161.23.11

200 OK

12 kB

URL HTTP/1.1
americantaxcredit.co/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (47826)
Size
12 kB (12489 bytes)
Hash
45b3843596f3eda24398e2c1f68ee268
4ad9a0e6ed85ca57c5d134aa5ca546e19910640d
f2784720bca9efcc4c4c3ab35d5fa3b523eb1915acc04a53273559907d352e36

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: text/css
last-modified: Tue, 15 Nov 2022 23:43:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 12489
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3

107.161.23.11

200 OK

972 B

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text
Size
972 B (972 bytes)
Hash
e355e7e30d2cbeebefa6977790886c3a
eccf1c43237a1de702ae36722813fa10d580dd4e
49d452b612934ceb8ce12bfadb85dac2f573d458337a9ae0da76705a8ae8b018

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 21:25:20 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 972
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4

107.161.23.11

200 OK

824 B

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (3432)
Size
824 B (824 bytes)
Hash
37b0886047bd869e153fd52867989cc7
583982bd616e700f82579a80a032d832d91c4735
46fbb61abcc2c019348932157a9fa3fda895a983b5fe0b950701cf85da7dd954

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 21:23:45 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 824
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

107.161.23.11

200 OK

4.2 kB

URL HTTP/1.1
americantaxcredit.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (11126)
Size
4.2 kB (4168 bytes)
Hash
c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 14:36:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4168
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 04:08:56 GMT
cache-control: public,max-age=3600
age: 1746
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

americantaxcredit.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

107.161.23.11

200 OK

31 kB

URL HTTP/1.1
americantaxcredit.co/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31046 bytes)
Hash
cc5a8bfbf7d31fbc3022dc05e964a95c
81edda48c2c2c97bf79dea1ec91b89105e4ba00b
651c822702a9ac476c260fd37dccab6c3da8306ff6dd922e9d68cfa7863bfe42

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 10:27:04 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 31046
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

107.161.23.11

200 OK

5.0 kB

URL HTTP/1.1
americantaxcredit.co/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (15660)
Size
5.0 kB (5021 bytes)
Hash
848f9aadf194f3d024a2a90dbd11e3b5
aecd4b03b5a7829c6ca015d926798dc95e4fa912
36ff79b2f6827e46be1df95ff739e536718c0ee4fc09462678b32d7abd60fc6c

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 11:26:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5021
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2

107.161.23.11

200 OK

4.1 kB

URL HTTP/1.1
americantaxcredit.co/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (16935), with no line terminators
Size
4.1 kB (4067 bytes)
Hash
a20b7866f76a3ed0b7ded6a7322719ee
456b9b4cd94c6bb06b65ce8931e6e88235423dcb
91d80e72c39400d10ecefe4c6e290689a7fbdabc11e24b60f29e92b8ff68fee0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 21:10:48 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4067
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.7.5

107.161.23.11

200 OK

14 kB

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.7.5
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (65497)
Size
14 kB (14129 bytes)
Hash
3fb5e7d2bed102291017175cb1b840d4
fde0c100c95b31c9e9b7fd93058ead1a418cecb4
39ff109c2e8c6bea80caf1b6289a8c7e3cd02fdd053a9f2c561d0309a6f4e518

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.7.5 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 21:18:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 14129
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3

107.161.23.11

200 OK

3.9 kB

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
HTML document, ASCII text, with very long lines (12211), with no line terminators
Size
3.9 kB (3925 bytes)
Hash
a71f31ad8ab59495c235f70e11af94d5
dd92f0033787042cdc33b4f7a738cc1a8f1aaea2
02de035caef83e16f5631660c82c3c61e69e4a919f32552131136b5762dbe846

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 21:25:20 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3925
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3

107.161.23.11

200 OK

2.9 kB

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (9680), with no line terminators
Size
2.9 kB (2929 bytes)
Hash
be8270d30953f83f3137e2c7121e3656
1bbc1d1a19f27b4dd66c838214bf196862307078
9506efdf97a3132894069273b42fff14928e25579be11b57b3ab03aa426e1e23

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 21:25:21 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2929
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4

107.161.23.11

200 OK

2.8 kB

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (8016), with no line terminators
Size
2.8 kB (2817 bytes)
Hash
023a09c7dea64bf4a30ccc3773a36381
60319e56baaac5c848de3dd13b1902433345c427
ff36c1dc57bb0b449ab07c62a5efbda1201af0039c4e0c0f696a105283e99f25

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 21:23:51 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2817
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.9.2

107.161.23.11

200 OK

423 B

URL HTTP/1.1
americantaxcredit.co/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.9.2
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with very long lines (882), with no line terminators
Size
423 B (423 bytes)
Hash
1d4d6ba6e9c1e85588ac791a78138ad7
055e33bd964348da35aa7e5ce94e15b19536109b
5fde0dbbafcf19ba3696c8d7c06ac5685694dc50c0a6d77fd2f37ce1966d96c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.9.2 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 21:10:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 423
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1

107.161.23.11

200 OK

1.6 kB

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
Unicode text, UTF-8 text
Size
1.6 kB (1620 bytes)
Hash
233648f28a3dd579734f0c0e1d213997
608b0b650bc53e6c11c9c6aaa11ff2da1aae51ad
f9b3929c4aa5f2c7960e5450c977a1bdfd04b2ec7c5e89c5cc8d05d38fec8d63

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 21:20:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1620
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css?ver=6.1.1

107.161.23.11

200 OK

127 B

URL HTTP/1.1
americantaxcredit.co/wp-content/plugins/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css?ver=6.1.1
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
ASCII text, with CRLF, CR line terminators
Size
127 B (127 bytes)
Hash
5e28016abbbd8533d16c64a9a7519717
7a151f8895ebc70a411132735317eda8a4c4fafe
6488bd77825d8c783aab619b980f952ad9a366dd07fe28289a969e395506678c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css?ver=6.1.1 HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 21:20:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 127
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

push.services.mozilla.com/

35.161.230.192

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.230.192:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5hRRakFOBeD/LJZ3F7u7CQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FrvcNuAvnVJ+dEuEtp0raYnhNVo=

americantaxcredit.co/favicon.ico

107.161.23.11

404 Not Found

1.2 kB

URL HTTP/1.1
americantaxcredit.co/favicon.ico
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://americantaxcredit.co/~medscrip/bjauosflfa.dz5e6ql1b6ip/zx7zkuaxg97a6j1p.u1grkt8mkapj0tjks/c6vrvuto4anvf4qx.i09u14uic8093krdzmg/rg8iplb9469q.jy5xe9tzxduvew.alle48x19v8wq

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed

americantaxcredit.co/wp-content/uploads/2022/09/cropped-american-tax-credit-co-362x85.png

107.161.23.11

200 OK

18 kB

URL HTTP/2
americantaxcredit.co/wp-content/uploads/2022/09/cropped-american-tax-credit-co-362x85.png
IP
107.161.23.11:0
ASN
#3842 RAMNODE

File type
PNG image data, 362 x 85, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (18344 bytes)
Hash
eb0cc2c34664b30f8cbfd0974c775d69
b1613cc56a8cc9cf63e08261cec1a02666836f81
acdc0bed1cab8b9ac425bfebdba132c3f6bc7b4b5e4561036a65ec9bb7dbec75

HTTP Headers

GET /wp-content/uploads/2022/09/cropped-american-tax-credit-co-362x85.png HTTP/1.1
Host: americantaxcredit.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://americantaxcredit.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 04:38:02 GMT
content-type: image/png
last-modified: Wed, 14 Sep 2022 21:32:12 GMT
accept-ranges: bytes
content-length: 18344
date: Tue, 29 Nov 2022 04:38:02 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2707
Expires: Tue, 29 Nov 2022 05:23:11 GMT
Date: Tue, 29 Nov 2022 04:38:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2707
Expires: Tue, 29 Nov 2022 05:23:11 GMT
Date: Tue, 29 Nov 2022 04:38:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2707
Expires: Tue, 29 Nov 2022 05:23:11 GMT
Date: Tue, 29 Nov 2022 04:38:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2707
Expires: Tue, 29 Nov 2022 05:23:11 GMT
Date: Tue, 29 Nov 2022 04:38:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4916 bytes)
Hash
83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:01:17 GMT
age: 5807
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9376 bytes)
Hash
cce27a1fe8c0222811a5ce0e7f89e1cb
28c165bac8cf68cd1b0763c311aece00672cb3a5
4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPmz3EVUoAMFWUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:58:57 GMT
age: 23947
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb99c22d6-3187-4d40-8281-7980c7988464.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3905 bytes)
Hash
06723cdab42df9b5334f540a8c7ebc60
3bbc44cb84a37ce6a067db4301dd81647a77c29f
9f6f064b16044c510650635690c61003fb2f6439021a2e681431136f5e7a08b3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb99c22d6-3187-4d40-8281-7980c7988464.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3905
x-amzn-requestid: bf50db76-dd95-44fc-abbe-1a26a5559ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMFcYHE6IAMFmpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638182b5-50b6d010058c6cb75c05c6de;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 03:06:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 73Fr-7-mRcw9_OVt8Wdi4pjFBHkqi_vBa-zgLtbHKEx1ay9s8wDSgQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 06:26:11 GMT
age: 79913
etag: "3bbc44cb84a37ce6a067db4301dd81647a77c29f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2d4df78-04ce-4ad8-b5a5-07c0212d3a16.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4901 bytes)
Hash
c812ff38eed34e674ee4090ffc602358
3515adf47d25a17eec2a62d045d217cd23a0f985
17847348aa28dce436e4181ec86578e154c3a700b48df9bbdb771abaa3d2ed58

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2d4df78-04ce-4ad8-b5a5-07c0212d3a16.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4901
x-amzn-requestid: a5ad8fee-b892-4485-9975-40e183506a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIsO3HDGIAMFQgQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6380272b-5827122433cb8c6d5ab7e300;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 02:23:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MSxsBockYtOQ1vJwadowGgFdFGyqM2R4ax2EQTLoVPu6y0hWy1H1sw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:48:29 GMT
age: 20975
etag: "3515adf47d25a17eec2a62d045d217cd23a0f985"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8106 bytes)
Hash
5ab97acd46d3380fa12711c96b3c2d35
b703ea2cc2fcd68e60135ff77d5a5f1b93fac128
aeeaa56714fbd157e788cd24da03d43ede527959e2563e6d7d99489753dee85f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8106
x-amzn-requestid: 73d1b662-99a8-4ad7-95f9-c0b1ebf7c45a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnQEhQoAMFbLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852961-64954bc92997c9302e291381;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sYK4SFsG-No3Bd-CyGIKSWh4sUokwaHa20tc8zvbqUpxkplJOiASIA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:42:03 GMT
age: 24961
etag: "b703ea2cc2fcd68e60135ff77d5a5f1b93fac128"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7479fbd-640b-4a65-ac00-893210a725b0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10445 bytes)
Hash
c76e3c4cc159bda9b9e887fcd449ba51
12d90c36bd455b3b859fdb761b6ed49ea9f98f80
fc2aad6b1ec65938249970e01a23d35a19cb9c9acbc3524586dd23f7bdaf9690

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7479fbd-640b-4a65-ac00-893210a725b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10445
x-amzn-requestid: fb9fc0d4-9f2e-4fab-a259-30300aacdc67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvuDGHaIAMFn_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc659-56786e9b754a48b30b5f79c7;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:06:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fkjT2irjF_lGK2IDx2nzFK13MgMQFXrtUIWv9lR9y-f6VT1bthJfyQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 14:02:53 GMT
age: 52511
etag: "12d90c36bd455b3b859fdb761b6ed49ea9f98f80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations