Report - dbs123.top/

Report Overview

Submitted URL
dbs123.top/
IP
23.225.36.181
ASN
#40065 CNSERVERS
Submitted
2023-01-30 15:37:35
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
98

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
dbs123.top	unknown	2023-01-30T06:27:16Z	2023-01-30T16:34:07Z	6.2 kB	88 kB	23.225.36.181
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.163.38.240
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	65 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-30 15:37:37	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd
2023-01-30	medium	dbs123.top/	DBS Bank Ltd

PhishTank

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	dbs123.top/css/global.css	Other
2023-01-30	medium	dbs123.top/img/img_paylahlogo_dark.png	Other
2023-01-30	medium	dbs123.top/	Other
2023-01-30	medium	dbs123.top/img/news/slide_3.png	Other
2023-01-30	medium	dbs123.top/img/news/slide_4.png	Other
2023-01-30	medium	dbs123.top/favicon.ico	Other
2023-01-30	medium	dbs123.top/img/blur_splash.png	Other
2023-01-30	medium	dbs123.top/zy/api/i.js?ver=1675093061349	Other
2023-01-30	medium	dbs123.top/zy/api/api.php	Other
2023-01-30	medium	dbs123.top/zy/api/api.php	Other
2023-01-30	medium	dbs123.top/js/jquery-1.11.1.min.js	Other
2023-01-30	medium	dbs123.top/css/swiper.min.css	Other
2023-01-30	medium	dbs123.top/js/swiper.min.js	Other
2023-01-30	medium	dbs123.top/zy/api/k.js	Other

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	dbs123.top/	Phishing
2023-01-30	medium	dbs123.top/zy/api/i.js?ver=1675093061349	Phishing
2023-01-30	medium	dbs123.top/zy/api/api.php	Phishing
2023-01-30	medium	dbs123.top/zy/api/api.php	Phishing
2023-01-30	medium	dbs123.top/js/jquery-1.11.1.min.js	Phishing
2023-01-30	medium	dbs123.top/js/swiper.min.js	Phishing
2023-01-30	medium	dbs123.top/zy/api/k.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed
2023-01-30	medium	dbs123.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	dbs123.top/zy/api/i.js?ver=1675093061349	13 kB	2023-03-08	2024-03-14
Pretty URL dbs123.top/zy/api/i.js?ver=1675093061349 IP 23.225.36.181 ASN #40065 CNSERVERS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:40:14 Last Seen2024-03-14 19:15:46 Times Seen472 Hash 62f4569352d5484fd9880d3a20a4759b 3ee3845f47918f49715a35cd64ffd3382195203d dbf82bc987446183b84a7c9a342f3f7ecfb1836879ab7a1437b2b2d221a5130a Loading...

	dbs123.top/js/jquery-1.11.1.min.js	96 kB	2023-03-07	2024-04-19
Pretty URL dbs123.top/js/jquery-1.11.1.min.js IP 23.225.36.181 ASN #40065 CNSERVERS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-19 06:05:36 Times Seen46151 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	dbs123.top/js/swiper.min.js	112 kB	2023-03-08	2024-03-14
Pretty URL dbs123.top/js/swiper.min.js IP 23.225.36.181 ASN #40065 CNSERVERS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:19:18 Last Seen2024-03-14 19:15:46 Times Seen524 Hash 3c6e81325849c77dfa3945f6307e9b83 0279951bcfd392cdfdc2fbcaa478a9c23fdadf5c 71ac9609b38bb7193aa590b72a2e18ecf603226589e02cd157aa312cc0c70bba Loading...

	dbs123.top/zy/api/k.js	2.0 kB	2023-03-07	2024-03-14
Pretty URL dbs123.top/zy/api/k.js IP 23.225.36.181 ASN #40065 CNSERVERS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:19:10 Last Seen2024-03-14 19:15:46 Times Seen240 Hash 0513efa0d938318e87f046ed621ecf78 e733d0ee865b68e69a5e94a6b4526796e1dffb47 2b2afdc05faf6b897ecb2fe532526752927f5c5cdf5e1452355f9395396b9190 Loading...

	dbs123.top/	441 B	2023-03-08	2023-04-05
Pretty URL dbs123.top/ IP 23.225.36.181 ASN #40065 CNSERVERS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:40:14 Last Seen2023-04-05 02:01:15 Times Seen23 Hash 7a9b32b58648798999e82b185bb71873 fce5b86df5bd7ee4ba4a6072e808b17d218ee05a c958493721f0adffee36d13e0e82fe18248dc92e38b027b7d3ff577abbc6e0ee Loading...

HTTP Transactions (34)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9840
Expires: Mon, 30 Jan 2023 18:21:24 GMT
Date: Mon, 30 Jan 2023 15:37:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5186
Expires: Mon, 30 Jan 2023 17:03:50 GMT
Date: Mon, 30 Jan 2023 15:37:24 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 15:35:44 GMT
content-type: application/json
age: 100
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4309
Expires: Mon, 30 Jan 2023 16:49:13 GMT
Date: Mon, 30 Jan 2023 15:37:24 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: kB58TRoc0mo3V+IBgGm43+uRW1uaD9JvhiFRk7U4QkivErwEBRoxoqUL17bmFFd3gkRkFTc/c3M=
x-amz-request-id: MGFY7HP6C83EA7MQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 14:50:46 GMT
age: 2798
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e23619865934daaa426e422690488ee6
9d6e27d175adf3b00ee7b27c9287c0cc13fa4084
e2a17b2c12f92afc70c4fbf543282dd1f69b5b329edcae6bb7ae4c8a7bb0eae9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2A17B2C12F92AFC70C4FBF543282DD1F69B5B329EDCAE6BB7AE4C8A7BB0EAE9"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21472
Expires: Mon, 30 Jan 2023 21:35:17 GMT
Date: Mon, 30 Jan 2023 15:37:25 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

dbs123.top/css/global.css

23.225.36.181

200 OK

32 B

URL HTTP/2
dbs123.top/css/global.css
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type
ASCII text
Size
32 B (32 bytes)
Hash
3be97ef1ca24eceb7420292999284fc0
ad836458e436fe6a76e1cd22e270b54707f80ff7
7e16396ef8c0c1249aed9ed2a4120629a50e28070d8469030061cb3a71662ade

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /css/global.css HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: text/css
content-length: 32
last-modified: Sat, 19 Nov 2022 18:45:24 GMT
etag: "63792444-20"
expires: Tue, 31 Jan 2023 03:37:25 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 14:41:41 GMT
age: 3344
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

dbs123.top/img/img_paylahlogo_dark.png

23.225.36.181

200 OK

4.7 kB

URL HTTP/2
dbs123.top/img/img_paylahlogo_dark.png
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type
PNG image data, 194 x 76, 8-bit colormap, non-interlaced\012- data
Size
4.7 kB (4708 bytes)
Hash
9aed71c5b32ed115556328b04b45a1fb
d91a5577c7fdcf7346423975aacf523b74ace4c2
4af5f120c5a15ae31c05497269b0c91aefad1668413c63e553266cf0d355f741

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /img/img_paylahlogo_dark.png HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: image/png
content-length: 4708
last-modified: Sat, 19 Nov 2022 17:56:56 GMT
etag: "637918e8-1264"
expires: Wed, 01 Mar 2023 15:37:25 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

dbs123.top/

23.225.36.181

200 OK

1.9 kB

URL HTTP/2
dbs123.top/
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type
data
Size
1.9 kB (1916 bytes)
Hash
a1ee2bd3e54b4fff9a4f8ade7699ec4a
f58d407d016b5154b2b31d1294a7bcdc254eb8c7
24023d049d8169a7072357bba27a4ba348c530bcde191f1aa873857e7c7c0ca0

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=827meo680codd5anc1d4afrq3f; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dbs123.top/img/news/slide_3.png

23.225.36.181

404 Not Found

146 B

URL HTTP/2
dbs123.top/img/news/slide_3.png
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /img/news/slide_3.png HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

dbs123.top/img/news/slide_4.png

23.225.36.181

404 Not Found

146 B

URL HTTP/2
dbs123.top/img/news/slide_4.png
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /img/news/slide_4.png HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3953
Expires: Mon, 30 Jan 2023 16:43:18 GMT
Date: Mon, 30 Jan 2023 15:37:25 GMT
Connection: keep-alive

push.services.mozilla.com/

35.163.38.240

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.38.240:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vUsra54/CNm2RMN+hOV/YA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k8jbdcwPPEic/F/HAcz8clapGdg=

dbs123.top/favicon.ico

23.225.36.181

200 OK

28 kB

URL HTTP/2
dbs123.top/favicon.ico
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type
MS Windows icon resource - 1 icon, 82x82, 32 bits/pixel\012- data
Size
28 kB (27942 bytes)
Hash
2f1f476dde82603e6707cac6888ba940
1bc55159e0213251a2640ef6aa3617d7102cd9a5
fe745f8e0bf523d857b573bf196a69770c0b1f7c95a3a132feadc23553bc9dac

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:26 GMT
content-type: image/x-icon
content-length: 27942
last-modified: Sun, 20 Nov 2022 18:25:44 GMT
etag: "637a7128-6d26"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12831
Expires: Mon, 30 Jan 2023 19:11:18 GMT
Date: Mon, 30 Jan 2023 15:37:27 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12674
Expires: Mon, 30 Jan 2023 19:08:41 GMT
Date: Mon, 30 Jan 2023 15:37:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12831
Expires: Mon, 30 Jan 2023 19:11:18 GMT
Date: Mon, 30 Jan 2023 15:37:27 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12674
Expires: Mon, 30 Jan 2023 19:08:41 GMT
Date: Mon, 30 Jan 2023 15:37:27 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8464 bytes)
Hash
fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UNub7Gd4S0ogn5EJhtJVu8q1qML5_4eL2lIPQXiAuXy_q-XiR4s-5w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:55:21 GMT
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
age: 63726
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9457 bytes)
Hash
51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: soTFEnYjNcti77h3FpnztwzR7ypv68NbyoI6DxS0NhU412ykFsWAgA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:00:38 GMT
age: 63409
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7679 bytes)
Hash
3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Wx-qjsrMLYpLmE-8QmpR46BeRySbUGL2Rrr6LqhEQ8jaEEj_6Aj0qg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:52:09 GMT
age: 63918
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9167 bytes)
Hash
3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 20:46:17 GMT
age: 67870
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10997 bytes)
Hash
65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:53:08 GMT
age: 63859
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12507 bytes)
Hash
5190c0bdc6abe0ee258e9f8c20ddaf51
d60f280f8a742480527dbc32d08f321f972d4fcf
874b38a04aa3736e65aaef72da2cc2efceb208618267107a495bdfe51ec58e58

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12507
x-amzn-requestid: 85c9adcd-b997-48ca-bbfb-ccdeaf3e8cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFaJoAMFqKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-2bcdd8c353d8429d2b1e95f6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UDJKl99GiUxTW_EgWFDjLaJZbKFhfaJR-XRLsbQphwHuCXczDlxrDA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:54:37 GMT
age: 63770
etag: "d60f280f8a742480527dbc32d08f321f972d4fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dbs123.top/img/blur_splash.png

23.225.36.181

200 OK

49 kB

URL HTTP/2
dbs123.top/img/blur_splash.png
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type
PNG image data, 360 x 720, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48789 bytes)
Hash
cc132d7dce11be576d7c17a358e7faaf
ec8d9d8b8476cf0b69dfac6b2c24e8de03bf0cce
a671794422a6fbede385687dfe032bfbea00dcc50066d90c2a7863b9b1aefbc6

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /img/blur_splash.png HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:26 GMT
content-type: image/png
content-length: 48789
last-modified: Sat, 19 Nov 2022 17:56:56 GMT
etag: "637918e8-be95"
expires: Wed, 01 Mar 2023 15:37:26 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

dbs123.top/zy/api/i.js?ver=1675093061349

23.225.36.181

200 OK

0 B

URL HTTP/2
dbs123.top/zy/api/i.js?ver=1675093061349
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /zy/api/i.js?ver=1675093061349 HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:28 GMT
content-type: application/javascript
last-modified: Sun, 20 Nov 2022 16:13:22 GMT
vary: Accept-Encoding
etag: W/"637a5222-335f"
expires: Tue, 31 Jan 2023 03:37:28 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dbs123.top/zy/api/api.php

23.225.36.181

200 OK

0 B

URL HTTP/2
dbs123.top/zy/api/api.php
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /zy/api/api.php HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 6
Origin: https://dbs123.top
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:30 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dbs123.top/zy/api/api.php

23.225.36.181

200 OK

0 B

URL HTTP/2
dbs123.top/zy/api/api.php
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /zy/api/api.php HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 6
Origin: https://dbs123.top
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dbs123.top/js/jquery-1.11.1.min.js

23.225.36.181

200 OK

0 B

URL HTTP/2
dbs123.top/js/jquery-1.11.1.min.js
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /js/jquery-1.11.1.min.js HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 10:10:44 GMT
vary: Accept-Encoding
etag: W/"637365a4-1762a"
expires: Tue, 31 Jan 2023 03:37:25 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dbs123.top/css/swiper.min.css

23.225.36.181

200 OK

0 B

URL HTTP/2
dbs123.top/css/swiper.min.css
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /css/swiper.min.css HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: text/css
last-modified: Sat, 19 Nov 2022 18:45:24 GMT
vary: Accept-Encoding
etag: W/"63792444-4b85"
expires: Tue, 31 Jan 2023 03:37:25 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dbs123.top/js/swiper.min.js

23.225.36.181

200 OK

0 B

URL HTTP/2
dbs123.top/js/swiper.min.js
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /js/swiper.min.js HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 10:08:20 GMT
vary: Accept-Encoding
etag: W/"63736514-1b38e"
expires: Tue, 31 Jan 2023 03:37:25 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dbs123.top/zy/api/k.js

23.225.36.181

200 OK

0 B

URL HTTP/2
dbs123.top/zy/api/k.js
IP
23.225.36.181:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DBS Bank Ltd
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /zy/api/k.js HTTP/1.1
Host: dbs123.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dbs123.top/
Cookie: PHPSESSID=827meo680codd5anc1d4afrq3f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:37:25 GMT
content-type: application/javascript
last-modified: Fri, 29 Jul 2022 12:55:30 GMT
vary: Accept-Encoding
etag: W/"62e3d8c2-7e3"
expires: Tue, 31 Jan 2023 03:37:25 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (34)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type