Report - www.direct.amzserv.customerfinders.com/gncu/card.php

Report Overview

Submitted URL
www.direct.amzserv.customerfinders.com/gncu/card.php
IP
199.204.248.138
ASN
#11989 WEBINT
Submitted
2022-11-26 11:13:33
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	3.7 kB	93.184.220.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
cdn1.onlineaccess1.com	19210	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	157 kB	192.0.63.252
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	51 kB	34.120.237.76
www.direct.amzserv.customerfinders.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.2 kB	2.3 MB	199.204.248.138
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.20.60

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-25	medium	www.direct.amzserv.customerfinders.com/gncu/card.php	Generic/Spear Phishing

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/card.php	Phishing
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/phishlabs.js.download	Phishing
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-pendo.js.download	Phishing
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-tecton-elements.esm.js.download	Phishing
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/	Phishing
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/p-c89cafe1.js	Phishing
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Regular.woff	Phishing
2022-11-26	medium	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Semibold.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	cdn1.onlineaccess1.com/cdn/static/q2-pendo/pendo-2.134.1.js	469 kB	2023-03-08	2023-08-13
Pretty URL cdn1.onlineaccess1.com/cdn/static/q2-pendo/pendo-2.134.1.js IP 192.0.63.252 ASN #62659 Q2HOLDINGS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:46:27 Last Seen2023-08-13 21:54:12 Times Seen31 Hash 76b89e2a310f4e126e76f82039987a0f f49da6c53a3b9dc4dda366a3dffbcdb1d6ff09c6 4d62203e6a77437d57940e7a5755c1e13f9af1fc059a03b6d5b838d912317d91 Loading...

	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-pendo.js.download	7.8 kB	2023-03-08	2023-03-13
Pretty URL www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-pendo.js.download IP 199.204.248.138 ASN #11989 WEBINT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:46:27 Last Seen2023-03-13 01:03:19 Times Seen1 Hash 59385ff1c93501d549451cf1df7b12d0 c0b6c84e3fb16069b47d0b8dc0ad3e36df63ef11 0db6d8f67a5ee144634429adf6eafe41c2ccc47bc4a5bebb33de3b9e811db81a Loading...

	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-tecton-elements.esm.js.download	5.5 kB	2023-03-08	2023-03-13
Pretty URL www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-tecton-elements.esm.js.download IP 199.204.248.138 ASN #11989 WEBINT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:46:27 Last Seen2023-03-13 01:03:19 Times Seen1 Hash 4ce4536bd5d2688c6e9fd5a0e305a5b4 682378f1b37e2f49725db2981e999abb95bb04c9 027fb2e9297fff2f166fe62ff5fc9de51d3db9faa1265a4ded882cc4e5206009 Loading...

	www.direct.amzserv.customerfinders.com/gncu/card.php	157 B	2023-03-08	2023-03-13
Pretty URL www.direct.amzserv.customerfinders.com/gncu/card.php IP 199.204.248.138 ASN #11989 WEBINT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:46:27 Last Seen2023-03-13 01:03:20 Times Seen1 Hash 12075065f9c901525d1a039890939fd3 e4e825042ddd1ffd6c9e45ef94d5dd7abf50ea75 d34286b761869664e4ac5835ce208fafcf4c1eb78576221c35a36b3dad12719b Loading...

	www.direct.amzserv.customerfinders.com/gncu/card.php	32 B	2023-03-08	2024-04-06
Pretty URL www.direct.amzserv.customerfinders.com/gncu/card.php IP 199.204.248.138 ASN #11989 WEBINT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:46:27 Last Seen2024-04-06 02:05:39 Times Seen46 Hash 6129eb80d9d816a6f0e6e0fa985573cf a935a325ebdfb351dae4a154fda63cf2c714402d b8ca0c973bd1d0b007ecdcfee48597ae42c78affa3853831c8ac9f6948f56cd5 Loading...

	www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/phishlabs.js.download	993 B	2023-03-08	2023-03-13
Pretty URL www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/phishlabs.js.download IP 199.204.248.138 ASN #11989 WEBINT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:46:27 Last Seen2023-03-13 01:03:20 Times Seen1 Hash 92958335d82061f4db4301685429bc24 31de4c7b0280f76cb34822a534b5a8afc8ba6ba4 0d1dc09c3287a3326bff3f7d8e68b1ec16079099385b2c06a73dceea800736f5 Loading...

	www.direct.amzserv.customerfinders.com/gncu/card.php	193 B	2023-03-11	2023-03-11
Pretty URL www.direct.amzserv.customerfinders.com/gncu/card.php IP 199.204.248.138 ASN #11989 WEBINT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:15:48 Last Seen2023-03-11 20:39:08 Times Seen1 Hash ce7e158f264ffa33ad5ff2cabfc43ee9 df2949f4f3bde6ed163908f1fa593eb217278596 94608e52c607f7ca1612e2aecdcc39da9ee52173e32dbca79602b46e41d8f7c1 Loading...

HTTP Transactions (40)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4662
Expires: Sat, 26 Nov 2022 12:31:04 GMT
Date: Sat, 26 Nov 2022 11:13:22 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4057
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:13:22 GMT
Last-Modified: Sat, 26 Nov 2022 10:05:45 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7335
Expires: Sat, 26 Nov 2022 13:15:37 GMT
Date: Sat, 26 Nov 2022 11:13:22 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 10:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3249
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: lNwKzluaVttp3N9diLPBrPa2g2lyRf6DVEmwpjcoqeNvagc8i8xJRhRKHI7nX+8wnlilwE5MmMw=
x-amz-request-id: 5KWHY941HHB2SJ5J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 10:44:12 GMT
age: 1750
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 11:13:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 11:11:12 GMT
cache-control: public,max-age=3600
age: 131
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5431
Cache-Control: max-age=170639
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:13:23 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:37:22 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.89.20.60

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.20.60:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bsWfiMu6TDnCyiX/fmN7AA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WeLFMWyFCHFUsAmN97N4FROXYjs=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2829
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 11:13:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2829
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 11:13:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2829
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 11:13:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11150 bytes)
Hash
d0f860248042a8499ffb1701a880b2ba
845842c789e6e97fd1687e668d446bbb8309ffc7
9eca5258c7b6e4e145ca6576a3f3791f1324714404ffd7a56a61961f81e7bd44

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11150
x-amzn-requestid: 0b773c28-feda-41a2-9de6-8b559bd773eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC5EukoAMFxfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-3bfe118939abc352072c5af1;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RBv0V5RyDoApQfc5QIHFxVzmasUJvYZ6X4-kTTfI9UhtdjUWitlkJA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
etag: "845842c789e6e97fd1687e668d446bbb8309ffc7"
content-type: image/jpeg
age: 48420
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ezHvyK3va4SioabOjSittTiLQRs_Q8k4TPxkiGp_svtZ8omDPTUN-A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 05:04:28 GMT
age: 22136
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9049 bytes)
Hash
c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OJZkZ18TlSgdBWsmSroQPIcYIvBFvz5-7hu9_GravTcz6zqxKXHZrg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:43:36 GMT
age: 48588
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9787 bytes)
Hash
95101ded0fe92a85649a086992948008
afed98649590f2524a9e530c53eebbc1ba36da6a
7f754cb2105494045efe657c47313e77bb26361ca45a6f8cbce1fdb52a15ba01

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c125eba-03aa-443e-b99e-10c7890258e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9787
x-amzn-requestid: 51d9848a-868c-4e51-b1a8-30596d0108b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUfxHjToAMFeGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813464-749244df2aa06b23445d675c;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mSCEUQ3aOXg6rxJV0iWPgFZ6TE2pCucWwOI3KAsdbu_EadcDDa5vwg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:07:47 GMT
age: 47137
etag: "afed98649590f2524a9e530c53eebbc1ba36da6a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6789 bytes)
Hash
926df9839ec3d924b563b55d8bccace8
c47a3884465fc02b5c57faa5ffbd986ba29c64c2
a97cd625959aa81bc516024628315b2c6e2ce94f76cd579751a686a6611cc4d2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -6kE-HDfLIQMtzuaOuArCjtxgpQUgxMrpjcT7pDIdY7CDlJNK1GZWA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
content-type: image/jpeg
age: 48420
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3502 bytes)
Hash
a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:13:26 GMT
age: 14398
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/tecton-590048df214033d1c1591d552a32c9af.css

199.204.248.138

200 OK

8.0 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/tecton-590048df214033d1c1591d552a32c9af.css
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
Unicode text, UTF-8 text, with very long lines (8014), with no line terminators
Size
8.0 kB (8022 bytes)
Hash
590048df214033d1c1591d552a32c9af
6e93aed836cbb1b6976248df6d2cb4c8b17c23b4
fbb5d60b0e8fbf3ce2eeb2479ad9ef6744585303f9ee0bf27c62b35a0a2dc30a

HTTP Headers

GET /gncu/static/css/gncu_files/tecton-590048df214033d1c1591d552a32c9af.css HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:28 GMT
ETag: "2a606af-1f56-5ea2a1eb11100"
Accept-Ranges: bytes
Content-Length: 8022
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Content-Type: text/css

www.direct.amzserv.customerfinders.com/gncu/card.php

199.204.248.138

200 OK

196 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/card.php
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1596), with CRLF line terminators
Size
196 kB (195761 bytes)
Hash
1095bd7aa971cf3688478245256280f9
660604ad04e526ddb9fbbb7f80599cb9ee17f2a2
fdf50d66f21a5748271eb112f057f3e5cfca1485ef8def415f2310e915332a0a

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /gncu/card.php HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:29 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/phishlabs.js.download

199.204.248.138

200 OK

993 B

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/phishlabs.js.download
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
ASCII text
Size
993 B (993 bytes)
Hash
92958335d82061f4db4301685429bc24
31de4c7b0280f76cb34822a534b5a8afc8ba6ba4
0d1dc09c3287a3326bff3f7d8e68b1ec16079099385b2c06a73dceea800736f5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /gncu/static/css/gncu_files/phishlabs.js.download HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:28 GMT
ETag: "2a606a9-3e1-5ea2a1eb11100"
Accept-Ranges: bytes
Content-Length: 993
Keep-Alive: timeout=30, max=99
Connection: Keep-Alive
Content-Type: application/javascript

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-pendo.js.download

199.204.248.138

200 OK

7.8 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-pendo.js.download
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
ASCII text
Size
7.8 kB (7816 bytes)
Hash
59385ff1c93501d549451cf1df7b12d0
c0b6c84e3fb16069b47d0b8dc0ad3e36df63ef11
0db6d8f67a5ee144634429adf6eafe41c2ccc47bc4a5bebb33de3b9e811db81a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /gncu/static/css/gncu_files/q2-pendo.js.download HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:30 GMT
ETag: "2a606ab-1e88-5ea2a1ecf9580"
Accept-Ranges: bytes
Content-Length: 7816
Keep-Alive: timeout=30, max=99
Connection: Keep-Alive
Content-Type: application/javascript

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-tecton-elements.esm.js.download

199.204.248.138

200 OK

5.5 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/q2-tecton-elements.esm.js.download
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
ASCII text, with very long lines (5494), with no line terminators
Size
5.5 kB (5494 bytes)
Hash
4ce4536bd5d2688c6e9fd5a0e305a5b4
682378f1b37e2f49725db2981e999abb95bb04c9
027fb2e9297fff2f166fe62ff5fc9de51d3db9faa1265a4ded882cc4e5206009

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /gncu/static/css/gncu_files/q2-tecton-elements.esm.js.download HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:30 GMT
ETag: "2a606ac-1576-5ea2a1ecf9580"
Accept-Ranges: bytes
Content-Length: 5494
Keep-Alive: timeout=30, max=98
Connection: Keep-Alive
Content-Type: application/javascript

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/app.css

199.204.248.138

200 OK

96 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/app.css
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
Unicode text, UTF-8 text, with very long lines (55862)
Size
96 kB (95568 bytes)
Hash
a6d9a7427cb7e001863e3672c40c629e
42d101cfa747c4a540255a4a9d6f459d4e15c242
83a18bf19e5e2e0fae7ac33e1c099c335c708966970b7fe7b5915bb6442ff9fd

HTTP Headers

GET /gncu/static/css/gncu_files/app.css HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/gncu/card.php

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:33 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:18 GMT
ETag: "2a606a2-17550-5ea2a1e187a80"
Accept-Ranges: bytes
Content-Length: 95568
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Content-Type: text/css

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/highcontrast-187bc6d9db7409a39a77a6fc6d8ec2dc.css

199.204.248.138

200 OK

983 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/highcontrast-187bc6d9db7409a39a77a6fc6d8ec2dc.css
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
983 kB (983166 bytes)
Hash
187bc6d9db7409a39a77a6fc6d8ec2dc
9620b26e7d102e73219b6ad4a7d7d1498da6c854
6ee46b2d1e31d25ab2b4138c70dc6c73dfae73bba328c57f07a49054a8088e6d

HTTP Headers

GET /gncu/static/css/gncu_files/highcontrast-187bc6d9db7409a39a77a6fc6d8ec2dc.css HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/gncu/card.php

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:18 GMT
ETag: "2a606a5-f007e-5ea2a1e187a80"
Accept-Ranges: bytes
Content-Length: 983166
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Content-Type: text/css

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/theme-q2-672a467fd0e274363dd92c86a83ab3d5.css

199.204.248.138

200 OK

950 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/theme-q2-672a467fd0e274363dd92c86a83ab3d5.css
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
950 kB (950327 bytes)
Hash
672a467fd0e274363dd92c86a83ab3d5
03d8a458c8681bfc508a9bdddd6abd1e2b06e448
aa25b1a06f5d4552725cc7b4d76514bc8375468762f6f5c7d081a434042f6b83

HTTP Headers

GET /gncu/static/css/gncu_files/theme-q2-672a467fd0e274363dd92c86a83ab3d5.css HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/gncu/card.php

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:20 GMT
ETag: "2a606b0-e8037-5ea2a1e36ff00"
Accept-Ranges: bytes
Content-Length: 950327
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Content-Type: text/css

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/

199.204.248.138

403 Forbidden

35 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (32016), with CRLF line terminators
Size
35 kB (35121 bytes)
Hash
419b91b56483c938828edd3ddfbec7ca
01204f8eea044b49d436a206b7f2be986a449bdd
04cdee406e37e6600f8b4a7ba2dc8d27040b8b608ce76a9292c0025f21729924

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /gncu/static/css/gncu_files/ HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/gncu/card.php

HTTP/1.1 403 Forbidden
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/ncua_logo_small-b690f247c19ea4970c9d08b2b479f16a.png

199.204.248.138

200 OK

3.9 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/ncua_logo_small-b690f247c19ea4970c9d08b2b479f16a.png
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
PNG image data, 128 x 60, 8-bit colormap, non-interlaced\012- data
Size
3.9 kB (3924 bytes)
Hash
b690f247c19ea4970c9d08b2b479f16a
9bc7e6d23666778c15e4e1bc4f6275947ecc91bc
e0553d5e1f49291bd1730745a95e155e6951aebb077378914eb2816b059a6448

HTTP Headers

GET /gncu/static/css/gncu_files/ncua_logo_small-b690f247c19ea4970c9d08b2b479f16a.png HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:38 GMT
Server: Apache
Last-Modified: Mon, 03 Oct 2022 23:58:30 GMT
ETag: "2a606a6-f54-5ea2a1ecf9580"
Accept-Ranges: bytes
Content-Length: 3924
Keep-Alive: timeout=30, max=99
Connection: Keep-Alive
Content-Type: image/png

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
e68ee61c6ceee995f5e7c0be3561ee02
43cbaecd176693a746ebfcc55d8b07a7cb274b47
a200ce57cf68e0194f4af884f2deb0238c68e2030bb29df90649645be3f62729

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=96084
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:13:31 GMT
Etag: "6380c92f-117"
Expires: Sun, 27 Nov 2022 13:54:55 GMT
Last-Modified: Fri, 25 Nov 2022 13:54:55 GMT
Server: nginx
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
e68ee61c6ceee995f5e7c0be3561ee02
43cbaecd176693a746ebfcc55d8b07a7cb274b47
a200ce57cf68e0194f4af884f2deb0238c68e2030bb29df90649645be3f62729

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=96084
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:13:31 GMT
Etag: "6380c92f-117"
Expires: Sun, 27 Nov 2022 13:54:55 GMT
Last-Modified: Fri, 25 Nov 2022 13:54:55 GMT
Server: nginx
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
e68ee61c6ceee995f5e7c0be3561ee02
43cbaecd176693a746ebfcc55d8b07a7cb274b47
a200ce57cf68e0194f4af884f2deb0238c68e2030bb29df90649645be3f62729

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=96084
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:13:31 GMT
Etag: "6380c92f-117"
Expires: Sun, 27 Nov 2022 13:54:55 GMT
Last-Modified: Fri, 25 Nov 2022 13:54:55 GMT
Server: nginx
Content-Length: 279

cdn1.onlineaccess1.com/cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/desktop-background-845d58016ae32cd9a48be56e7e3b8d51.jpg

192.0.63.252

200 OK

154 kB

URL HTTP/2
cdn1.onlineaccess1.com/cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/desktop-background-845d58016ae32cd9a48be56e7e3b8d51.jpg
IP
192.0.63.252:0
ASN
#62659 Q2HOLDINGS

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1936x1315, components 3\012- data
Size
154 kB (154025 bytes)
Hash
845d58016ae32cd9a48be56e7e3b8d51
da403b017c9e54cb56d1a4d78972a5816993ba20
ead11efc18df94ffb452c4bd4f2ea66f6aaf391d0c0e3596c10292f8a68d13d3

HTTP Headers

GET /cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/desktop-background-845d58016ae32cd9a48be56e7e3b8d51.jpg HTTP/1.1
Host: cdn1.onlineaccess1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:13:31 GMT
content-type: image/jpeg
content-length: 154025
last-modified: Fri, 14 Oct 2022 18:50:59 GMT
etag: "6349af93-259a9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
access-control-allow-origin: *
cf-cache-status: HIT
age: 481815
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
set-cookie: __cfruid=e71d0e0e4259d075361804ea012d36e6a787c3a5-1669461211; path=/; domain=.onlineaccess1.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 770231fa58651c16-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
e68ee61c6ceee995f5e7c0be3561ee02
43cbaecd176693a746ebfcc55d8b07a7cb274b47
a200ce57cf68e0194f4af884f2deb0238c68e2030bb29df90649645be3f62729

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:13:31 GMT
Etag: "6380c92f-117"
Server: ECS (amb/6B88)
Content-Length: 279

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/p-c89cafe1.js

199.204.248.138

200 OK

14 kB

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/p-c89cafe1.js
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type
HTML document, ASCII text, with very long lines (13560), with no line terminators
Size
14 kB (13560 bytes)
Hash
cd44c4d2384640fe95702360408e0e22
20494bb5444c77a63e7b7754415f79ecaaee59c0
ac6b5c3091d3c5c1cd410d6c0524e4c53104fcf66e2934376a7b1b6ed92be9e2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /gncu/static/css/gncu_files/p-c89cafe1.js HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:34 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Keep-Alive: timeout=30, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7bc8ec57c77e70e15c146de32435b001
82e3b4519b11bfe510c08e773c3a8b04b60fc482
b9d410a082c3e5ce9e915a121cce0fbe89eb5a9738cab4121c29ac9e0c75342e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9D410A082C3E5CE9E915A121CCE0FBE89EB5A9738CAB4121C29AC9E0C75342E"
Last-Modified: Thu, 24 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Sat, 26 Nov 2022 15:28:58 GMT
Date: Sat, 26 Nov 2022 11:13:31 GMT
Connection: keep-alive

cdn1.onlineaccess1.com/cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/logos/logo_large-f97b4c722f38e8bccdf614f5298ea1a7.png

192.0.63.252

200 OK

0 B

URL HTTP/2
cdn1.onlineaccess1.com/cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/logos/logo_large-f97b4c722f38e8bccdf614f5298ea1a7.png
IP
192.0.63.252:0
ASN
#62659 Q2HOLDINGS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/logos/logo_large-f97b4c722f38e8bccdf614f5298ea1a7.png HTTP/1.1
Host: cdn1.onlineaccess1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:13:31 GMT
content-type: image/png
last-modified: Fri, 21 Oct 2022 08:09:31 GMT
vary: Accept-Encoding
etag: W/"635253bb-31d0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: gzip
timing-allow-origin: *
access-control-allow-headers: *
cf-cache-status: HIT
age: 481815
strict-transport-security: max-age=15552000; includeSubDomains; preload
set-cookie: __cfruid=e71d0e0e4259d075361804ea012d36e6a787c3a5-1669461211; path=/; domain=.onlineaccess1.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 770231f9fff61c16-OSL
X-Firefox-Spdy: h2

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Regular.woff

199.204.248.138

200 OK

0 B

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Regular.woff
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Regular.woff HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/tecton-590048df214033d1c1591d552a32c9af.css

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:38 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Keep-Alive: timeout=30, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cdn1.onlineaccess1.com/cdn/static/q2-pendo/pendo-2.134.1.js

192.0.63.252

200 OK

0 B

URL HTTP/2
cdn1.onlineaccess1.com/cdn/static/q2-pendo/pendo-2.134.1.js
IP
192.0.63.252:0
ASN
#62659 Q2HOLDINGS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/static/q2-pendo/pendo-2.134.1.js HTTP/1.1
Host: cdn1.onlineaccess1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:13:31 GMT
content-type: application/javascript
last-modified: Wed, 27 Apr 2022 17:47:30 GMT
vary: Accept-Encoding
etag: W/"626981b2-7288e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
timing-allow-origin: *
access-control-allow-headers: *
access-control-allow-origin: *
cf-cache-status: HIT
age: 14907314
strict-transport-security: max-age=15552000; includeSubDomains; preload
set-cookie: __cfruid=e71d0e0e4259d075361804ea012d36e6a787c3a5-1669461211; path=/; domain=.onlineaccess1.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 770231fa88931c16-OSL
X-Firefox-Spdy: h2

cdn1.onlineaccess1.com/cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/logos/favicon-60ece86de211be04d011746e7e7f9a4f.ico

192.0.63.252

200 OK

0 B

URL HTTP/2
cdn1.onlineaccess1.com/cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/logos/favicon-60ece86de211be04d011746e7e7f9a4f.ico
IP
192.0.63.252:0
ASN
#62659 Q2HOLDINGS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/depot/4102_01/1776/82586256c6fee52a84f789e773a20aa6/assets/images/logos/favicon-60ece86de211be04d011746e7e7f9a4f.ico HTTP/1.1
Host: cdn1.onlineaccess1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.direct.amzserv.customerfinders.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:13:31 GMT
content-type: image/x-icon
last-modified: Fri, 21 Oct 2022 08:09:31 GMT
etag: W/"635253bb-1536"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
access-control-allow-origin: *
cf-cache-status: HIT
age: 337820
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
set-cookie: __cfruid=e71d0e0e4259d075361804ea012d36e6a787c3a5-1669461211; path=/; domain=.onlineaccess1.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 770231fa88981c16-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Semibold.woff

199.204.248.138

200 OK

0 B

URL HTTP/1.1
www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Semibold.woff
IP
199.204.248.138:0
ASN
#11989 WEBINT

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /gncu/static/css/gncu_files/fonts/OpenSans/OpenSans-Semibold.woff HTTP/1.1
Host: www.direct.amzserv.customerfinders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.direct.amzserv.customerfinders.com/gncu/static/css/gncu_files/tecton-590048df214033d1c1591d552a32c9af.css

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:13:38 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Keep-Alive: timeout=30, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (40)

URL HTTP/1.1

IP

ASN

File type

Size