bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
174.138.33.212301 Moved Permanently 465 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (307)
Hash d0b72d86c39bdcc49993ab0a94bab0d7
efcbf2af06ce283d4ec70a90129c94fa12d78d14
dc2c47b91613b5a6d7dfb95ecb0328312a62768e948d18ccdfb65a2610e29890
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 20:24:23 GMT
Server: Apache
Location: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Content-Length: 465
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3250
Expires: Thu, 02 Feb 2023 21:18:33 GMT
Date: Thu, 02 Feb 2023 20:24:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2860
Expires: Thu, 02 Feb 2023 21:12:03 GMT
Date: Thu, 02 Feb 2023 20:24:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18631
Expires: Fri, 03 Feb 2023 01:34:54 GMT
Date: Thu, 02 Feb 2023 20:24:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 19:36:07 GMT
content-type: application/json
age: 2896
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Ty8MdKSplhtRYu6uAqRfnV3Ykx4wr6sDkmO0aMWnFkd6hmzM7Vxqo44giBggCu+Gr8e/lDPJPkw=
x-amz-request-id: FB64932EXQX2Y30J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 19:52:06 GMT
age: 1937
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 20:24:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 20:07:19 GMT
age: 1024
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3733
Expires: Thu, 02 Feb 2023 21:26:37 GMT
Date: Thu, 02 Feb 2023 20:24:24 GMT
Connection: keep-alive
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
174.138.33.212200 OK 146 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3686), with CRLF line terminators
Size 146 kB (145925 bytes)
Hash 691ce256b013e1050f1821cfa02c7682
c55f20101702c7a8e05d8023d1dde0fd0b0166e0
d30346996065187d27a815e4308e448985961f7b5796fbb8ce87e49c4d92777b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
GET /Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:23 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.css
174.138.33.212200 OK 4.9 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.css
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
Hash a40d7c46fda2453ee102876aa83a41e0
7b571d1c010342650d66414a642866edf19bf548
8392ac1fe969b5d0f7c288390985731f89920f890fa5dfa5876d4c781875d914
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /Huntington%20Bancshares%20Incorporated/File/site-survey.min.css HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Thu, 27 May 2021 07:22:54 GMT
Accept-Ranges: bytes
Content-Length: 4858
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-700.woff2
174.138.33.212200 OK 17 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-700.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 17128, version 1.0\012- data
Hash 8f65fa68cfb5d8cc4f4fa728a470332b
62b57f937d710caae3ee52435ba0c408e8653c43
34f3c7445d22c1509aeecc5d020b6d24c9e2f63b3c0514cebbc3813798965273
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-700.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:18 GMT
Accept-Ranges: bytes
Content-Length: 17128
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Medium.woff2
174.138.33.212200 OK 20 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Medium.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 19976, version 1.131\012- data
Hash 3a077fd2bd5357dd3e08636baa59af5b
266784e6eb28365e3779a398e462193572b0278a
04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:12 GMT
Accept-Ranges: bytes
Content-Length: 19976
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Bold.woff2
174.138.33.212200 OK 20 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Bold.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data
Hash ee5e65624970575e475f375b29b0b22b
6e622749b6f7092e825eb7ed90b74c3d70fa43b9
deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:55:42 GMT
Accept-Ranges: bytes
Content-Length: 19712
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-600.woff2
174.138.33.212200 OK 17 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-600.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 17080, version 1.0\012- data
Hash b6e5b86d74352699fff02e4bdc5185e5
f01de24cfaf2f20e715e4d49023fcb19b1a62d1d
d09bb7e3de3760ca1d9375090796e4f1cf180f43c6457a874ed22c3b0a0b07ea
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-600.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:18 GMT
Accept-Ranges: bytes
Content-Length: 17080
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Book.woff2
174.138.33.212200 OK 21 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Book.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data
Hash a075767d12a8cc86d52367ef3aacec11
9aef8898e7a319ee5cbe08c5b0cec63512561d7d
e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-Book.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:56:02 GMT
Accept-Ranges: bytes
Content-Length: 20592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-MediumCaps.woff2
174.138.33.212200 OK 19 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-MediumCaps.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data
Hash 6bcfcbed1f0aa26a245423d2e4bcde4f
d17df2ba457e3009ee38db903b88671885c3984e
9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:14 GMT
Accept-Ranges: bytes
Content-Length: 18636
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
push.services.mozilla.com/
35.155.76.146101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.76.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D27Pf3dlwTF/z3dbvT0NUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: meCV5B2SQOLcNt2MshVxhR03jk8=
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-300.woff2
174.138.33.212200 OK 17 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-300.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 16872, version 1.0\012- data
Hash 3d9d9afae68fc95977ec200c119c42a1
2b44b2f5ec04f2f06fd28c9041fb8fa582ab8fcc
f43ea36b900ae7aa4ec07956e9b1223ab00dac1f766d97580b1e2bfe721cdc24
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/muli-v11-latin-300.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:34:16 GMT
Accept-Ranges: bytes
Content-Length: 16872
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/121543311796381
174.138.33.212200 OK 21 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/121543311796381
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (6957)
Hash e3bf3fa0a912c14bfe1c0b7282fbfa8a
96b0a4a037c23ce2e7bc90c146610c473549665a
1358a42f383b6e651d8412fbd5ab4c3e89b8c427d325815783e78d00d95e4138
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/121543311796381 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:44 GMT
Accept-Ranges: bytes
Content-Length: 21019
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/
174.138.33.212200 OK 1.1 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
Hash 6b153a98f711b01cb37d2f5102df4ec0
85808f42b7683520722c7da1f2f65ae55f38ae9a
8e64036ea04646adae16a13dc04c7b77d38325dc367a7200dfbd8a75b96b300d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/ HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 22:16:34 GMT
Accept-Ranges: bytes
Content-Length: 1136
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/bat.js.download
174.138.33.212200 OK 28 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/bat.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (28050), with no line terminators
Hash f07693f6368c988acd20de4362479103
d04355e119fac2c9104c4fe98015e22f3f181d93
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/bat.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:48 GMT
Accept-Ranges: bytes
Content-Length: 28050
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ytc.js.download
174.138.33.212200 OK 15 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ytc.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (14972), with no line terminators
Hash 49db10c8315384e8dad2e92a6841ed81
f576976a579cd50da6b717db5d48e1ea7137f744
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/ytc.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:48 GMT
Accept-Ranges: bytes
Content-Length: 14972
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/fbevents.js.download
174.138.33.212200 OK 90 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/fbevents.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (64379)
Hash 61df3554472fe8057b5ae4537648d00d
125767dc32df57aa86a64801d9457923e378b397
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/fbevents.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:44 GMT
Accept-Ranges: bytes
Content-Length: 90273
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
174.138.33.212200 OK 182 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1626)
Size 182 kB (182288 bytes)
Hash 227400e4070ac91189e80b05077abe20
714374d4c852c2058b1df7f4a6ff9f7acc164867
d42a94bdd0158c8df1d1ea4ae03da23f0007e9b6d5b38c05eb4797ffe90e1cf8
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 182288
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/7a8ba97f
174.138.33.212200 OK 33 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/7a8ba97f
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (19024)
Hash af77eedae6083a5bd6f07cec713ab58d
2804fbe107e6af68bf7e2d39cfb176987e1fc9ad
06af35b557f7713851c46e61fd940a1dcf2381d6372582a63abc43dfdee46c33
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/7a8ba97f HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 32863
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download
174.138.33.212200 OK 22 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (999)
Hash 1c9d96d3f228156fd7e9df9c531871d1
a118554b1208e30af4a0fef948c9566b8e7f4a94
648d971972fc0140127ab99989b3b55a28e8e3c2fcbf281390bbb7edf5000f26
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/inqChatLaunch10006663.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:50 GMT
Accept-Ranges: bytes
Content-Length: 22354
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download
174.138.33.212200 OK 90 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/jquery-3.5.1.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 89476
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/Bootstrap.js.download
174.138.33.212200 OK 226 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/Bootstrap.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (603)
Size 226 kB (225981 bytes)
Hash 8746e0eaa34beca77c5679a495ed1d3a
f8bc25c85508043935f3e63ff5cd1196c35762d6
83acf00ba4050132d8547daca62a4fca4670029aaa75b01c5e99179cbc6d4991
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/Bootstrap.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 225981
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download
174.138.33.212200 OK 1.1 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1083)
Hash bc854aab7af244173e4dc2ca2a8f471a
1f0444814fabf2d764af527d1718e376ca0c89c1
11a2b7d65804df37c5d5801da23212eddb8530ffb15a5b67d77a8ccdcb5b8199
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/outdated.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 1147
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
174.138.33.212200 OK 354 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Size 354 kB (354237 bytes)
Hash c1a238b15d787d129d19c3b1e840ef82
f0a5a113d05a63617959d39aa735a47762c22a80
9aa364658609b56150bae76849da9138758ad120cb89fea2dd947017ce1c3f25
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /Huntington%20Bancshares%20Incorporated/File/toolkit.min.css HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 354237
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download
174.138.33.212200 OK 7.5 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (7496)
Hash 374ca92abaa98bc7b2f19fe64114a18b
4c0a1441026a9337d322d7ae5536df1427e5c140
7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/site-survey.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 07:36:50 GMT
Accept-Ranges: bytes
Content-Length: 7541
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767
174.138.33.212200 OK 72 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Hash 335f2776eaf4ca7eca9953d2240c3316
5f5702f072d8e721dd3557ccd2a0944b3cc58fa5
ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 72012
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/js
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/lockup.svg
174.138.33.212200 OK 3.9 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/lockup.svg
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3937), with CRLF line terminators
Hash 760da63259e763df170dc8720b8d8a41
efd755d6b9efdb7ce688a77f4d68dee3498162eb
9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/lockup.svg HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 08:54:14 GMT
Accept-Ranges: bytes
Content-Length: 3942
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/oo_icon_retina_black.gif
174.138.33.212200 OK 552 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/oo_icon_retina_black.gif
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 18 x 18\012- data
Hash 0f74fe3f4f85d3c7f096f2416efa893a
bffedd9c6e9b04c0e6f7f77bd689013de5e8d01e
15f5836e52324d46e89eed325a5de5158f0d9bb29d59e1ffc381d961a1f6980d
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
GET /Huntington%20Bancshares%20Incorporated/File/oo_icon_retina_black.gif HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Wed, 26 May 2021 23:22:28 GMT
Accept-Ranges: bytes
Content-Length: 552
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download
174.138.33.212200 OK 462 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 462 kB (461456 bytes)
Hash 325f5dd8b44503ea1799409a40addb9e
3887ffbc86f01677d34cce7ac8839305e175e97a
dbe44f4b698a44798e63a0177f6283a2dff01335f142be72dccfedd66e91554e
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/toolkit.min.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 461456
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/EHL_Black_HouseOnly.svg
174.138.33.212200 OK 707 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/EHL_Black_HouseOnly.svg
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 422002ff598ec781dc753d0627bec1ee
d440d6acb305d644a4ba824a28c97f04511aac95
4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/EHL_Black_HouseOnly.svg HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 08:54:14 GMT
Accept-Ranges: bytes
Content-Length: 707
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/logo-honeycomb.svg
174.138.33.212200 OK 844 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/logo-honeycomb.svg
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with no line terminators
Hash d7ce1f5e222e75801ed22741962ac64b
3cf38997840e2047e145a747cbb220cee28adaab
83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/logo-honeycomb.svg HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:48 GMT
Accept-Ranges: bytes
Content-Length: 844
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff2
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff2
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff2
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff2
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292367|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1385
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292672|1675369492360; dtSa=-; dtLatC=253
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
174.138.33.212200 OK 1.6 kB URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (671), with CRLF line terminators
Hash e54cc932aa2d14419a48db6e816cb6bc
a43d732062d25fde22741abb7a96d7a113059621
a0b3ba912563629cf603980db128ae2f92602c5101b2d50dbe97eef86de26c61
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/nuanceChat.html HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292672|1675369492360; dtSa=-; dtLatC=253
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Last-Modified: Thu, 27 May 2021 07:21:30 GMT
Accept-Ranges: bytes
Content-Length: 1550
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/ruxitagentjs_ICA2SVfqru_10213210506081349.js
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/ruxitagentjs_ICA2SVfqru_10213210506081349.js
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/hunt/ruxitagentjs_ICA2SVfqru_10213210506081349.js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/inqChatLaunch10006663.js
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/hunt/inqChatLaunch10006663.js
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/hunt/inqChatLaunch10006663.js HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /bundles/cc02a3d8ui21449047bac2f8af56d2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/bundles/cc02a3d8ui21449047bac2f8af56d2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /bundles/cc02a3d8ui21449047bac2f8af56d2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/nuanceChat.html
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16944
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 20:24:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16944
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 20:24:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H1HIK6zdv95V96NxqSfHCqYtDQNPZ9NLAwG5oM5mwRr3nAUR0BPxlg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:25:11 GMT
age: 79154
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df4a4906103a8f409c066b1cded71384
22847e3926db3e3d5f6b529297a4abe8b377c3a6
84a14b73b2cc7f4641eaa5539cbee0a109ae2b05cf88d06797a2b00c8d4f0c43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9221
x-amzn-requestid: 209c2ad4-7a1f-4867-bf98-4ca8621111a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTBFv5IAMFgqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-1627a9d603c69f7760ad013b;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kAkcQOKAvuq3k-X081MLCqon-cnQJqGryVeE0fwX0a7bcXgJlySIvg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:12:07 GMT
age: 79938
etag: "22847e3926db3e3d5f6b529297a4abe8b377c3a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:46:26 GMT
age: 81479
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XyDZc0F-b0rxwoS5wvSXBuBfYE7JljMmuXseBjLOBk4HvxU5gE7Oqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 79530
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b9af1fd56c0de8f128ddce88d49c1b4d
e3bb3d4950f7c0267f4476eef21872da332831aa
908153182f76362ff329803d9c11c06c66181e85e8e51dabd927f1f1ac630d5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8944
x-amzn-requestid: 07495184-ede8-485c-94e8-5302ec348ea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: freiLHRPoAMFYbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dade0d-275437a54eceb40e302a7f55;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:47:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 86qoRJHXcrnBGi3REMF5q3ANzKdqEs5F3yFUBmiIt6SCbBVnhGe2Kw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:58:57 GMT
age: 80728
etag: "e3bb3d4950f7c0267f4476eef21872da332831aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C1kqthy0eZop0UZfG3_op5xeBOVGiPLYfia4uS1l4-kchEzV6ccE9w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:28:37 GMT
age: 46548
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/resources/06bebd2b36rn240c2a1532a26141a767
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-dtpc: -11$169492352_664h6vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1601
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h6vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293225|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7295a27c6e56b48eae1c5defeaf70cf
cfcd3454939e07d9e84808a20214a2225c95fe3d
72efa51956cd62ad32cbc75662b9f9d7c97ace6ef09e836a2ccd6f48c1adac9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3741
Cache-Control: max-age=107843
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:25 GMT
Etag: "63db0f9f-1d7"
Expires: Sat, 04 Feb 2023 02:21:49 GMT
Last-Modified: Thu, 02 Feb 2023 01:19:27 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7295a27c6e56b48eae1c5defeaf70cf
cfcd3454939e07d9e84808a20214a2225c95fe3d
72efa51956cd62ad32cbc75662b9f9d7c97ace6ef09e836a2ccd6f48c1adac9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4810
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:25 GMT
Last-Modified: Thu, 02 Feb 2023 19:04:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
bnsx.duckdns.org/akam/11/pixel_7a8ba97f
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/akam/11/pixel_7a8ba97f
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
POST /akam/11/pixel_7a8ba97f HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-dtpc: -11$169492352_664h9vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0
Content-Length: 2834
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h9vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293531|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
104.84.152.187200 OK 1.2 kB URL HTTP/2 www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
IP 104.84.152.187:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (4339)
Hash 19ac7c952619cab53123eee38648d8bd
47e839324893deeef4e9f6b46dff135e1542dc9a
1a8ffa5f523a7a462b51616592473a2799bb0d687c1391d7d2ba3e5a58f95d78
GET /Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-type: text/css
etag: "0715748f3fdd81:0"
last-modified: Mon, 21 Nov 2022 21:50:34 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1676303255"
x-ua-compatible: IE=edge
content-length: 1249
cache-control: public, max-age=577387
expires: Thu, 09 Feb 2023 12:47:32 GMT
date: Thu, 02 Feb 2023 20:24:25 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2FFile%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException
63.34.68.24204 No Content 0 B URL HTTP/2 ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2FFile%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException
IP 63.34.68.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2FFile%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 20:24:26 GMT
cache-control: no-cache, no-store
x-cache: Hit from cloudfront
via: 1.1 bae6c56679b50ffff11fef6a7ffeea12.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: 5nekoKULfvZJ4MGfgEk4lyjZ7DFhe-i3kRlfnJlH8zn85e38DKKwRA==
age: 60372
X-Firefox-Spdy: h2
selfservice.huntington.com/akam/11/34f9d8d0
104.84.152.187404 Not Found 9 B URL HTTP/2 selfservice.huntington.com/akam/11/34f9d8d0
IP 104.84.152.187:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /akam/11/34f9d8d0 HTTP/1.1
Host: selfservice.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html
content-length: 9
date: Thu, 02 Feb 2023 20:24:26 GMT
set-cookie: ak_bmsc=BEABB305AB50364087E1FEFE897C07FB~000000000000000000000000000000~YAAQt5hUaH3IXc6FAQAAsUjNExJlSzBpyr+D2KyQcNXiIuLtxZWBJeIT2b8A9Rnx4+URKDkRq48BqIp7hiUELdIhVkQxy6O8yeizbUn+CJfr0Vi0IaR7WADtTp94cqMRmsQj5+H9YqbhkBF8SwoQ6WSUt2FD52c+aCNlsCBokQ3G/BQ7lw0/pzmj23lrkiIZCcqxpG+ri5YmSEWBoM4sv2tfG6LKHmjVsNGg3Pcb/M6UI6FXTkCJyVsV1WmZlLF/DIxLT5ooc5QQMPf4MIpLVKH0cg7BrYJBcsPA+SFNN763JYyc4iYlKdHkUni7waXuvmK/EIDf2KMv0mIYvXWP5rMEwNyBm0X15fT7AETRfVoc/kCKktSmCcIdVszkYiz/ewJFFrM2Tn7LZzrIeg==; Domain=.huntington.com; Path=/; Expires=Thu, 02 Feb 2023 22:24:26 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=DC-10701487
142.250.74.72200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-10701487
IP 142.250.74.72:0
File type ASCII text, with very long lines (1759)
Hash fb30e3025d42803ce81e02672074c994
58265d38a86bab96820cf8361ef8109f48baf9bc
b71acd5310cf4de1b7ff1252d852f49622e58c3450982cc7fe1d1ed7022a029f
GET /gtag/js?id=DC-10701487 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Feb 2023 20:24:26 GMT
expires: Thu, 02 Feb 2023 20:24:26 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Feb 2023 19:51:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44191
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-700.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292857|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-600.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/muli-v11-latin-300.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Medium.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h2vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371292858|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff2
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff2
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293325|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
142.250.74.72200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
IP 142.250.74.72:0
File type ASCII text, with very long lines (1759)
Hash 3129fabeef7a52eedcf1c1531a13da42
5753e095fe8fd0ebb390edabace4ef4ddce9731c
81b5c528f47fcd15e8f9c755f6f21fa5dc6b6c9e054c115a6e01cf1af30dc383
GET /gtag/js?id=AW-849073348&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Feb 2023 20:24:26 GMT
expires: Thu, 02 Feb 2023 20:24:26 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Feb 2023 19:29:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50813
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff
174.138.33.212404 Not Found 315 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/fonts/HuntingtonApexWeb-Bold.woff HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/toolkit.min.css
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293627|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 4.8 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (13351)
Hash 74f72658f6efd10c4c286ab07cd5e452
9fa4dfc644b6e818914f2f2c4fe4bdf791fd6d39
6681619d5962f95b3fccfa34a7f035664edb66522d237ea0c28a05851f9d295c
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=73359
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 4777
x-content-type-options: nosniff
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5493
Cache-Control: max-age=161759
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Etag: "63dbdb64-1d7"
Expires: Sat, 04 Feb 2023 17:20:25 GMT
Last-Modified: Thu, 02 Feb 2023 15:48:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: vj4/Yjy78xLA40x482vktLo7AFPfEbMG5k7R5N8e/caunpb8bKAEXld5xTrR6SGynAMDCIL6anNtRgw9b3CWew==
content-length: 27843
x-fb-trip-id: 1904183273
date: Thu, 02 Feb 2023 20:24:26 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/favicon-16x16.png
174.138.33.212200 OK 801 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/favicon-16x16.png
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash afd4ebe99965f5d20b2ab4854a651b02
0765fa211bc7c2a766eb83b98391f26a82cde937
52f6efd9463020d1590887513c9b6e0a910af33927e69551bc7a76a921739699
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /Huntington%20Bancshares%20Incorporated/File/favicon-16x16.png HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Cookie: dtCookie=-11$P1DI8O5A09K8USPB44BDSKG40J9FMTRL; rxVisitor=1675369492359Q6ISV8LTA0TPANTKPK0A6TS6PABS7C6P; dtPC=-11$169492352_664h1vUAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0; rxvt=1675371293627|1675369492360; dtSa=-; dtLatC=253; loginCookie=personalLogin; _gcl_au=1.1.824390624.1675369494
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:26 GMT
Server: Apache
Last-Modified: Sat, 22 May 2021 12:13:06 GMT
Accept-Ranges: bytes
Content-Length: 801
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 994 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2389), with no line terminators
Hash 17ccfbd73065a4e9046a4d7ea34d36be
c64206bfc1cc70537e7d6dfdd8a47a9b35890358
de4b37b0b7d6b8972a2198d123de4c3d1c86776c38824aff048aabbc3412838e
GET /pagead/viewthroughconversion/849073348/?random=1675369493869&cv=11&fst=1675369493869&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 994
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ede42358dbe8cf2e6b7e6a2653774d01
5dc8ca0b929f04fb15c7ff81d0a9decda023b7fb
8e841815d41c4ade06e328cb1ffb9be342640167ec6acb658f6b4b373e23a52a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4799
Cache-Control: max-age=161065
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Etag: "63dbdb64-1d7"
Expires: Sat, 04 Feb 2023 17:08:51 GMT
Last-Modified: Thu, 02 Feb 2023 15:48:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 995 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2389), with no line terminators
Hash 0d97e7ae2cb76af2d5a27651ae0949eb
94f591900aa1e1d4b031a12b1c145e14b3a69b0e
6048d809e53840cecd8f991fc9c145050d69bd240e97ba3ad870d98cbc631466
GET /pagead/viewthroughconversion/849063932/?random=1675369493906&cv=11&fst=1675369493906&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 995
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 994 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2389), with no line terminators
Hash e603b9e2142fa917d5a569669056f84a
f2f7ce898c0d75a1dc4bce0e0b6e42c2db61605f
a30b6984d77d8cfe28a328f2ff1fa11859bcfbbdf6688f94e01d767cb350c2bc
GET /pagead/viewthroughconversion/786635084/?random=1675369493885&cv=11&fst=1675369493885&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 994
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 993 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2389), with no line terminators
Hash 6023861002949e9720be4bc16ff34aa7
613b4eceac894d084f3e6c4ab1af050bf2c73855
5ef60cf04dadf2fb60ed28156f7601f5c4a4e23bb5f5c6d604df0b610008c378
GET /pagead/viewthroughconversion/391028924/?random=1675369493923&cv=11&fst=1675369493923&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&auid=824390624.1675369494&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 993
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 20:39:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s.yimg.com/wi/ytc.js
188.125.94.206200 OK 5.9 kB IP 188.125.94.206:0
File type ASCII text, with very long lines (16553), with no line terminators
Hash 2f6a1b8a4843f74a5ba54c055fcb3850
919a5f9166f3f9c73803cebd312ad016570a30d8
1b6439153633e4e2dc23c743e14218931c1b4912bc7a3ad64bfee1d2d6982f50
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LiNTjxEdFcLYJsIVKbEvDfR2UgzwfeceEeE4z/mLhcdUpghw/yHMqzjil/vjdcrdRvgHvKFC9vI=
x-amz-request-id: TDTB4FQH5MY3D9JW
date: Thu, 02 Feb 2023 20:19:14 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 313
content-length: 5929
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash df4a6d84addba49571d9f6ae44c61a3f
28c8093de27e27645cf6dfd5ae93a62fc77b9be5
cb6623b08b6245ea11bb871729613e453046d427d738a8c6431c5da8347e6e05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1675369493923&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1696559676&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1675369493885&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2906263841&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1675369493906&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910628520&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1675369493869&cv=11&fst=1675368000000&bg=ffffff&guid=ON&async=1>m=2oa210&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2552442988&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJk9V4AOpE0mwAAAYYTzUq16PoRV_tFQCqSRaaaUb1EXCHYe712AWiQiGtyWGeXbvCIR1xLz5RopQ; Max-Age=2592000; Expires=Sat, 04 Mar 2023 20:24:26 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIVYut8d_qh8gAAAYYTzUq1QSD8CpjiGYeZJe-OuMG4XFRI-VVYSx43aM-ub0cP-pc5rE8LAYgPAuQGe4D1Vw; Max-Age=2592000; Expires=Sat, 04 Mar 2023 20:24:26 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&75331dae-6343-485c-85b3-e4b5166c1a32"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 02-Feb-2024 20:24:26 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2453:u=1:x=1:i=1675369466:t=1675455866:v=2:sig=AQF7KM6mBQAALCGWjTCDtGLWGVF46YhT"; Expires=Fri, 03 Feb 2023 20:24:26 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXzvVnrvQYaaJ3uuL+tZQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 10D2AD9C97C14A929062DBCBC13E2AFA Ref B: OSL30EDGE0511 Ref C: 2023-02-02T20:24:26Z
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 0
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&rl=&if=false&ts=1675369494247&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmensighten&ec=0&o=29&cs_est=true&fbp=fb.2.1675369494245.18526781&it=1675369493955&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=51ce6d6e-fb5e-414b-9f34-3317c0ada13d&rqm=GET
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&rl=&if=false&ts=1675369494247&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmensighten&ec=0&o=29&cs_est=true&fbp=fb.2.1675369494245.18526781&it=1675369493955&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=51ce6d6e-fb5e-414b-9f34-3317c0ada13d&rqm=GET
IP 157.240.205.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=5140493269326436&ev=PageView&dl=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&rl=&if=false&ts=1675369494247&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmensighten&ec=0&o=29&cs_est=true&fbp=fb.2.1675369494245.18526781&it=1675369493955&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=51ce6d6e-fb5e-414b-9f34-3317c0ada13d&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 02 Feb 2023 20:24:26 GMT
X-Firefox-Spdy: h2
sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2002%20Feb%202023%2020%3A24%3A54%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&enc=UTF-8&tagmgr=gtm%2Censighten
212.82.100.181200 OK 0 B URL HTTP/2 sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2002%20Feb%202023%2020%3A24%3A54%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&enc=UTF-8&tagmgr=gtm%2Censighten
IP 212.82.100.181:0
ASN #34010 Yahoo! UK Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sp.pl?a=10000&d=Thu%2C%2002%20Feb%202023%2020%3A24%3A54%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&enc=UTF-8&tagmgr=gtm%2Censighten HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 20:24:26 GMT
expires: Thu, 02 Feb 2023 20:24:26 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: application/x-javascript
accept-ranges: bytes
content-length: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPob3GMCEGWQJ6kLr0LMulgCLZe4ZmAFEgEBAQFt3WPlYwAAAAAA_eMAAA&S=AQAAAthrfm-2cSqDI05upGscCg8; Expires=Sat, 3 Feb 2024 02:24:26 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1675369493933%26url%3Dhttps%253A%252F%252Fbnsx.duckdns.org%252FHuntington%252520Bancshares%252520Incorporated%252Flogin.php%253Fonline_id%253Deedaa7f564a075343b1dff978login_id%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%2526session%253D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bnsx.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&0c587e42-83af-48ec-82f4-5f0ccc0e5e4a"; Domain=.linkedin.com; Expires=Fri, 02-Feb-2024 20:24:26 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202302022024261617371b-f305-4799-88ba-e07adfa3e4c3AQE8J03WFIT4-Qr4Ao7x_H_83ap1nFIr"; Domain=.www.linkedin.com; Expires=Fri, 02-Feb-2024 20:24:26 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzUzNjk0NjY7MjswMjGFcH8JWyCSWwKiM6lWsJzWlKGOLw+BQcAZC1tOsEaQ7g==; Domain=.linkedin.com; Expires=Tue, 01 Aug 2023 20:24:26 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2453:u=1:x=1:i=1675369466:t=1675455866:v=2:sig=AQF7KM6mBQAALCGWjTCDtGLWGVF46YhT"; Expires=Fri, 03 Feb 2023 20:24:26 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com *.microsoft.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' *.linkedin.com teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXzvVnuPWQKn9mzIeaujw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 518F9C0E58B743D8B887E3A0CA9D02D3 Ref B: OSL30EDGE0511 Ref C: 2023-02-02T20:24:26Z
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1675369493933&url=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bnsx.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&7e1807c8-fc69-4226-8a9b-08f048c6e2c3"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 02-Feb-2024 20:24:26 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2426:u=1:x=1:i=1675369466:t=1675455866:v=2:sig=AQFBH1uL5RjcB9LlFuV-56hVfe_Ezs1d"; Expires=Fri, 03 Feb 2023 20:24:26 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXzvVnxDDlh/0MvGf/m/w==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: FA8F34100B2C4B3786F33E17631A7F1E Ref B: OSL30EDGE0511 Ref C: 2023-02-02T20:24:26Z
date: Thu, 02 Feb 2023 20:24:26 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash afe181c145b0ae8354148b625a440882
973a344c30205da69df5fccdcff1cb309e93762c
70a4442ed8dcf25adc1aa0dc4bf6d73cfa31d9723d9b1a964eaa1c56bb3d2ee2
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 02 Feb 2023 20:24:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 15022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 02 Feb 2023 01:42:19 GMT
Expires: Fri, 03 Feb 2023 01:42:19 GMT
ETag: "973a344c30205da69df5fccdcff1cb309e93762c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839
54.208.228.50302 Found 0 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839
IP 54.208.228.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 02 Feb 2023 20:24:29 GMT
content-length: 0
location: https://trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839&try2=true
server: clinch
set-cookie: clinch-sid=5dcd462c-52f5-40ce-afcc-364df418cb73; expires=Sun, 02 Feb 2025 20:24:29 GMT; domain=clinch.co; path=/; secure; samesite=none
X-Firefox-Spdy: h2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839&try2=true
54.208.228.50200 OK 79 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839&try2=true
IP 54.208.228.50:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 70c92fdbfdaad0989a68617939cf615c
4cc7e0778377d6e89b665e1741c798b9df21693a
3a2f25076dd3c45cd69196f5c15d3ae2678b208bc5f8ac053d54d4a1fb792006
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157&version=3.4&a=1675369496839&try2=true HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bnsx.duckdns.org/
Connection: keep-alive
Cookie: clinch-sid=5dcd462c-52f5-40ce-afcc-364df418cb73
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 20:24:29 GMT
content-type: text/html
content-length: 79
server: clinch
cache-control: no-store
x-robots-tag: none
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5553ec2c4acc60e29d981947fd5f84d0
8287c5d27fdb43f5a4f7ef4c2fce0d995cf9807c
d152cd355f438de97ce8dd565ce8a2c04f56954012aefa8ec701385c7ffe5391
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D152CD355F438DE97CE8DD565CE8A2C04F56954012AEFA8EC701385C7FFE5391"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21567
Expires: Fri, 03 Feb 2023 02:23:56 GMT
Date: Thu, 02 Feb 2023 20:24:29 GMT
Connection: keep-alive
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1
100.24.162.178200 OK 28 B URL HTTP/1.1 mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1
IP 100.24.162.178:0
File type ASCII text, with no line terminators
Hash b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028
POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2531
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:29 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1
100.24.162.178200 OK 28 B URL HTTP/1.1 mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1
IP 100.24.162.178:0
File type ASCII text, with no line terminators
Hash b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028
POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=-11%24P1DI8O5A09K8USPB44BDSKG40J9FMTRL;dtLatC=253;referer=https%3A%2F%2Fbnsx.duckdns.org%2FHuntington%2520Bancshares%2520Incorporated%2Flogin.php%3Fonline_id%3Deedaa7f564a075343b1dff978login_id%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786%26session%3D9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157;visitID=UAEUUJKHSLRKHUJPGENPBUDSRIAQLNKT-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 13244
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:31 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28
bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download
174.138.33.212200 OK 0 B URL HTTP/1.1 bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download
IP 174.138.33.212:0
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
GET /Huntington%20Bancshares%20Incorporated/File/95b0da5c7fc415e06807cc694ee0021c.js.download HTTP/1.1
Host: bnsx.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/Huntington%20Bancshares%20Incorporated/login.php?online_id=eedaa7f564a075343b1dff978login_id=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d15786&session=9306c112f2c409656fac9a69c2d157869306c112f2c409656fac9a69c2d157
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:24:24 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 06:48:46 GMT
Accept-Ranges: bytes
Content-Length: 154122
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
cdn.linkedin.oribi.io/partner/291554/domain/bnsx.duckdns.org/token
54.230.111.78200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/291554/domain/bnsx.duckdns.org/token
IP 54.230.111.78:0
GET /partner/291554/domain/bnsx.duckdns.org/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bnsx.duckdns.org
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
date: Thu, 02 Feb 2023 20:24:26 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FCf5J96KRZ5ZTYq5ug-k5OWRR24fqqGfGKF6pQW2XeZI_z_zVq0uDw==
X-Firefox-Spdy: h2
ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774
63.34.68.24200 OK 0 B URL HTTP/2 ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774
IP 63.34.68.24:0
GET /huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774 HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnsx.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 20:24:25 GMT
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
last-modified: Tue, 25 Oct 2022 01:03:34 GMT
etag: W/"5828bc2a2ceaa2961527eedaf4167b77"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: _Eu9yh546j8gLFYRdH7PZW2b19GSVtw7
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2900c8bea7962de658e6de19988c7118.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: xV53NSwL-ufiTvOrfBgia7qLXws7XspF3yaGNY7Qv5OtHC6K8IQsDQ==
age: 234716
X-Firefox-Spdy: h2