Report - bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157

Report Overview

Submitted URL
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
IP
174.138.33.212
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2023-02-02 20:24:34
Access
Website Title
Final URL
Tags
huntington financial phishing dyndns
urlquery detections
Phishing - Huntington
Suspicious - DynDNS domain

Detections

urlquery
97
Network Intrusion Detection
13
Threat Detection Systems
90

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	3.7 kB	2.6 kB	142.250.74.163
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.155.76.146
cdn.linkedin.oribi.io	unknown	2022-10-19T16:36:39Z	2023-03-13T05:12:57Z	430 B	417 B	54.230.111.78
bnsx.duckdns.org	unknown	2023-02-01T21:21:10Z	2023-02-01T23:30:22Z	37 kB	1.9 MB	174.138.33.212
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	4.8 kB	9.8 kB	142.250.74.131
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	922 B	349 B	157.240.205.35
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	798 B	96 kB	142.250.74.72
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	3.7 kB	2.6 kB	142.250.74.132
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
sp.analytics.yahoo.com	816	2014-01-31T21:48:24Z	2023-03-13T05:18:24Z	803 B	919 B	212.82.100.181
trk.clinch.co	5423	2014-12-18T19:54:09Z	2023-03-12T23:47:51Z	1.8 kB	1.0 kB	54.208.228.50
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	72 kB	34.120.237.76
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	3.8 kB	7.2 kB	142.250.74.162
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	796 B	2.4 kB	35.241.9.150
mef957.dynatrace-managed.com	107553	2019-04-14T23:07:15Z	2023-03-08T05:39:35Z	1.8 kB	334 B	100.24.162.178
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.36.76.226
snap.licdn.com	1044	2014-10-06T10:43:45Z	2023-03-13T05:12:55Z	382 B	5.1 kB	23.36.76.121
s.yimg.com	375	2012-05-21T00:45:00Z	2023-03-13T05:18:23Z	356 B	6.9 kB	188.125.94.206
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	374 B	29 kB	31.13.72.12
ocsp.godaddy.com	698	2012-05-20T21:28:57Z	2023-03-13T05:12:19Z	340 B	2.3 kB	192.124.249.22
www.huntington.com	56151	2014-08-03T09:06:58Z	2023-03-12T04:57:24Z	455 B	2.0 kB	104.84.152.187
ensighten.huntingtonbank.com	91425	2019-02-13T12:49:10Z	2023-03-08T05:39:31Z	1.1 kB	985 B	63.34.68.24
selfservice.huntington.com	450910	2014-10-08T16:27:30Z	2023-02-16T18:48:48Z	379 B	717 B	104.84.152.187
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.4 kB	3.1 kB	93.184.220.29
px.ads.linkedin.com	522	2018-06-15T13:29:56Z	2023-03-13T07:16:10Z	1.4 kB	2.5 kB	13.107.42.14
www.linkedin.com	608	2015-06-18T18:10:03Z	2023-03-13T05:12:57Z	834 B	3.1 kB	13.107.42.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-02 20:24:50	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-02 20:24:50	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-02 20:24:50	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-02 20:24:50	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-02 20:24:51	medium	Client IP	174.138.33.212	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-02-02 20:24:51	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-02 20:24:51	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-02 20:24:52	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-02 20:24:52	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-02 20:24:53	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-02 20:24:53	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-02-02 20:24:53	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-02-02 20:24:53	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-700.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Medium.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Bold.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-600.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Book.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-MediumCaps.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-300.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/121543311796381	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/bat.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ytc.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/fbevents.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/7a8ba97f	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/Bootstrap.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/lockup.svg	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/EHL_Black_HouseOnly.svg	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/logo-honeycomb.svg	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/ruxitagentjs_ICA2SVfqru_10213210506081349.js	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/inqChatLaunch10006663.js	Phishing
2023-02-02	medium	bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2	Phishing
2023-02-02	medium	bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2	Phishing
2023-02-02	medium	bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767	Phishing
2023-02-02	medium	bnsx.duckdns.org/akam/11/pixel_7a8ba97f	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff2	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff	Phishing
2023-02-02	medium	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (41)

	URL	Size	First Seen	Last Seen
	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-13	2023-11-17
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:47:19 Last Seen2023-11-17 16:32:25 Times Seen5 Hash beca88e7d9125b63f58be285031b0930 08cda009ebdf601f0ffe06b0ee3065fff2fb105b c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4	2.4 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:36 Last Seen2023-03-13 15:15:36 Times Seen1 Hash 1dae901c698ab4853203e7091da475cb feca28a559579a90dc894e524b8d148a1170713d d03ec9787dd12b77381bf15cf80744cfd104539919eaae1b9a9018d31854bc5c Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/121543311796381	21 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/121543311796381 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen87 Hash e3bf3fa0a912c14bfe1c0b7282fbfa8a 96b0a4a037c23ce2e7bc90c146610c473549665a 1358a42f383b6e651d8412fbd5ab4c3e89b8c427d325815783e78d00d95e4138 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	26 B	2023-03-07	2024-05-10
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-05-10 06:13:56 Times Seen19923 Hash 8cf91652fc7787b535b26f390f9ed9af d39e49793059ab3b8a97b61bac69ad2a451c8ff2 f876a7b1e6234843f5d8487af055addd42fe6018d4f4e2f29ab08c0f08a85d94 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	26 B	2023-03-07	2024-05-10
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-05-10 06:13:56 Times Seen19921 Hash 339aaaa033bd435bc3d3442976b21150 309497f761b4649d113688cb611242810ed2a8bc 47536a23eb95f0f1d8f00b6ef54ac4553cc05d06ddce49260dab7dc9f083296d Loading...

	www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c	176 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 437dc2a45d7cb48c0b1e2745e4ec7c82 0074547574d6a9d5a2a2b7ef7bf4b24502e2e383 0e573e07d44e2b6ed32fe9830508a757534c84962f78d3d8b1666ad4d22837a1 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	149 B	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen54 Hash ac7f43c44fed4cf6e09d96b5a4357066 8e27fa7a539f5061bddf860541196d42c3655295 1a942a06f7da3702b3aba558359f26651da850132325b59469c65476655d3443 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	26 B	2023-03-07	2024-05-10
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-05-10 06:13:57 Times Seen19919 Hash 91e37f24be76111b93a0ff728b96cddb e1740ea479e156d424cb918060d779528ecc8fae 49ef43da1c84ec34b398aaab43e8debad168559596297c7586e9c9e8239c79bf Loading...

	ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774	145 kB	2023-03-08	2023-09-14
Pretty URL ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774 IP 63.34.68.24 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:56 Last Seen2023-09-14 03:55:59 Times Seen150 Hash 5828bc2a2ceaa2961527eedaf4167b77 166d54624e012273fa58054d82c8148435c6f51f d8b4316c52fee0d44615da1b505f567a8b0e62a3db556fa55320e8e7be025c28 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download	462 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen81 Hash 325f5dd8b44503ea1799409a40addb9e 3887ffbc86f01677d34cce7ac8839305e175e97a dbe44f4b698a44798e63a0177f6283a2dff01335f142be72dccfedd66e91554e Loading...

	snap.licdn.com/li.lms-analytics/insight.min.js	13 kB	2023-03-12	2024-03-30
Pretty URL snap.licdn.com/li.lms-analytics/insight.min.js IP 23.36.76.121 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 18:01:01 Last Seen2024-03-30 11:38:49 Times Seen5925 Hash b846c9d158853dd4aa95d3d7407ed8bb 2cf0eb02a22e8bd80d19a50a84593420d777d5db f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Loading...

	connect.facebook.net/signals/config/5140493269326436?v=2.9.95&r=stable	386 kB	2023-03-13	2023-04-28
Pretty URL connect.facebook.net/signals/config/5140493269326436?v=2.9.95&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-04-28 04:37:15 Times Seen32 Hash a4551720b01598596b12aebb299cf4a7 ef1bfb54998cbfc8d256cd49e4ce80087664b572 507acc954710f7b8be8be0e668de96ac857be66a6c1d1a525209fe0f51ecad57 Loading...

	s.yimg.com/wi/ytc.js	17 kB	2023-03-07	2024-03-04
Pretty URL s.yimg.com/wi/ytc.js IP 188.125.94.206 ASN #10310 YAHOO-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:36 Last Seen2024-03-04 14:29:23 Times Seen1244 Hash 6a624022b5d271dcefb070b0b6670abc e9a0a059a5cefc0cd9e6cc0e8d7bd8d64c23936b 249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ytc.js.download	15 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ytc.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen251 Hash 49db10c8315384e8dad2e92a6841ed81 f576976a579cd50da6b717db5d48e1ea7137f744 63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download	1.1 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen89 Hash bc854aab7af244173e4dc2ca2a8f471a 1f0444814fabf2d764af527d1718e376ca0c89c1 11a2b7d65804df37c5d5801da23212eddb8530ffb15a5b67d77a8ccdcb5b8199 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767	72 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-08 20:09:58 Times Seen386 Hash 335f2776eaf4ca7eca9953d2240c3316 5f5702f072d8e721dd3557ccd2a0944b3cc58fa5 ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5 Loading...

	www.googletagmanager.com/gtag/js?id=DC-10701487	114 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=DC-10701487 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 83a2e516c9dbaa6849df51ebf3b58097 de675bd4c35addc4a02b04153621d4197b965459 75bc8f68f5671b3c52d0862662e2cce25d19bb4a3c808ada215aefd7cad3efa3 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4	2.4 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 29c13d7c015cce7d013e19dd7d869427 69a1bcea6522f4ab7cbea51eb2563a17bd6fe4db e80b1ab60e19360124bee1cb42df61c6fde46fa35e7db4bd209fc2b6e470a92d Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/fbevents.js.download	90 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/fbevents.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:33 Last Seen2024-04-08 20:09:58 Times Seen98 Hash 61df3554472fe8057b5ae4537648d00d 125767dc32df57aa86a64801d9457923e378b397 e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/	1.1 kB	2023-03-13	2023-03-13
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 6b153a98f711b01cb37d2f5102df4ec0 85808f42b7683520722c7da1f2f65ae55f38ae9a 8e64036ea04646adae16a13dc04c7b77d38325dc367a7200dfbd8a75b96b300d Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download	22 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen93 Hash 1c9d96d3f228156fd7e9df9c531871d1 a118554b1208e30af4a0fef948c9566b8e7f4a94 648d971972fc0140127ab99989b3b55a28e8e3c2fcbf281390bbb7edf5000f26 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	26 B	2023-03-07	2024-05-10
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-05-10 06:13:56 Times Seen19925 Hash 813f7afe12806d2df1c685b53ab49c0e 8ebc2ee97e18dd336b670b53dbccdfb8788a5825 ab008176ac77145e392d8392787e81c90c2592a54b1590d8779c74f956c0e46a Loading...

	ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=88.58400342913319&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	319 B	2023-03-13	2023-03-13
Pretty URL ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=88.58400342913319&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 9c27085b78ca7fc4552e35a824094045 35a4d979e7f5317a8929cb1bca91692a912cc208 dc90c0f9d91a28ec1e51053343bb13465d41e44db4b4e802101da40f4eac175f Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4	2.4 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 698d4f2ad87e15fb16565d2d34d78aab 47525f09d2c6cd1c25e07c807a47229e9a5b6e76 94b60350e77c2b701eb3dafc1f71eb77f218a6d666b5c11716bdf3bfc11a3054 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/7a8ba97f	33 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/7a8ba97f IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:58 Times Seen66 Hash af77eedae6083a5bd6f07cec713ab58d 2804fbe107e6af68bf7e2d39cfb176987e1fc9ad 06af35b557f7713851c46e61fd940a1dcf2381d6372582a63abc43dfdee46c33 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download	90 kB	2023-03-07	2024-05-10
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-10 05:59:50 Times Seen143064 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download	7.5 kB	2023-03-07	2024-05-05
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-05-05 12:46:20 Times Seen288 Hash 374ca92abaa98bc7b2f19fe64114a18b 4c0a1441026a9337d322d7ae5536df1427e5c140 7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	33 B	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen39 Hash 9671cdd78be44428a6396c3962992821 956a083d2f430a50e7193ca9cfc72b8ba11407c1 c786cc12c5317c364317a10c584eb7bff7e321c5e38d0d121d35801f2f3b89f3 Loading...

	cdn.clinch.co/a_js/client_pixels/clq/script.min.js	15 kB	2023-03-08	2023-09-14
Pretty URL cdn.clinch.co/a_js/client_pixels/clq/script.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:56 Last Seen2023-09-14 03:55:58 Times Seen111 Hash c12dd0f8c53c6d8f8a5c845a2f892307 5e880be41d047f1b7754e93e8a44347d28482702 b4006b2b20c4ba8ac04ddd00bb13dc8fe178503b89b31481e4b43243795bcb7b Loading...

	www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash f94071089aecda140fa9479af0b8f989 5983f548e099fd707a53e11ad23af012f9492f54 70a9500849ca37f96e2f95deeb1b873d7ba5c11cafa11c08c10169ed41114a6c Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4	2.4 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash e3c2393fc26fa4d4ffee8ec1d41851d6 c47469e03f8ffbd32eaa18582f986cf76aab6dbb e0283e95ddccb94aff0f85fd19891ef4dcd7e6202b0c66110ab09f31833c5902 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download	154 kB	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen196 Hash d33104f26092658d2becbbfa66e9d1fb 9c33f190903b2664af1f20b3a16ce2dca13d8a49 4249e4f7acbb2de46e66922b8ae70689820a9a6eb9a6f98a77d13190b7c2559e Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	482 B	2023-03-07	2024-04-08
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-04-08 20:09:57 Times Seen54 Hash 30092b66bd92ab05d4da2dbf5e412263 5e7611ebcec6a5b90317d3cc2d30f47c80dfb87a 19e22d179543fb3fc0d5dcc8502f6fbec83d3422090578ce035173b297fa6620 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157	26 B	2023-03-07	2024-05-10
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-05-10 06:13:56 Times Seen19921 Hash 0096b3a75c132c10f6a90df56192e4d7 07cfa420d654e1531d97a9dccd23f4bede5edde7 7e519b79026424c478dc1b72f347eb1327c9d01dc2458973bafe2690ca7d016d Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html	32 B	2023-03-13	2023-03-13
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 944ade3845de95265e64ba4f8af6624d 09df01abef702ffe124793f74ad3fdecbac9523e f3247627147a5f077731f40259342ba9f62df23e4085fadd5c7197a095385fd0 Loading...

	www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c	176 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash f567a67a4bc7defb7f8d629035f7979c 91a07bc3392f1e248d0e56e7b5fff428ac751c81 4eba7be5ad894573b5454ae213f7d1b0cc8c720bcb6ba7656957ab38f739fcd3 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/bat.js.download	28 kB	2023-03-07	2024-05-06
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/bat.js.download IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-05-06 19:19:35 Times Seen224 Hash f07693f6368c988acd20de4362479103 d04355e119fac2c9104c4fe98015e22f3f181d93 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515 Loading...

	unknown	0 B	2023-03-07	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-10 06:14:12 Times Seen37493012 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/oo_engine.min.js.download	46 kB	2023-03-07	2024-05-05
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/oo_engine.min.js.download IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:24 Last Seen2024-05-05 12:46:20 Times Seen405 Hash 3023bde795e4926691e3691ace0d9356 053c86b53ec7bca624cffc3f6321697d35a1c5d5 1bf7836282cf0a1f1cae452a2b7d03f4857827aa682e36562831fe3bc34f30a5 Loading...

	bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html	146 B	2023-03-13	2023-03-13
Pretty URL bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html IP 174.138.33.212 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:15:37 Last Seen2023-03-13 15:15:37 Times Seen1 Hash 86ccdd3ed528a619317f6eaae38c2fef d7287a3f34aa1425838d5e361dd08a65f9baa142 3e02363c056cff439def72566dc47e2326577bb8d0c711f5e2a062492aa6d31a Loading...

		Size	First Seen	Last Seen
	#1 Eval - b2c2041f8d99c45e0f21474fe4f8b7bc	17 B	2023-03-07	2024-05-10
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-10 05:57:37 Times Seen7478 Hash b2c2041f8d99c45e0f21474fe4f8b7bc 0b876666393469c726a2e3edbb29544c03a92154 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061 Loading...

HTTP Transactions (119)

URL IP Response Size

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157

174.138.33.212

301 Moved Permanently

465 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (307)
Size
465 B (465 bytes)
Hash
d0b72d86c39bdcc49993ab0a94bab0d7
efcbf2af06ce283d4ec70a90129c94fa12d78d14
dc2c47b91613b5a6d7dfb95ecb0328312a62768e948d18ccdfb65a2610e29890

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 20:24:23 GMT
Server: Apache
Location: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Content-Length: 465
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3250
Expires: Thu, 02 Feb 2023 21:18:33 GMT
Date: Thu, 02 Feb 2023 20:24:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2860
Expires: Thu, 02 Feb 2023 21:12:03 GMT
Date: Thu, 02 Feb 2023 20:24:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18631
Expires: Fri, 03 Feb 2023 01:34:54 GMT
Date: Thu, 02 Feb 2023 20:24:23 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 19:36:07 GMT
content-type: application/json
age: 2896
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Ty8MdKSplhtRYu6uAqRfnV3Ykx4wr6sDkmO0aMWnFkd6hmzM7Vxqo44giBggCu+Gr8e/lDPJPkw=
x-amz-request-id: FB64932EXQX2Y30J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 19:52:06 GMT
age: 1937
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 20:24:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 20:07:19 GMT
age: 1024
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3733
Expires: Thu, 02 Feb 2023 21:26:37 GMT
Date: Thu, 02 Feb 2023 20:24:24 GMT
Connection: keep-alive

174.138.33.212

200 OK

146 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3686), with CRLF line terminators
Size
146 kB (145925 bytes)
Hash
691ce256b013e1050f1821cfa02c7682
c55f20101702c7a8e05d8023d1dde0fd0b0166e0
d30346996065187d27a815e4308e448985961f7b5796fbb8ce87e49c4d92777b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:23 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.css

174.138.33.212

200 OK

4.9 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.css
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
4.9 kB (4858 bytes)
Hash
a40d7c46fda2453ee102876aa83a41e0
7b571d1c010342650d66414a642866edf19bf548
8392ac1fe969b5d0f7c288390985731f89920f890fa5dfa5876d4c781875d914

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/site-survey.min.css HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Thu, 27 May 2021 07:22:54 GMT
Accept-Ranges: bytes
Content-Length: 4858
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-700.woff2

174.138.33.212

200 OK

17 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-700.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 17128, version 1.0\012- data
Size
17 kB (17128 bytes)
Hash
8f65fa68cfb5d8cc4f4fa728a470332b
62b57f937d710caae3ee52435ba0c408e8653c43
34f3c7445d22c1509aeecc5d020b6d24c9e2f63b3c0514cebbc3813798965273

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-700.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:18 GMT
Accept-Ranges: bytes
Content-Length: 17128
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Medium.woff2

174.138.33.212

200 OK

20 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Medium.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 19976, version 1.131\012- data
Size
20 kB (19976 bytes)
Hash
3a077fd2bd5357dd3e08636baa59af5b
266784e6eb28365e3779a398e462193572b0278a
04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:12 GMT
Accept-Ranges: bytes
Content-Length: 19976
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Bold.woff2

174.138.33.212

200 OK

20 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Bold.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data
Size
20 kB (19712 bytes)
Hash
ee5e65624970575e475f375b29b0b22b
6e622749b6f7092e825eb7ed90b74c3d70fa43b9
deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:55:42 GMT
Accept-Ranges: bytes
Content-Length: 19712
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-600.woff2

174.138.33.212

200 OK

17 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-600.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 17080, version 1.0\012- data
Size
17 kB (17080 bytes)
Hash
b6e5b86d74352699fff02e4bdc5185e5
f01de24cfaf2f20e715e4d49023fcb19b1a62d1d
d09bb7e3de3760ca1d9375090796e4f1cf180f43c6457a874ed22c3b0a0b07ea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-600.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:18 GMT
Accept-Ranges: bytes
Content-Length: 17080
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Book.woff2

174.138.33.212

200 OK

21 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Book.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data
Size
21 kB (20592 bytes)
Hash
a075767d12a8cc86d52367ef3aacec11
9aef8898e7a319ee5cbe08c5b0cec63512561d7d
e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Book.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:56:02 GMT
Accept-Ranges: bytes
Content-Length: 20592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-MediumCaps.woff2

174.138.33.212

200 OK

19 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-MediumCaps.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data
Size
19 kB (18636 bytes)
Hash
6bcfcbed1f0aa26a245423d2e4bcde4f
d17df2ba457e3009ee38db903b88671885c3984e
9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:14 GMT
Accept-Ranges: bytes
Content-Length: 18636
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

push.services.mozilla.com/

35.155.76.146

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.155.76.146:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D27Pf3dlwTF/z3dbvT0NUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: meCV5B2SQOLcNt2MshVxhR03jk8=

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-300.woff2

174.138.33.212

200 OK

17 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-300.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 16872, version 1.0\012- data
Size
17 kB (16872 bytes)
Hash
3d9d9afae68fc95977ec200c119c42a1
2b44b2f5ec04f2f06fd28c9041fb8fa582ab8fcc
f43ea36b900ae7aa4ec07956e9b1223ab00dac1f766d97580b1e2bfe721cdc24

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-300.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:16 GMT
Accept-Ranges: bytes
Content-Length: 16872
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/121543311796381

174.138.33.212

200 OK

21 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/121543311796381
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (6957)
Size
21 kB (21019 bytes)
Hash
e3bf3fa0a912c14bfe1c0b7282fbfa8a
96b0a4a037c23ce2e7bc90c146610c473549665a
1358a42f383b6e651d8412fbd5ab4c3e89b8c427d325815783e78d00d95e4138

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/121543311796381 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:44 GMT
Accept-Ranges: bytes
Content-Length: 21019
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/

174.138.33.212

200 OK

1.1 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
1.1 kB (1136 bytes)
Hash
6b153a98f711b01cb37d2f5102df4ec0
85808f42b7683520722c7da1f2f65ae55f38ae9a
8e64036ea04646adae16a13dc04c7b77d38325dc367a7200dfbd8a75b96b300d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/ HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 22:16:34 GMT
Accept-Ranges: bytes
Content-Length: 1136
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/bat.js.download

174.138.33.212

200 OK

28 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/bat.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (28050), with no line terminators
Size
28 kB (28050 bytes)
Hash
f07693f6368c988acd20de4362479103
d04355e119fac2c9104c4fe98015e22f3f181d93
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/bat.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:48 GMT
Accept-Ranges: bytes
Content-Length: 28050
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ytc.js.download

174.138.33.212

200 OK

15 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ytc.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (14972), with no line terminators
Size
15 kB (14972 bytes)
Hash
49db10c8315384e8dad2e92a6841ed81
f576976a579cd50da6b717db5d48e1ea7137f744
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/ytc.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:48 GMT
Accept-Ranges: bytes
Content-Length: 14972
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/fbevents.js.download

174.138.33.212

200 OK

90 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/fbevents.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (64379)
Size
90 kB (90273 bytes)
Hash
61df3554472fe8057b5ae4537648d00d
125767dc32df57aa86a64801d9457923e378b397
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/fbevents.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:44 GMT
Accept-Ranges: bytes
Content-Length: 90273
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download

174.138.33.212

200 OK

182 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (1626)
Size
182 kB (182288 bytes)
Hash
227400e4070ac91189e80b05077abe20
714374d4c852c2058b1df7f4a6ff9f7acc164867
d42a94bdd0158c8df1d1ea4ae03da23f0007e9b6d5b38c05eb4797ffe90e1cf8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 182288
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/7a8ba97f

174.138.33.212

200 OK

33 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/7a8ba97f
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (19024)
Size
33 kB (32863 bytes)
Hash
af77eedae6083a5bd6f07cec713ab58d
2804fbe107e6af68bf7e2d39cfb176987e1fc9ad
06af35b557f7713851c46e61fd940a1dcf2381d6372582a63abc43dfdee46c33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/7a8ba97f HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 32863
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download

174.138.33.212

200 OK

22 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (999)
Size
22 kB (22354 bytes)
Hash
1c9d96d3f228156fd7e9df9c531871d1
a118554b1208e30af4a0fef948c9566b8e7f4a94
648d971972fc0140127ab99989b3b55a28e8e3c2fcbf281390bbb7edf5000f26

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:50 GMT
Accept-Ranges: bytes
Content-Length: 22354
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download

174.138.33.212

200 OK

90 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 89476
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/Bootstrap.js.download

174.138.33.212

200 OK

226 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/Bootstrap.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (603)
Size
226 kB (225981 bytes)
Hash
8746e0eaa34beca77c5679a495ed1d3a
f8bc25c85508043935f3e63ff5cd1196c35762d6
83acf00ba4050132d8547daca62a4fca4670029aaa75b01c5e99179cbc6d4991

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/Bootstrap.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 225981
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download

174.138.33.212

200 OK

1.1 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (1083)
Size
1.1 kB (1147 bytes)
Hash
bc854aab7af244173e4dc2ca2a8f471a
1f0444814fabf2d764af527d1718e376ca0c89c1
11a2b7d65804df37c5d5801da23212eddb8530ffb15a5b67d77a8ccdcb5b8199

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 1147
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css

174.138.33.212

200 OK

354 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (65536), with no line terminators
Size
354 kB (354237 bytes)
Hash
c1a238b15d787d129d19c3b1e840ef82
f0a5a113d05a63617959d39aa735a47762c22a80
9aa364658609b56150bae76849da9138758ad120cb89fea2dd947017ce1c3f25

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/toolkit.min.css HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 354237
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download

174.138.33.212

200 OK

7.5 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (7496)
Size
7.5 kB (7541 bytes)
Hash
374ca92abaa98bc7b2f19fe64114a18b
4c0a1441026a9337d322d7ae5536df1427e5c140
7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:50 GMT
Accept-Ranges: bytes
Content-Length: 7541
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767

174.138.33.212

200 OK

72 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (72012 bytes)
Hash
335f2776eaf4ca7eca9953d2240c3316
5f5702f072d8e721dd3557ccd2a0944b3cc58fa5
ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 72012
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/lockup.svg

174.138.33.212

200 OK

3.9 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/lockup.svg
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3937), with CRLF line terminators
Size
3.9 kB (3942 bytes)
Hash
760da63259e763df170dc8720b8d8a41
efd755d6b9efdb7ce688a77f4d68dee3498162eb
9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/lockup.svg HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 08:54:14 GMT
Accept-Ranges: bytes
Content-Length: 3942
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/oo_icon_retina_black.gif

174.138.33.212

200 OK

552 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/oo_icon_retina_black.gif
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
GIF image data, version 89a, 18 x 18\012- data
Size
552 B (552 bytes)
Hash
0f74fe3f4f85d3c7f096f2416efa893a
bffedd9c6e9b04c0e6f7f77bd689013de5e8d01e
15f5836e52324d46e89eed325a5de5158f0d9bb29d59e1ffc381d961a1f6980d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/oo_icon_retina_black.gif HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:22:28 GMT
Accept-Ranges: bytes
Content-Length: 552
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download

174.138.33.212

200 OK

462 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
462 kB (461456 bytes)
Hash
325f5dd8b44503ea1799409a40addb9e
3887ffbc86f01677d34cce7ac8839305e175e97a
dbe44f4b698a44798e63a0177f6283a2dff01335f142be72dccfedd66e91554e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 461456
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/EHL_Black_HouseOnly.svg

174.138.33.212

200 OK

707 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/EHL_Black_HouseOnly.svg
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
707 B (707 bytes)
Hash
422002ff598ec781dc753d0627bec1ee
d440d6acb305d644a4ba824a28c97f04511aac95
4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/EHL_Black_HouseOnly.svg HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 08:54:14 GMT
Accept-Ranges: bytes
Content-Length: 707
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/logo-honeycomb.svg

174.138.33.212

200 OK

844 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/logo-honeycomb.svg
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with no line terminators
Size
844 B (844 bytes)
Hash
d7ce1f5e222e75801ed22741962ac64b
3cf38997840e2047e145a747cbb220cee28adaab
83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/logo-honeycomb.svg HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 844
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff2

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff2

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff2

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff2

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1385
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292672|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html

174.138.33.212

200 OK

1.6 kB

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (671), with CRLF line terminators
Size
1.6 kB (1550 bytes)
Hash
e54cc932aa2d14419a48db6e816cb6bc
a43d732062d25fde22741abb7a96d7a113059621
a0b3ba912563629cf603980db128ae2f92602c5101b2d50dbe97eef86de26c61

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/nuanceChat.html HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292672|1675369492360; dtSa=-; dtLatC=253
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Last-Modified: Thu, 27 May 2021 07:21:30 GMT
Accept-Ranges: bytes
Content-Length: 1550
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/ruxitagentjs_ICA2SVfqru_10213210506081349.js

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/ruxitagentjs_ICA2SVfqru_10213210506081349.js
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/hunt/ruxitagentjs_ICA2SVfqru_10213210506081349.js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/inqChatLaunch10006663.js

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/inqChatLaunch10006663.js
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/hunt/inqChatLaunch10006663.js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bundles/cc02a3d8ui21449047bac2f8af56d2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bundles/cc02a3d8ui21449047bac2f8af56d2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16944
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 20:24:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16944
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 20:24:25 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11367 bytes)
Hash
395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H1HIK6zdv95V96NxqSfHCqYtDQNPZ9NLAwG5oM5mwRr3nAUR0BPxlg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:25:11 GMT
age: 79154
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9221 bytes)
Hash
df4a4906103a8f409c066b1cded71384
22847e3926db3e3d5f6b529297a4abe8b377c3a6
84a14b73b2cc7f4641eaa5539cbee0a109ae2b05cf88d06797a2b00c8d4f0c43

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9221
x-amzn-requestid: 209c2ad4-7a1f-4867-bf98-4ca8621111a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTBFv5IAMFgqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-1627a9d603c69f7760ad013b;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kAkcQOKAvuq3k-X081MLCqon-cnQJqGryVeE0fwX0a7bcXgJlySIvg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:12:07 GMT
age: 79938
etag: "22847e3926db3e3d5f6b529297a4abe8b377c3a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (15051 bytes)
Hash
6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:46:26 GMT
age: 81479
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5356 bytes)
Hash
7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XyDZc0F-b0rxwoS5wvSXBuBfYE7JljMmuXseBjLOBk4HvxU5gE7Oqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 79530
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8944 bytes)
Hash
b9af1fd56c0de8f128ddce88d49c1b4d
e3bb3d4950f7c0267f4476eef21872da332831aa
908153182f76362ff329803d9c11c06c66181e85e8e51dabd927f1f1ac630d5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8944
x-amzn-requestid: 07495184-ede8-485c-94e8-5302ec348ea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: freiLHRPoAMFYbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dade0d-275437a54eceb40e302a7f55;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:47:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 86qoRJHXcrnBGi3REMF5q3ANzKdqEs5F3yFUBmiIt6SCbBVnhGe2Kw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:58:57 GMT
age: 80728
etag: "e3bb3d4950f7c0267f4476eef21872da332831aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15857 bytes)
Hash
4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C1kqthy0eZop0UZfG3_op5xeBOVGiPLYfia4uS1l4-kchEzV6ccE9w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:28:37 GMT
age: 46548
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -11$169492352_664h6vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1601
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h6vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293225|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a7295a27c6e56b48eae1c5defeaf70cf
cfcd3454939e07d9e84808a20214a2225c95fe3d
72efa51956cd62ad32cbc75662b9f9d7c97ace6ef09e836a2ccd6f48c1adac9e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3741
Cache-Control: max-age=107843
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:25 GMT
Etag: "63db0f9f-1d7"
Expires: Sat, 04 Feb 2023 02:21:49 GMT
Last-Modified: Thu, 02 Feb 2023 01:19:27 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a7295a27c6e56b48eae1c5defeaf70cf
cfcd3454939e07d9e84808a20214a2225c95fe3d
72efa51956cd62ad32cbc75662b9f9d7c97ace6ef09e836a2ccd6f48c1adac9e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4810
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:25 GMT
Last-Modified: Thu, 02 Feb 2023 19:04:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

bnsx.duckdns.org/akam/11/pixel_7a8ba97f

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/akam/11/pixel_7a8ba97f
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

POST /akam/11/pixel_7a8ba97f HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-dtpc: -11$169492352_664h9vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0
Content-Length: 2834
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h9vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293531|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1

104.84.152.187

200 OK

1.2 kB

URL HTTP/2
www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
IP
104.84.152.187:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (4339)
Size
1.2 kB (1249 bytes)
Hash
19ac7c952619cab53123eee38648d8bd
47e839324893deeef4e9f6b46dff135e1542dc9a
1a8ffa5f523a7a462b51616592473a2799bb0d687c1391d7d2ba3e5a58f95d78

HTTP Headers

GET /Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-type: text/css
etag: "0715748f3fdd81:0"
last-modified: Mon, 21 Nov 2022 21:50:34 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1676303255"
x-ua-compatible: IE=edge
content-length: 1249
cache-control: public, max-age=577387
expires: Thu, 09 Feb 2023 12:47:32 GMT
date: Thu, 02 Feb 2023 20:24:25 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2FFile%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException

63.34.68.24

204 No Content

0 B

URL HTTP/2
ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2FFile%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException
IP
63.34.68.24:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2FFile%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 20:24:26 GMT
cache-control: no-cache, no-store
x-cache: Hit from cloudfront
via: 1.1 bae6c56679b50ffff11fef6a7ffeea12.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: 5nekoKULfvZJ4MGfgEk4lyjZ7DFhe-i3kRlfnJlH8zn85e38DKKwRA==
age: 60372
X-Firefox-Spdy: h2

selfservice.huntington.com/akam/11/34f9d8d0

104.84.152.187

404 Not Found

9 B

URL HTTP/2
selfservice.huntington.com/akam/11/34f9d8d0
IP
104.84.152.187:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /akam/11/34f9d8d0 HTTP/1.1
Host: selfservice.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
content-type: text/html
content-length: 9
date: Thu, 02 Feb 2023 20:24:26 GMT
set-cookie: ak_bmsc=BEABB305AB50364087E1FEFE897C07FB~000000000000000000000000000000~YAAQt5hUaH3IXc6FAQAAsUjNExJlSzBpyr+D2KyQcNXiIuLtxZWBJeIT2b8A9Rnx4+URKDkRq48BqIp7hiUELdIhVkQxy6O8yeizbUn+CJfr0Vi0IaR7WADtTp94cqMRmsQj5+H9YqbhkBF8SwoQ6WSUt2FD52c+aCNlsCBokQ3G/BQ7lw0/pzmj23lrkiIZCcqxpG+ri5YmSEWBoM4sv2tfG6LKHmjVsNGg3Pcb/M6UI6FXTkCJyVsV1WmZlLF/DIxLT5ooc5QQMPf4MIpLVKH0cg7BrYJBcsPA+SFNN763JYyc4iYlKdHkUni7waXuvmK/EIDf2KMv0mIYvXWP5rMEwNyBm0X15fT7AETRfVoc/kCKktSmCcIdVszkYiz/ewJFFrM2Tn7LZzrIeg==; Domain=.huntington.com; Path=/; Expires=Thu, 02 Feb 2023 22:24:26 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=DC-10701487

142.250.74.72

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=DC-10701487
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
44 kB (44191 bytes)
Hash
fb30e3025d42803ce81e02672074c994
58265d38a86bab96820cf8361ef8109f48baf9bc
b71acd5310cf4de1b7ff1252d852f49622e58c3450982cc7fe1d1ed7022a029f

HTTP Headers

GET /gtag/js?id=DC-10701487 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Feb 2023 20:24:26 GMT
expires: Thu, 02 Feb 2023 20:24:26 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Feb 2023 19:51:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44191
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292857|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff2

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff2
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293325|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c

142.250.74.72

200 OK

51 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
51 kB (50813 bytes)
Hash
3129fabeef7a52eedcf1c1531a13da42
5753e095fe8fd0ebb390edabace4ef4ddce9731c
81b5c528f47fcd15e8f9c755f6f21fa5dc6b6c9e054c115a6e01cf1af30dc383

HTTP Headers

GET /gtag/js?id=AW-849073348&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Feb 2023 20:24:26 GMT
expires: Thu, 02 Feb 2023 20:24:26 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Feb 2023 19:29:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50813
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff

174.138.33.212

404 Not Found

315 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Huntington
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293627|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

snap.licdn.com/li.lms-analytics/insight.min.js

23.36.76.121

200 OK

4.8 kB

URL HTTP/2
snap.licdn.com/li.lms-analytics/insight.min.js
IP
23.36.76.121:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (13351)
Size
4.8 kB (4777 bytes)
Hash
74f72658f6efd10c4c286ab07cd5e452
9fa4dfc644b6e818914f2f2c4fe4bdf791fd6d39
6681619d5962f95b3fccfa34a7f035664edb66522d237ea0c28a05851f9d295c

HTTP Headers

GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=73359
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 4777
x-content-type-options: nosniff
x-cdn: AKAM
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5493
Cache-Control: max-age=161759
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Etag: "63dbdb64-1d7"
Expires: Sat, 04 Feb 2023 17:20:25 GMT
Last-Modified: Thu, 02 Feb 2023 15:48:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27843 bytes)
Hash
dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: vj4/Yjy78xLA40x482vktLo7AFPfEbMG5k7R5N8e/caunpb8bKAEXld5xTrR6SGynAMDCIL6anNtRgw9b3CWew==
content-length: 27843
x-fb-trip-id: 1904183273
date: Thu, 02 Feb 2023 20:24:26 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/favicon-16x16.png

174.138.33.212

200 OK

801 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/favicon-16x16.png
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
801 B (801 bytes)
Hash
afd4ebe99965f5d20b2ab4854a651b02
0765fa211bc7c2a766eb83b98391f26a82cde937
52f6efd9463020d1590887513c9b6e0a910af33927e69551bc7a76a921739699

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/favicon-16x16.png HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293627|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin; _gcl_au=1.1.824390624.1675369494
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Last-Modified: Sat, 22 May 2021 12:13:06 GMT
Accept-Ranges: bytes
Content-Length: 801
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

994 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2389), with no line terminators
Size
994 B (994 bytes)
Hash
17ccfbd73065a4e9046a4d7ea34d36be
c64206bfc1cc70537e7d6dfdd8a47a9b35890358
de4b37b0b7d6b8972a2198d123de4c3d1c86776c38824aff048aabbc3412838e

HTTP Headers

GET /pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 994
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4799
Cache-Control: max-age=161065
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Etag: "63dbdb64-1d7"
Expires: Sat, 04 Feb 2023 17:08:51 GMT
Last-Modified: Thu, 02 Feb 2023 15:48:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

995 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2389), with no line terminators
Size
995 B (995 bytes)
Hash
0d97e7ae2cb76af2d5a27651ae0949eb
94f591900aa1e1d4b031a12b1c145e14b3a69b0e
6048d809e53840cecd8f991fc9c145050d69bd240e97ba3ad870d98cbc631466

HTTP Headers

GET /pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 995
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

994 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2389), with no line terminators
Size
994 B (994 bytes)
Hash
e603b9e2142fa917d5a569669056f84a
f2f7ce898c0d75a1dc4bce0e0b6e42c2db61605f
a30b6984d77d8cfe28a328f2ff1fa11859bcfbbdf6688f94e01d767cb350c2bc

HTTP Headers

GET /pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 994
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

993 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2389), with no line terminators
Size
993 B (993 bytes)
Hash
6023861002949e9720be4bc16ff34aa7
613b4eceac894d084f3e6c4ab1af050bf2c73855
5ef60cf04dadf2fb60ed28156f7601f5c4a4e23bb5f5c6d604df0b610008c378

HTTP Headers

GET /pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 993
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

s.yimg.com/wi/ytc.js

188.125.94.206

200 OK

5.9 kB

URL HTTP/2
s.yimg.com/wi/ytc.js
IP
188.125.94.206:0
ASN
#10310 YAHOO-1

File type
ASCII text, with very long lines (16553), with no line terminators
Size
5.9 kB (5929 bytes)
Hash
2f6a1b8a4843f74a5ba54c055fcb3850
919a5f9166f3f9c73803cebd312ad016570a30d8
1b6439153633e4e2dc23c743e14218931c1b4912bc7a3ad64bfee1d2d6982f50

HTTP Headers

GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: LiNTjxEdFcLYJsIVKbEvDfR2UgzwfeceEeE4z/mLhcdUpghw/yHMqzjil/vjdcrdRvgHvKFC9vI=
x-amz-request-id: TDTB4FQH5MY3D9JW
date: Thu, 02 Feb 2023 20:19:14 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 313
content-length: 5929
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
df4a6d84addba49571d9f6ae44c61a3f
28c8093de27e27645cf6dfd5ae93a62fc77b9be5
cb6623b08b6245ea11bb871729613e453046d427d738a8c6431c5da8347e6e05

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=0&ipr=y

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=0&ipr=y
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=0&ipr=y

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=0&ipr=y
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=0&ipr=y

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=0&ipr=y
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=0&ipr=y

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=0&ipr=y
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1&gtm=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157

13.107.42.14

302 Found

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJk9V4AOpE0mwAAAYYTzUq16PoRV_tFQCqSRaaaUb1EXCHYe712AWiQiGtyWGeXbvCIR1xLz5RopQ; Max-Age=2592000; Expires=Sat, 04 Mar 2023 20:24:26 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIVYut8d_qh8gAAAYYTzUq1QSD8CpjiGYeZJe-OuMG4XFRI-VVYSx43aM-ub0cP-pc5rE8LAYgPAuQGe4D1Vw; Max-Age=2592000; Expires=Sat, 04 Mar 2023 20:24:26 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&75331dae-6343-485c-85b3-e4b5166c1a32"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 02-Feb-2024 20:24:26 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2453:u=1:x=1:i=1675369466:t=1675455866:v=2:sig=AQF7KM6mBQAALCGWjTCDtGLWGVF46YhT"; Expires=Fri, 03 Feb 2023 20:24:26 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXzvVnrvQYaaJ3uuL+tZQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 10D2AD9C97C14A929062DBCBC13E2AFA Ref B: OSL30EDGE0511 Ref C: 2023-02-02T20:24:26Z
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 0
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&rl=&if=false&ts=1675369494247&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmensighten&ec=0&o=29&cs_est=true&fbp=fb.2.1675369494245.18526781&it=1675369493955&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=51ce6d6e-fb5e-414b-9f34-3317c0ada13d&rqm=GET

157.240.205.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&rl=&if=false&ts=1675369494247&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmensighten&ec=0&o=29&cs_est=true&fbp=fb.2.1675369494245.18526781&it=1675369493955&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=51ce6d6e-fb5e-414b-9f34-3317c0ada13d&rqm=GET
IP
157.240.205.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&rl=&if=false&ts=1675369494247&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmensighten&ec=0&o=29&cs_est=true&fbp=fb.2.1675369494245.18526781&it=1675369493955&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=51ce6d6e-fb5e-414b-9f34-3317c0ada13d&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 02 Feb 2023 20:24:26 GMT
X-Firefox-Spdy: h2

sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2002%20Feb%202023%2020%3A24%3A54%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&enc=UTF-8&tagmgr=gtm%2Censighten

212.82.100.181

200 OK

0 B

URL HTTP/2
sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2002%20Feb%202023%2020%3A24%3A54%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&enc=UTF-8&tagmgr=gtm%2Censighten
IP
212.82.100.181:0
ASN
#34010 Yahoo! UK Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sp.pl?a=10000&d=Thu%2C%2002%20Feb%202023%2020%3A24%3A54%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&enc=UTF-8&tagmgr=gtm%2Censighten HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 20:24:26 GMT
expires: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: application/x-javascript
accept-ranges: bytes
content-length: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPob3GMCEGWQJ6kLr0LMulgCLZe4ZmAFEgEBAQFt3WPlYwAAAAAA_eMAAA&S=AQAAAthrfm-2cSqDI05upGscCg8; Expires=Sat, 3 Feb 2024 02:24:26 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2

www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue

13.107.42.14

302 Found

0 B

URL HTTP/2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bnsx.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&0c587e42-83af-48ec-82f4-5f0ccc0e5e4a"; Domain=.linkedin.com; Expires=Fri, 02-Feb-2024 20:24:26 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202302022024261617371b-f305-4799-88ba-e07adfa3e4c3AQE8J03WFIT4-Qr4Ao7x_H_83ap1nFIr"; Domain=.www.linkedin.com; Expires=Fri, 02-Feb-2024 20:24:26 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzUzNjk0NjY7MjswMjGFcH8JWyCSWwKiM6lWsJzWlKGOLw+BQcAZC1tOsEaQ7g==; Domain=.linkedin.com; Expires=Tue, 01 Aug 2023 20:24:26 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2453:u=1:x=1:i=1675369466:t=1675455866:v=2:sig=AQF7KM6mBQAALCGWjTCDtGLWGVF46YhT"; Expires=Fri, 03 Feb 2023 20:24:26 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com *.microsoft.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' *.linkedin.com teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXzvVnuPWQKn9mzIeaujw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 518F9C0E58B743D8B887E3A0CA9D02D3 Ref B: OSL30EDGE0511 Ref C: 2023-02-02T20:24:26Z
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 0
X-Firefox-Spdy: h2

13.107.42.14

200 OK

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&liSync=true
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bnsx.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&7e1807c8-fc69-4226-8a9b-08f048c6e2c3"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 02-Feb-2024 20:24:26 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2426:u=1:x=1:i=1675369466:t=1675455866:v=2:sig=AQFBH1uL5RjcB9LlFuV-56hVfe_Ezs1d"; Expires=Fri, 03 Feb 2023 20:24:26 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXzvVnxDDlh/0MvGf/m/w==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: FA8F34100B2C4B3786F33E17631A7F1E Ref B: OSL30EDGE0511 Ref C: 2023-02-02T20:24:26Z
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 0
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
afe181c145b0ae8354148b625a440882
973a344c30205da69df5fccdcff1cb309e93762c
70a4442ed8dcf25adc1aa0dc4bf6d73cfa31d9723d9b1a964eaa1c56bb3d2ee2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 02 Feb 2023 20:24:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 15022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 02 Feb 2023 01:42:19 GMT
Expires: Fri, 03 Feb 2023 01:42:19 GMT
ETag: "973a344c30205da69df5fccdcff1cb309e93762c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839

54.208.228.50

302 Found

0 B

URL HTTP/2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839
IP
54.208.228.50:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 02 Feb 2023 20:24:29 GMT
content-length: 0
location: https://trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839&try2=true
server: clinch
set-cookie: clinch-sid=5dcd462c-52f5-40ce-afcc-364df418cb73; expires=Sun, 02 Feb 2025 20:24:29 GMT; domain=clinch.co; path=/; secure; samesite=none
X-Firefox-Spdy: h2

54.208.228.50

200 OK

79 B

URL HTTP/2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839&try2=true
IP
54.208.228.50:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
79 B (79 bytes)
Hash
70c92fdbfdaad0989a68617939cf615c
4cc7e0778377d6e89b665e1741c798b9df21693a
3a2f25076dd3c45cd69196f5c15d3ae2678b208bc5f8ac053d54d4a1fb792006

HTTP Headers

GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839&try2=true HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bnsx.duckdns.org/
Connection: keep-alive
Cookie: clinch-sid=5dcd462c-52f5-40ce-afcc-364df418cb73
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 20:24:29 GMT
content-type: text/html
content-length: 79
server: clinch
cache-control: no-store
x-robots-tag: none
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5553ec2c4acc60e29d981947fd5f84d0
8287c5d27fdb43f5a4f7ef4c2fce0d995cf9807c
d152cd355f438de97ce8dd565ce8a2c04f56954012aefa8ec701385c7ffe5391

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D152CD355F438DE97CE8DD565CE8A2C04F56954012AEFA8EC701385C7FFE5391"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21567
Expires: Fri, 03 Feb 2023 02:23:56 GMT
Date: Thu, 02 Feb 2023 20:24:29 GMT
Connection: keep-alive

mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1

100.24.162.178

200 OK

28 B

URL HTTP/1.1
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1
IP
100.24.162.178:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
28 B (28 bytes)
Hash
b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028

HTTP Headers

POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2531
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:29 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28

100.24.162.178

200 OK

28 B

URL HTTP/1.1
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1
IP
100.24.162.178:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
28 B (28 bytes)
Hash
b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028

HTTP Headers

POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 13244
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:31 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28

bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download

174.138.33.212

200 OK

0 B

URL HTTP/1.1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download
IP
174.138.33.212:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 154122
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

cdn.linkedin.oribi.io/partner/291554/domain/bnsx.duckdns.org/token

54.230.111.78

200 OK

0 B

URL HTTP/2
cdn.linkedin.oribi.io/partner/291554/domain/bnsx.duckdns.org/token
IP
54.230.111.78:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /partner/291554/domain/bnsx.duckdns.org/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
date: Thu, 02 Feb 2023 20:24:26 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FCf5J96KRZ5ZTYq5ug-k5OWRR24fqqGfGKF6pQW2XeZI_z_zVq0uDw==
X-Firefox-Spdy: h2

ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774

63.34.68.24

200 OK

0 B

URL HTTP/2
ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774
IP
63.34.68.24:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774 HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 20:24:25 GMT
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
last-modified: Tue, 25 Oct 2022 01:03:34 GMT
etag: W/"5828bc2a2ceaa2961527eedaf4167b77"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: _Eu9yh546j8gLFYRdH7PZW2b19GSVtw7
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2900c8bea7962de658e6de19988c7118.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: xV53NSwL-ufiTvOrfBgia7qLXws7XspF3yaGNY7Qv5OtHC6K8IQsDQ==
age: 234716
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (41)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML