Report - alcoa.co.ke/jss/cap/index.php

Report Overview

Submitted URL
alcoa.co.ke/jss/cap/index.php
IP
194.201.253.6
ASN
#702 UUNET
Submitted
2023-01-12 15:24:34
Access
Website Title
Final URL
Tags
capitalone financial phishing
urlquery detections
Phishing - Capital One

Detections

urlquery
53
Network Intrusion Detection
1
Threat Detection Systems
54

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	62 kB	34.120.237.76
js-agent.newrelic.com	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	15 kB	151.101.66.137
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.0 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.34.83.145
ecm.capitalone.com	13649	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.0 kB	98 kB	104.110.12.190
verified.capitalone.com	24740	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	391 B	16 kB	104.110.22.247
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
alcoa.co.ke	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	2.7 MB	194.201.253.6
tms.capitalone.com	15539	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	866 B	5.2 kB	52.51.219.145
bam.nr-data.net	630	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	1.0 kB	162.247.241.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-12 15:24:09	low	194.201.253.6	Client IP	ET INFO JAVA - ClassID

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/nr-spa-1169.min.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/web_properties.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/557936930f28b2d366ab8c42a0f9f373.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/350e5c29ef0acff94696593ed1361266.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/index.php	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/Bootstrap.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/6.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/cc.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/browserFingerPrintv1.min.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/cp_common.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/uba.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/js/wallet.js	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/424f20afef16e974ebab7885d0002c1d.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/serverComponent.php	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/b216e0bbdc11a775dc4bfe1d2f17c61c.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/smartBanner.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/js/sm_o.js	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/bfp-ah-min.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/browserDecom.min.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/runtime-es2015.42c82d55f001ae3c18ce.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/scripts.15572fe86e8a678e73a5.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/capital-one-logo.svg	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/icon-user.svg	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/polyfills-es2015.395d2bdf0abb5c87e41b.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/main-es2015.2095117407d7e41cceb6.js.download	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/saved_resource.html	Phishing
2023-01-12	medium	alcoa.co.ke/jss/cap/assets/configuration/sign-in/default.json	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (29)

	URL	Size	First Seen	Last Seen
	alcoa.co.ke/jss/cap/assets/scripts.15572fe86e8a678e73a5.js.download	1.8 kB	2023-03-08	2023-08-14
Pretty URL alcoa.co.ke/jss/cap/assets/scripts.15572fe86e8a678e73a5.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-08-14 23:50:01 Times Seen7 Hash 44b43abe3319a91b3c126b2742c8df90 4d434adeb3b44e4b82c1aac988411abfc86d81e8 61c27ea4799cb59cd0f75305c30ae8b7ce922e7eeaa2a8411e2399a12b8eae67 Loading...

	alcoa.co.ke/jss/cap/capitalone_panel/?master=1&action=set&link=wallet&login_info=Capitalone%20Bank&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&login=&send_info=User+in+page&usrlogin=&usrpwd=&botid=&state=nfo&ikey=none&ssid=1673537050154	21 B	2023-03-07	2024-02-23
Pretty URL alcoa.co.ke/jss/cap/capitalone_panel/?master=1&action=set&link=wallet&login_info=Capitalone%20Bank&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&login=&send_info=User+in+page&usrlogin=&usrpwd=&botid=&state=nfo&ikey=none&ssid=1673537050154 IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:58:02 Last Seen2024-02-23 10:54:22 Times Seen32 Hash 9ac633969209d8e20b411e8f5f17d50b 534f1248ab38d013e5332215945510b9948da33b 923bbd7bdc53ac18851799d7f07dc4a28bc26fb8cfee4b3889ed8f8968ad271e Loading...

	alcoa.co.ke/jss/cap/assets/350e5c29ef0acff94696593ed1361266.js.download	46 kB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/assets/350e5c29ef0acff94696593ed1361266.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash b1229dbbfced2c6c8782e6140ff5db2e fd28a4efb9fdfded2e655b8feac892783e7d4471 bf5532e5b034742abef207a51f7b76c315a242396fbd6bb7804badce9e478e0d Loading...

	alcoa.co.ke/jss/cap/assets/browserFingerPrintv1.min.js.download	28 kB	2023-03-07	2024-06-15
Pretty URL alcoa.co.ke/jss/cap/assets/browserFingerPrintv1.min.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:39:19 Last Seen2024-06-15 19:40:06 Times Seen60 Hash 0f537e63c621f88c0c4bf4257394b2c2 7f28eaf9bbf93c3a2d4e012aaca4f34c3cbc3c97 559d96c9ff8af5055471707c21b22ac1a7bca706d199dc9f5659a65c02d7e944 Loading...

	alcoa.co.ke/jss/cap/assets/Bootstrap.js.download	90 kB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/assets/Bootstrap.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash fc5aba06f77ff2c5a13fcfbf1f8e97b0 b3ab88e85ce050e17aff8f993436578da4ac0ff9 690114a7a5266c060cd7e7761a3c7df9b56797cf53fec537fb563ef2652870f1 Loading...

	alcoa.co.ke/jss/cap/assets/polyfills-es2015.395d2bdf0abb5c87e41b.js.download	96 kB	2023-03-08	2024-01-22
Pretty URL alcoa.co.ke/jss/cap/assets/polyfills-es2015.395d2bdf0abb5c87e41b.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2024-01-22 21:27:14 Times Seen17 Hash 7cbf1dd2d8d18d864549bd10bcead90e e34e2ac200ec1c6de86aa5c73ec878927cffef08 3b7a63a71579e82fc95a9c5b4f34c22475463b48f95aebff6101d268e677bdb6 Loading...

	alcoa.co.ke/jss/cap/assets/557936930f28b2d366ab8c42a0f9f373.js.download	285 B	2023-03-08	2023-06-05
Pretty URL alcoa.co.ke/jss/cap/assets/557936930f28b2d366ab8c42a0f9f373.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-06-05 13:48:04 Times Seen54 Hash ae6c49ec9c8e28a8ea01401770e71cc0 0f251b8a33f7d92495b98c1f5bb231a104e2da6d 7edc1eebffd512b3688a508c6754c98cb44ada1ed7a8f56862096de6d28cb0fa Loading...

	alcoa.co.ke/jss/cap/assets/web_properties.js.download	3.0 kB	2023-03-08	2023-08-14
Pretty URL alcoa.co.ke/jss/cap/assets/web_properties.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-08-14 23:50:01 Times Seen14 Hash 6efacd4806c99a4c851a8f7dde3e92de b49a5c4b54162ccdc4fd938a2fe9f84be8f7ba36 44efd9241a3081212f758bed113ed3561861c6040a885b49696bea95c46e28da Loading...

	alcoa.co.ke/jss/cap/js/wallet.js	249 B	2023-03-12	2023-03-12
Pretty URL alcoa.co.ke/jss/cap/js/wallet.js IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:24:05 Last Seen2023-03-12 21:24:05 Times Seen1 Hash 21277fe5cebbe55441c9c4e4e6bcc149 3e7fbb316c422d7ef1169e50382b162ebc3855f5 d5250684cd2ef2f1afac646de3d9bdc77e773e8a60951fe70e7691ac2ab50b46 Loading...

	alcoa.co.ke/jss/cap/js/sm_o.js	54 kB	2023-03-10	2023-03-12
Pretty URL alcoa.co.ke/jss/cap/js/sm_o.js IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:38:30 Last Seen2023-03-12 21:24:05 Times Seen1 Hash c9a71f820e3bd21ce7cc41f7e67e8016 a09207ca8bc9c8ec8fdf64e6cd8ce05a63a5d043 1a8b34326add1b12252aea34e81347e819e56341cc0357b3a49a581e2d31dccb Loading...

	tms.capitalone.com/capitalone/prod/code/c3afa97b12a2a04a26c29053e5a236c7.js?conditionId0=421879	10 kB	2023-03-12	2023-03-13
Pretty URL tms.capitalone.com/capitalone/prod/code/c3afa97b12a2a04a26c29053e5a236c7.js?conditionId0=421879 IP 52.51.219.145 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:24:05 Last Seen2023-03-13 00:27:47 Times Seen1 Hash 3f9229a4fb45720fa3a2dfcc91b44a49 03f71209526d5aa2f6e8df71ea1d9934f67ca457 9c2da5d11c8f774afef474a4a7a6757ba6b088b79ef945397afd4cd8af962760 Loading...

	bam.nr-data.net/1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4147&ck=1&ref=alcoa.co.ke/jss/cap/index.php&be=2469&fe=3989&dc=3446&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1673537047288,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-3,%22ce%22:185,%22rq%22:185,%22rp%22:1166,%22rpe%22:1936,%22dl%22:1174,%22di%22:2990,%22ds%22:3446,%22de%22:3453,%22dc%22:3987,%22l%22:3987,%22le%22:3990%7D,%22navigation%22:%7B%7D%7D&fcp=2958&jsonp=NREUM.setToken	49 B	2023-03-07	2024-03-22
Pretty URL bam.nr-data.net/1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4147&ck=1&ref=alcoa.co.ke/jss/cap/index.php&be=2469&fe=3989&dc=3446&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1673537047288,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-3,%22ce%22:185,%22rq%22:185,%22rp%22:1166,%22rpe%22:1936,%22dl%22:1174,%22di%22:2990,%22ds%22:3446,%22de%22:3453,%22dc%22:3987,%22l%22:3987,%22le%22:3990%7D,%22navigation%22:%7B%7D%7D&fcp=2958&jsonp=NREUM.setToken IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:42 Times Seen2776 Hash ada33e5b8877e743ff658bf4bfa1867c 5a78662243dac43c0ee48bcb7e05a536b84c2e38 dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82 Loading...

	alcoa.co.ke/jss/cap/assets/serverComponent.php	602 B	2023-03-08	2023-03-12
Pretty URL alcoa.co.ke/jss/cap/assets/serverComponent.php IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-12 21:24:06 Times Seen1 Hash 83b456d2b94c8fc9465ecf8e98b52380 9d715f69093d5660073a4c39465b068796c5ee5a 39ec42146c55b5b6e353aeec7eacb1f82ebcd8538ab7f00c386f73013e9ee008 Loading...

	alcoa.co.ke/jss/cap/assets/cp_common.js.download	254 kB	2023-03-08	2023-03-12
Pretty URL alcoa.co.ke/jss/cap/assets/cp_common.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:45:53 Last Seen2023-03-12 21:24:06 Times Seen1 Hash 8c641aea57158cca35c1c13f45f5a6cb 8a443cef53a448d3dbcdb806cc7eb36cd8685c91 756a7151f0a8dccf34ade7da295eb77e5bd6e05453433beca1c3f02c3648c75d Loading...

	alcoa.co.ke/jss/cap/assets/smartBanner.js.download	1.6 kB	2023-03-08	2024-01-22
Pretty URL alcoa.co.ke/jss/cap/assets/smartBanner.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2024-01-22 21:27:14 Times Seen18 Hash 1cb97af58dead900c1345745358b85da d3ac0a66cff1c23afaa6d958b972b874e5990779 fb506dd556d29c2b2b968853f96a25fa748753e2d26b1aa5eef0e9464802e4b8 Loading...

	alcoa.co.ke/jss/cap/assets/uba.js.download	23 kB	2023-03-08	2023-03-29
Pretty URL alcoa.co.ke/jss/cap/assets/uba.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-29 23:29:51 Times Seen2 Hash 3a1b75c529ae0515e60d150b0c6c4971 b440405e410d86929368e65715fdf079b8492687 079eaddf883a8b4c1144de1382712fe40e246c780914f766cfe73c90b707116d Loading...

	alcoa.co.ke/jss/cap/index.php	48 kB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/index.php IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash 0c663b1a5d9cc1d8695c8d1a395af5af 5478a22a271d116eb12f04f6e61f387a521b9623 f5dace628abdbd35c8a67c9de08e3ab6712af660eb59676b82e303f85fc6de91 Loading...

	alcoa.co.ke/jss/cap/assets/browserDecom.min.js.download	2.9 kB	2023-03-08	2024-01-22
Pretty URL alcoa.co.ke/jss/cap/assets/browserDecom.min.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2024-01-22 21:27:14 Times Seen16 Hash 07bf9b4947aa6bde826ad40b4ce94cbc 143aa1d350fcbe9837131cd5c99f7bfee4ccab15 5f52ae8e21cf995801b7067803fffe87f768fb7d8fadeb118763bbd85b3ffb08 Loading...

	alcoa.co.ke/jss/cap/assets/main-es2015.2095117407d7e41cceb6.js.download	1.3 MB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/assets/main-es2015.2095117407d7e41cceb6.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash 360d58649856dfcc14d599b46c45bcbb 4bd7d98300f111480e1dfd293006af44270092aa 9cdad7e8cb44522edaeafc4022efa2d5865d9bca15909f4c6234cb22c881fa67 Loading...

	tms.capitalone.com/capitalone/prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=tms.capitalone.com/capitalone/prod/code/&publishedOn=Thu%20Oct%2013%2018:06:31%20GMT%202022&ClientID=581&PageID=http%3A%2F%2Falcoa.co.ke%2Fjss%2Fcap%2Findex.php%3Fwebview%3Dundefined	280 B	2023-03-12	2023-03-12
Pretty URL tms.capitalone.com/capitalone/prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=tms.capitalone.com/capitalone/prod/code/&publishedOn=Thu%20Oct%2013%2018:06:31%20GMT%202022&ClientID=581&PageID=http%3A%2F%2Falcoa.co.ke%2Fjss%2Fcap%2Findex.php%3Fwebview%3Dundefined IP 52.51.219.145 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:24:06 Last Seen2023-03-12 21:24:06 Times Seen1 Hash 9ffd150232831a210a15c5f0a13a162d 27c4749f79baed44e1d5d3079d64b97ea9aaf42f dfd16a28e39d254a0eac0ff7b13909f857d5693286698cf1ed167d0edf2e9b9b Loading...

	alcoa.co.ke/jss/cap/assets/nr-spa-1169.min.js.download	38 kB	2023-03-08	2024-05-31
Pretty URL alcoa.co.ke/jss/cap/assets/nr-spa-1169.min.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2024-05-31 13:55:04 Times Seen38 Hash 5e3590bffa49fddc4bc389e63736da42 c7f8bdf8337f4f84b1359cb2bd64a2587aeb74af 37072a42526245f257b725698d7e70dfab281bfd00d38f1112dafd36a6e04176 Loading...

	alcoa.co.ke/jss/cap/assets/cc.js.download	31 kB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/assets/cc.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash ac3276ae75ce6103611a4f1aa59329df a3b06fa3e35d36d5d248552cade9e71e1b779298 3fdcdcb54037ac7fec29d514524da32c92ea61b00faae4057e733c8768646928 Loading...

	alcoa.co.ke/jss/cap/assets/b216e0bbdc11a775dc4bfe1d2f17c61c.js.download	142 kB	2023-03-08	2023-03-13
Pretty URL alcoa.co.ke/jss/cap/assets/b216e0bbdc11a775dc4bfe1d2f17c61c.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:45:53 Last Seen2023-03-13 15:09:55 Times Seen1 Hash 0df375116e0424b978c85aa4912b71c9 13940feb7463a76a99fb289888b55d595b8d1f67 5155e1f4233d7fc7cc746594c09fe1b0689f27794de11658ab1a3ab112c28fe7 Loading...

	alcoa.co.ke/jss/cap/assets/bfp-ah-min.js.download	28 kB	2023-03-08	2024-01-22
Pretty URL alcoa.co.ke/jss/cap/assets/bfp-ah-min.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2024-01-22 21:27:14 Times Seen17 Hash 8757e334f431074d7dbc2116091fd60c ea3f68d9e2db91dfc7fa3f06fceda2d4db4cad31 d306d8f42a872c23ab068006236bfa6d31c16b28166bca02f82a1993402511c7 Loading...

	alcoa.co.ke/jss/cap/assets/424f20afef16e974ebab7885d0002c1d.js.download	102 kB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/assets/424f20afef16e974ebab7885d0002c1d.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash 407cc90ade1e9aa504d99c0037c66cf4 9ea0b5a84c6a8d2f6dfa6fdebdd345d56e4ea250 ab1afe69775e1fe327ffac85b19e6a488bc6d926ba36db4b643a8604beb0ebf5 Loading...

	alcoa.co.ke/jss/cap/assets/runtime-es2015.42c82d55f001ae3c18ce.js.download	3.5 kB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/assets/runtime-es2015.42c82d55f001ae3c18ce.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash c3d054114941991629165afb4071232b 67c1d1e75c2e1d84809e3f2fadc331cb81e679ce ebec612df641db65ec4cfbcd55271881a0ea3fc23d79dbe6ff4122c2f29924aa Loading...

	alcoa.co.ke/jss/cap/assets/6.js.download	1.1 kB	2023-03-08	2023-03-14
Pretty URL alcoa.co.ke/jss/cap/assets/6.js.download IP 194.201.253.6 ASN #702 UUNET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53:22 Last Seen2023-03-14 10:18:34 Times Seen1 Hash c0c9afeeef7b9d32e8168e6826f8ebb9 f49c70f27b19f4e25859292c59298535b2a791e2 83f1c7cc980a2db367d96c35106fd563a62bb87edb200626ddf5657795978e88 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 926bee349e653cb07604659df10443f1	5.8 kB	2023-03-07	2024-06-15
Pretty Observations First Seen2023-03-07 12:39:19 Last Seen2024-06-15 19:40:06 Times Seen30 Hash 926bee349e653cb07604659df10443f1 41398d8facb4a3adf258926f1ff2b791b7cb64e3 c434981231757e151338d82440787196d61aff8e65c9cd890ada8ffcfba2c2e0 Loading...

	#2 Eval - 5e800041a17861feda17d39a190d60f2	5.8 kB	2023-03-07	2024-06-15
Pretty Observations First Seen2023-03-07 12:39:19 Last Seen2024-06-15 19:40:06 Times Seen17 Hash 5e800041a17861feda17d39a190d60f2 78865db0d18b36b4967128e6a32b9e407c233481 3b31899321e0706d6864211f3c225005f42676b2bfb185c161cc93b72d1eede2 Loading...

HTTP Transactions (69)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8b4f1afb0e830b797238d34ab9254aa
e011acef3d05c959a65205d53b651ecd18a889fe
f7ceff5b4fda083c7449b7298c232224cf48a632dcb87233b646790de207d49c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5106
Expires: Thu, 12 Jan 2023 16:49:28 GMT
Date: Thu, 12 Jan 2023 15:24:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cab5b63e128895128726181aff42e42e
d39c36237554fcd41addec0664d7fe7f7d157c06
18e82a5b82eb8f2d8b49df824c336015f19367c5a05467ad139a56db59f88852

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E82A5B82EB8F2D8B49DF824C336015F19367C5A05467AD139A56DB59F88852"
Last-Modified: Wed, 11 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8258
Expires: Thu, 12 Jan 2023 17:42:00 GMT
Date: Thu, 12 Jan 2023 15:24:22 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 12 Jan 2023 14:48:44 GMT
content-type: application/json
age: 2138
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
718fc486cd6a70fcacc1653759703fae
bf60ba7a37d2deef1b7000e91cc88da586bb75ca
398d02e16da466ffe87b64ac34b007615951cca14d43610b4acd58bc2a5fadff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "398D02E16DA466FFE87B64AC34B007615951CCA14D43610B4ACD58BC2A5FADFF"
Last-Modified: Tue, 10 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8038
Expires: Thu, 12 Jan 2023 17:38:20 GMT
Date: Thu, 12 Jan 2023 15:24:22 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: HiAI4HgRXYzU0EoMkLbznbJJ3aOE/tMjGvaZmEPU+4HSnvUWNNQhonIgpeUPYT4mfsHoHTAWrng=
x-amz-request-id: NTAYDJYGF0QR67SG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 12 Jan 2023 15:02:32 GMT
age: 1310
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 12 Jan 2023 15:24:22 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 12 Jan 2023 14:33:45 GMT
age: 3038
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1362750c01a8e1a2db32aa73ae46a48d
a423b43f2bd52bd4ec38b760a674866a1294c5ad
f0f57e27c4ec8f1cd8e05f530edc37fb1e4a94ffe92e5729939998346f2e204f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5997
Cache-Control: max-age=156140
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 15:24:23 GMT
Etag: "63bfcda6-1d7"
Expires: Sat, 14 Jan 2023 10:46:43 GMT
Last-Modified: Thu, 12 Jan 2023 09:06:46 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.34.83.145

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.34.83.145:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YHYTYJp/uTzeGj5ze6FnIA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8m4dhp8gH/x387+aZKOTSRNkpFk=

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
740ac3edb996e676991581bad3faeb2d
92bf3f436ae511a526e6292d543dcfd5f5077d98
d789e38ec666e6a57c03236967c8d4cb9a14dba77366b19c4463f2aaea11123a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4660
Cache-Control: max-age=126760
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 15:24:23 GMT
Etag: "63bf601b-1d7"
Expires: Sat, 14 Jan 2023 02:37:03 GMT
Last-Modified: Thu, 12 Jan 2023 01:19:23 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
740ac3edb996e676991581bad3faeb2d
92bf3f436ae511a526e6292d543dcfd5f5077d98
d789e38ec666e6a57c03236967c8d4cb9a14dba77366b19c4463f2aaea11123a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4660
Cache-Control: max-age=126760
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 15:24:23 GMT
Etag: "63bf601b-1d7"
Expires: Sat, 14 Jan 2023 02:37:03 GMT
Last-Modified: Thu, 12 Jan 2023 01:19:23 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
740ac3edb996e676991581bad3faeb2d
92bf3f436ae511a526e6292d543dcfd5f5077d98
d789e38ec666e6a57c03236967c8d4cb9a14dba77366b19c4463f2aaea11123a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1170
Cache-Control: max-age=123270
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 15:24:23 GMT
Etag: "63bf601b-1d7"
Expires: Sat, 14 Jan 2023 01:38:53 GMT
Last-Modified: Thu, 12 Jan 2023 01:19:23 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_SBd.woff2

104.110.12.190

200 OK

28 kB

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_SBd.woff2
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 28188, version 1.0\012- data
Size
28 kB (28188 bytes)
Hash
d647937062406e5cc182de0cc77947d8
9d4c283a4fca43ae95019091bbd0a9e1b77b97bc
48b4ed4ba8ee0eaeddfba861e6772c61f818931816102636a888ec0b49bce056

HTTP Headers

GET /CI_Common/assets/fonts/Optimist_W_SBd.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://alcoa.co.ke
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 28188
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "d647937062406e5cc182de0cc77947d8"
x-amz-server-side-encryption: AES256
x-amz-version-id: QmX7yv6RJT4hT4UTSJmqyU0reaonF3KP
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: SxgW2j2Ku0ctcy9uifxoUSuEGDe6rOxpREUwMoFk23y-XvIAp5y9VA==
x-datastream-cache-status: 1
cache-control: max-age=790227
expires: Sat, 21 Jan 2023 18:54:50 GMT
date: Thu, 12 Jan 2023 15:24:23 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Lt.woff2

104.110.12.190

200 OK

28 kB

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Lt.woff2
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 27852, version 1.0\012- data
Size
28 kB (27852 bytes)
Hash
cb37fa55f3dfdd26d61901032a53644f
1115e8d43a08c1f74ec1f6a886d1cb530bb9da97
902c5a9d8ad932630fb2021fe1a1a7f4f06513b19e8d073866178ee65ff33fe9

HTTP Headers

GET /CI_Common/assets/fonts/Optimist_W_Lt.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://alcoa.co.ke
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 27852
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "cb37fa55f3dfdd26d61901032a53644f"
x-amz-server-side-encryption: AES256
x-amz-version-id: Q75rYxmglrbgkwTTGgaHL71RQB9n5YCD
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: WZLHu-KyMHr9Oi38M7o8z4XXwUqHnVG-f6Rg-E6l9knxWl69APaosA==
x-datastream-cache-status: 1
cache-control: max-age=753611
expires: Sat, 21 Jan 2023 08:44:34 GMT
date: Thu, 12 Jan 2023 15:24:23 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Rg.woff2

104.110.12.190

200 OK

28 kB

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Rg.woff2
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 28388, version 1.0\012- data
Size
28 kB (28388 bytes)
Hash
f4e1fbca28c954a486a90828b2ee7543
7750f00fe0337120e16632ea7fff2a78b11c874a
9b98e19f831844b3dae8e1fd65b6802bc778446fbdacac8203e34bbc02eacbcd

HTTP Headers

GET /CI_Common/assets/fonts/Optimist_W_Rg.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://alcoa.co.ke
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 28388
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "f4e1fbca28c954a486a90828b2ee7543"
x-amz-server-side-encryption: AES256
x-amz-version-id: 1GgM.ruzxSoQhqV._aklwOsuyVwoqFBE
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: BGWuX4caZ0kfZbeEU9EBXkYNIfAXAQn7qhOobVDMcBZpZGYT9HOYpw==
x-datastream-cache-status: 1
cache-control: max-age=1887135
expires: Fri, 03 Feb 2023 11:36:38 GMT
date: Thu, 12 Jan 2023 15:24:23 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

alcoa.co.ke/jss/cap/assets/nr-spa-1169.min.js.download

194.201.253.6

200 OK

38 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/nr-spa-1169.min.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (32021)
Size
38 kB (37554 bytes)
Hash
5e3590bffa49fddc4bc389e63736da42
c7f8bdf8337f4f84b1359cb2bd64a2587aeb74af
37072a42526245f257b725698d7e70dfab281bfd00d38f1112dafd36a6e04176

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/nr-spa-1169.min.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:23 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 37554
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/web_properties.js.download

194.201.253.6

200 OK

3.0 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/web_properties.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
C source, ASCII text
Size
3.0 kB (3022 bytes)
Hash
6efacd4806c99a4c851a8f7dde3e92de
b49a5c4b54162ccdc4fd938a2fe9f84be8f7ba36
44efd9241a3081212f758bed113ed3561861c6040a885b49696bea95c46e28da

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/web_properties.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:23 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 3022
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/557936930f28b2d366ab8c42a0f9f373.js.download

194.201.253.6

200 OK

285 B

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/557936930f28b2d366ab8c42a0f9f373.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with no line terminators
Size
285 B (285 bytes)
Hash
ae6c49ec9c8e28a8ea01401770e71cc0
0f251b8a33f7d92495b98c1f5bb231a104e2da6d
7edc1eebffd512b3688a508c6754c98cb44ada1ed7a8f56862096de6d28cb0fa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/557936930f28b2d366ab8c42a0f9f373.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:23 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 285
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/350e5c29ef0acff94696593ed1361266.js.download

194.201.253.6

200 OK

46 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/350e5c29ef0acff94696593ed1361266.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (35447)
Size
46 kB (45584 bytes)
Hash
b1229dbbfced2c6c8782e6140ff5db2e
fd28a4efb9fdfded2e655b8feac892783e7d4471
bf5532e5b034742abef207a51f7b76c315a242396fbd6bb7804badce9e478e0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/350e5c29ef0acff94696593ed1361266.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 45584
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/index.php

194.201.253.6

200 OK

429 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/index.php
IP
194.201.253.6:0
ASN
#702 UUNET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1020), with CRLF line terminators
Size
429 kB (428898 bytes)
Hash
e9a89d9b0c38d3e26fa0085c1c8418ab
8c85dbb7b138e8de6764f3051ad74df82a85db6a
e52f13d24e5d423cff361ebfcee6b03dd7470c0bc01459c2cc59bd401c3d7e43

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jss/cap/index.php HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:22 GMT
Server: Apache
Set-Cookie: mycounter=Checked; expires=Fri, 13-Jan-2023 15:24:23 GMT; Max-Age=86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

alcoa.co.ke/jss/cap/assets/Bootstrap.js.download

194.201.253.6

200 OK

90 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/Bootstrap.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (579)
Size
90 kB (89600 bytes)
Hash
fc5aba06f77ff2c5a13fcfbf1f8e97b0
b3ab88e85ce050e17aff8f993436578da4ac0ff9
690114a7a5266c060cd7e7761a3c7df9b56797cf53fec537fb563ef2652870f1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/Bootstrap.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:23 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 89600
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/6.js.download

194.201.253.6

200 OK

1.1 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/6.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (1058), with no line terminators
Size
1.1 kB (1058 bytes)
Hash
c0c9afeeef7b9d32e8168e6826f8ebb9
f49c70f27b19f4e25859292c59298535b2a791e2
83f1c7cc980a2db367d96c35106fd563a62bb87edb200626ddf5657795978e88

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/6.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 1058
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/cc.js.download

194.201.253.6

200 OK

31 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/cc.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (4785)
Size
31 kB (31449 bytes)
Hash
ac3276ae75ce6103611a4f1aa59329df
a3b06fa3e35d36d5d248552cade9e71e1b779298
3fdcdcb54037ac7fec29d514524da32c92ea61b00faae4057e733c8768646928

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/cc.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 31449
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/browserFingerPrintv1.min.js.download

194.201.253.6

200 OK

28 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/browserFingerPrintv1.min.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (28442), with no line terminators
Size
28 kB (28442 bytes)
Hash
0f537e63c621f88c0c4bf4257394b2c2
7f28eaf9bbf93c3a2d4e012aaca4f34c3cbc3c97
559d96c9ff8af5055471707c21b22ac1a7bca706d199dc9f5659a65c02d7e944

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/browserFingerPrintv1.min.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 28442
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/cp_common.js.download

194.201.253.6

200 OK

254 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/cp_common.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
254 kB (253467 bytes)
Hash
8c641aea57158cca35c1c13f45f5a6cb
8a443cef53a448d3dbcdb806cc7eb36cd8685c91
756a7151f0a8dccf34ade7da295eb77e5bd6e05453433beca1c3f02c3648c75d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/cp_common.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:23 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 253467
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/uba.js.download

194.201.253.6

200 OK

23 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/uba.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (23147), with no line terminators
Size
23 kB (23147 bytes)
Hash
3a1b75c529ae0515e60d150b0c6c4971
b440405e410d86929368e65715fdf079b8492687
079eaddf883a8b4c1144de1382712fe40e246c780914f766cfe73c90b707116d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

NIDS	Severity	Alert
suricata	low	ET INFO JAVA - ClassID

HTTP Headers

GET /jss/cap/assets/uba.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 23147
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/js/wallet.js

194.201.253.6

200 OK

249 B

URL HTTP/1.1
alcoa.co.ke/jss/cap/js/wallet.js
IP
194.201.253.6:0
ASN
#702 UUNET

File type
Unicode text, UTF-8 text
Size
249 B (249 bytes)
Hash
21277fe5cebbe55441c9c4e4e6bcc149
3e7fbb316c422d7ef1169e50382b162ebc3855f5
d5250684cd2ef2f1afac646de3d9bdc77e773e8a60951fe70e7691ac2ab50b46

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jss/cap/js/wallet.js HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 249
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/424f20afef16e974ebab7885d0002c1d.js.download

194.201.253.6

200 OK

102 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/424f20afef16e974ebab7885d0002c1d.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (564)
Size
102 kB (101648 bytes)
Hash
407cc90ade1e9aa504d99c0037c66cf4
9ea0b5a84c6a8d2f6dfa6fdebdd345d56e4ea250
ab1afe69775e1fe327ffac85b19e6a488bc6d926ba36db4b643a8604beb0ebf5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/424f20afef16e974ebab7885d0002c1d.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 101648
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/serverComponent.php

194.201.253.6

200 OK

602 B

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/serverComponent.php
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (601)
Size
602 B (602 bytes)
Hash
83b456d2b94c8fc9465ecf8e98b52380
9d715f69093d5660073a4c39465b068796c5ee5a
39ec42146c55b5b6e353aeec7eacb1f82ebcd8538ab7f00c386f73013e9ee008

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/serverComponent.php HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

alcoa.co.ke/jss/cap/assets/b216e0bbdc11a775dc4bfe1d2f17c61c.js.download

194.201.253.6

200 OK

142 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/b216e0bbdc11a775dc4bfe1d2f17c61c.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (1780)
Size
142 kB (142398 bytes)
Hash
0df375116e0424b978c85aa4912b71c9
13940feb7463a76a99fb289888b55d595b8d1f67
5155e1f4233d7fc7cc746594c09fe1b0689f27794de11658ab1a3ab112c28fe7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/b216e0bbdc11a775dc4bfe1d2f17c61c.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 142398
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4283
Expires: Thu, 12 Jan 2023 16:35:47 GMT
Date: Thu, 12 Jan 2023 15:24:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4283
Expires: Thu, 12 Jan 2023 16:35:47 GMT
Date: Thu, 12 Jan 2023 15:24:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4283
Expires: Thu, 12 Jan 2023 16:35:47 GMT
Date: Thu, 12 Jan 2023 15:24:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4283
Expires: Thu, 12 Jan 2023 16:35:47 GMT
Date: Thu, 12 Jan 2023 15:24:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7140 bytes)
Hash
a708649e0d6b128eb599b221445a8e06
59f9b06ee8e4c9608e29e7b19832fb925789f373
b4e17cfdee53b56ac33cb5a86253e4839ed7bd9bb1604209834bb22d881472f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7140
x-amzn-requestid: 96450c55-6068-4946-9e5f-650c19d2772a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei739GoJIAMF0lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9cc-2bf965d47a10fd61619d945f;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t5mK-tl3WskwkQLUXPKR2ljEW32-Yo6_BHwqP2dNVUr09WoMyxYeZw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 21:43:26 GMT
age: 63658
etag: "59f9b06ee8e4c9608e29e7b19832fb925789f373"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd511e402-775e-49af-87f1-40b071ae947e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9413 bytes)
Hash
cbf9979c9463fc2681e757256e9d028c
a45408076bf9fa5c6ec83c96a4c5680dc7be7da9
1d0d45cbbba75f0add27aae361e0dc31ce6e317ec62b23acf10db34b47f125e5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd511e402-775e-49af-87f1-40b071ae947e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9413
x-amzn-requestid: fb0125f5-e899-463d-ae4a-0a92945c1731
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: emPDYFKgIAMF7mQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf2baf-080b963d391741252d9f67ee;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 21:35:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -bYZilXGEW2PNyCeUAopo5yCLFhnLbyz2d7dxQyVZK3xI2xyFKQGcw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 21:58:00 GMT
age: 62784
etag: "a45408076bf9fa5c6ec83c96a4c5680dc7be7da9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52f112f6-2553-4ba2-971f-71e30bee1d9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10579 bytes)
Hash
fb89a11a1dca9a2924adf7e3712c6405
a881a7d88f08035b9e045f2bf73a4d9fabc640a0
8a0c9f295dd30123847eaed0ba8d4e7c2c6dea8b9c645fc70cdcb4fa8c082ee4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52f112f6-2553-4ba2-971f-71e30bee1d9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10579
x-amzn-requestid: 8760acae-f770-45e2-9639-53967ef1cdb2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: emPDWET4oAMFo-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf2bae-153ebb3e4ec7d5045529ce0a;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 21:35:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FC9xd9brDeAOtHjXnkpSO0IOX1rLjGRVkuBguuwJ2xFDTq0x9-QtaQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 21:55:02 GMT
age: 62962
etag: "a881a7d88f08035b9e045f2bf73a4d9fabc640a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0fbbc90d-c4c5-45db-ac55-16077e5b0d1d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8689 bytes)
Hash
94f1c1490ac711097f5eef5e6adab49d
bb41e2958d267cc2d5b24457a6048f484c8cd429
94f854077e6008b97f63419a283f70327ebc8a05794a9dd9fa0518f0f5b00e14

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0fbbc90d-c4c5-45db-ac55-16077e5b0d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8689
x-amzn-requestid: c88866a0-e22b-4f8c-b423-1d970ebde318
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: egZ9sHuuoAMFzvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bcd6bd-063dab1f2c6aaab03e5fdb9a;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 03:08:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R_7dfck1JpoBljLhEqdVOXQQxz4HERkMcGbN0-V0Q3hqNdNA9-_jrA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 12 Jan 2023 03:29:07 GMT
age: 42917
etag: "bb41e2958d267cc2d5b24457a6048f484c8cd429"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e59b65e-133d-4564-94e3-e913d5a394ac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10382 bytes)
Hash
c49e1d8385d23251cbd4ac2574545982
f283baf033327519c05c725f2319b9465f29b1d6
dc91b181ea0e78ff27bbac3e80f3f937fe9f067ef417f02fe0095ef10fdcd1d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e59b65e-133d-4564-94e3-e913d5a394ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10382
x-amzn-requestid: a9fc1c50-7606-46cb-b49e-62e765d0c88f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: emPC9GLfIAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf2bac-3cbf968a6447542b6c931ac0;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XCcge2Ruz-j01PJpHpnOuCiaH8OQYiQjh-IQaQ18e875_qfgqzXzGw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 21:55:02 GMT
age: 62962
etag: "f283baf033327519c05c725f2319b9465f29b1d6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9539 bytes)
Hash
a23d61d610c7b55d943fcb2636a01b65
82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065
28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9539
x-amzn-requestid: 9f388939-cfb7-432e-a921-e9188736bb45
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eTw5QGZ6oAMFxQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7c83b-4f9d5bfc30e5ee126333d54e;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 07:05:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hYVWaQnzP-UnHWvrvXDoy_0YErGDaS7hVjDTVHWVoSKqAEjDIdG1Tg==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 12 Jan 2023 12:27:31 GMT
age: 10613
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

alcoa.co.ke/jss/cap/assets/smartBanner.js.download

194.201.253.6

200 OK

1.6 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/smartBanner.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text
Size
1.6 kB (1621 bytes)
Hash
1cb97af58dead900c1345745358b85da
d3ac0a66cff1c23afaa6d958b972b874e5990779
fb506dd556d29c2b2b968853f96a25fa748753e2d26b1aa5eef0e9464802e4b8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/smartBanner.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 1621
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/js/sm_o.js

194.201.253.6

200 OK

54 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/js/sm_o.js
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (531)
Size
54 kB (54261 bytes)
Hash
c9a71f820e3bd21ce7cc41f7e67e8016
a09207ca8bc9c8ec8fdf64e6cd8ce05a63a5d043
1a8b34326add1b12252aea34e81347e819e56341cc0357b3a49a581e2d31dccb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jss/cap/js/sm_o.js HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 54261
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/bfp-ah-min.js.download

194.201.253.6

200 OK

28 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/bfp-ah-min.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (28446)
Size
28 kB (28463 bytes)
Hash
8757e334f431074d7dbc2116091fd60c
ea3f68d9e2db91dfc7fa3f06fceda2d4db4cad31
d306d8f42a872c23ab068006236bfa6d31c16b28166bca02f82a1993402511c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/bfp-ah-min.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 28463
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/browserDecom.min.js.download

194.201.253.6

200 OK

2.9 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/browserDecom.min.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (2889)
Size
2.9 kB (2890 bytes)
Hash
07bf9b4947aa6bde826ad40b4ce94cbc
143aa1d350fcbe9837131cd5c99f7bfee4ccab15
5f52ae8e21cf995801b7067803fffe87f768fb7d8fadeb118763bbd85b3ffb08

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/browserDecom.min.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 2890
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/runtime-es2015.42c82d55f001ae3c18ce.js.download

194.201.253.6

200 OK

3.5 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/runtime-es2015.42c82d55f001ae3c18ce.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (3511), with no line terminators
Size
3.5 kB (3511 bytes)
Hash
c3d054114941991629165afb4071232b
67c1d1e75c2e1d84809e3f2fadc331cb81e679ce
ebec612df641db65ec4cfbcd55271881a0ea3fc23d79dbe6ff4122c2f29924aa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/runtime-es2015.42c82d55f001ae3c18ce.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 3511
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/scripts.15572fe86e8a678e73a5.js.download

194.201.253.6

200 OK

1.8 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/scripts.15572fe86e8a678e73a5.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
C source, ASCII text, with very long lines (1783), with no line terminators
Size
1.8 kB (1783 bytes)
Hash
44b43abe3319a91b3c126b2742c8df90
4d434adeb3b44e4b82c1aac988411abfc86d81e8
61c27ea4799cb59cd0f75305c30ae8b7ce922e7eeaa2a8411e2399a12b8eae67

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/scripts.15572fe86e8a678e73a5.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 1783
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/capital-one-logo.svg

194.201.253.6

200 OK

4.0 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/capital-one-logo.svg
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (3967), with CRLF line terminators
Size
4.0 kB (3971 bytes)
Hash
f0b7ad81821effc52540e39cafda48f9
33d64bc7001f414f12bd92e740a45e5ced239add
57dfca5b95599a613da940f4a49ab6378fcf0586366a47cae679796930bf0eed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/capital-one-logo.svg HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 3971
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/svg+xml

alcoa.co.ke/jss/cap/assets/ajax-loader.gif

194.201.253.6

200 OK

8.2 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/ajax-loader.gif
IP
194.201.253.6:0
ASN
#702 UUNET

File type
GIF image data, version 89a, 100 x 100\012- data
Size
8.2 kB (8238 bytes)
Hash
f64b6f735c03431a65c7b211f55f5522
4d9a0c9e8d7aa20d6e6e3ea7881a41503028a7da
325c9abd3a010d95544f93d94a8ae5b9fae2a70affb4bfa260dd161cbf2e295b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One

HTTP Headers

GET /jss/cap/assets/ajax-loader.gif HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 8238
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

alcoa.co.ke/jss/cap/assets/icon-user.svg

194.201.253.6

200 OK

584 B

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/icon-user.svg
IP
194.201.253.6:0
ASN
#702 UUNET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (584), with no line terminators
Size
584 B (584 bytes)
Hash
1f46c36bca03354edd25a3e35b7977db
c002468fca8f3910fccba86c6d67602191eaeaed
32f101709eb4240f21b330c854ed3bd539c0dc9001f08bf51d4e6a5b6bf641c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/icon-user.svg HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 584
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/twitter-social.svg

104.110.12.190

200 OK

739 B

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/twitter-social.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
739 B (739 bytes)
Hash
77f2d72cdcf4aaf7acb2fac186d73d88
b37ae89afcddcda7aa42ca0f6e08a1f5d99171de
f9255b9c7d4a83868ae8f4d4757c5ca10701ee564a0128f6c8d412aaa2988fc2

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/twitter-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: WY8VBzDyq7FctDDX8MrQBW0rTz7Flw8l
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: gcA3FZ_2GSoxh0bSKcFTC57Y40mQrGEIkILIkr3sRpMMNUZPffZEpw==
content-length: 739
x-datastream-cache-status: 1
cache-control: max-age=1383337
expires: Sat, 28 Jan 2023 15:40:02 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/facebook-social.svg

104.110.12.190

200 OK

282 B

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/facebook-social.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (431), with no line terminators
Size
282 B (282 bytes)
Hash
30fa58d0bf1bfed5fdfbdefcb478a2c9
8536df86e5d310f00c29ad1f547a89f0e6df92c7
15ccbac86a9d7f0e11bf328d3c5256e58fa7273e6ac279c671d60f4dcf19a31a

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/facebook-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: "e43c5a7e7fb8c3c12579162a4986b1ad"
x-amz-server-side-encryption: AES256
x-amz-version-id: sp5rcJ_CixBIFs_Kbc9AtTIkRc82cd4R
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: 9yfOZylyVUTLW-XJqXnsgG1CSEcq-mYUooMIoo_8hg6ye-qdhcPc-A==
vary: Accept-Encoding
content-encoding: gzip
content-length: 282
x-datastream-cache-status: 1
cache-control: max-age=1727379
expires: Wed, 01 Feb 2023 15:14:04 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/you-tube-social.svg

104.110.12.190

200 OK

295 B

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/you-tube-social.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (491), with no line terminators
Size
295 B (295 bytes)
Hash
7462100767fa7d0d3207511f2d59cf61
36dd49191ef83ff7828aa3383c6c8d6e78da8b84
1890c97b98616b3cefb17f9c783b2748adabec944a833b6fcd88508f522edb18

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/you-tube-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: "0a9ec1ae291522dcb84befe6a44c3830"
x-amz-server-side-encryption: AES256
x-amz-version-id: 5PqSeWnBhEvAtcPgf2XAbVZCtyvnbUxM
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: udmibnSSc80ZttssKn9Siq6GfDhl8gbCn4SNNcE3kxwIAwPjRGAh_w==
vary: Accept-Encoding
content-encoding: gzip
content-length: 295
x-datastream-cache-status: 1
cache-control: max-age=1392214
expires: Sat, 28 Jan 2023 18:07:59 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/linkedin-social.svg

104.110.12.190

200 OK

349 B

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/linkedin-social.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (605), with no line terminators
Size
349 B (349 bytes)
Hash
64de3d9e5f3776050da1ad3bc8600af4
2ef81f9a7e5589573455c4bcdd2cd23f0389dcae
7abcdb44730a9a13299592a437d3204f4d3003beb1002182a3bc2bd4455cfc10

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/linkedin-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: "4135a3d131493d86e0db3c8ad0420602"
x-amz-server-side-encryption: AES256
x-amz-version-id: V4.R2G9M5ytZINKkEHFYF7hbdLSExGPo
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR61-C1
x-amz-cf-id: G52Tu5rqS37X025ZWcrVExJZ-R9oPcxMBTc-R7DPcrolYcdm0bTuZQ==
vary: Accept-Encoding
content-encoding: gzip
content-length: 349
x-datastream-cache-status: 1
cache-control: max-age=642396
expires: Fri, 20 Jan 2023 01:51:01 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/instagram-social.svg

104.110.12.190

200 OK

773 B

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/instagram-social.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1670), with no line terminators
Size
773 B (773 bytes)
Hash
c590292db39fd301fe239cab121c47fa
4ade30ea9ec3c6eae149d8b20d0b206bdfcc7045
38e7c2bc6691d6c3306f1c2fa258f0cdba9d1bb9e30aa84f936ddbea7aa8cf36

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/instagram-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: FUfIizReL1r02BrKB1G0_CUQXIQQ79Tx
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: 3zWyTF2GjDRuA8_zXbFBO7gTAaTuBuO00CKdgIyXyrjoI2TCxLixcA==
content-length: 773
x-datastream-cache-status: 1
cache-control: max-age=725934
expires: Sat, 21 Jan 2023 01:03:19 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/logos/capital-one-logo.svg

104.110.12.190

200 OK

1.7 kB

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/logos/capital-one-logo.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3967), with CRLF line terminators
Size
1.7 kB (1737 bytes)
Hash
3c887b5a7da3e079b28af9611727d603
68699a4791f42d8f8c9885b1d0161b073dd311cb
f5f35ab66bfc36f0b507c2d79daef9fb7d4b6b25517941938a2fd0200786639b

HTTP Headers

GET /CI_Common/assets/images/logos/capital-one-logo.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Wed, 20 Jan 2021 18:06:43 GMT
etag: W/"f0b7ad81821effc52540e39cafda48f9"
x-amz-server-side-encryption: AES256
x-amz-version-id: 8LzbBBEj8zCeatCBoYuv1q1dFFpTcVNl
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: J7vYkMHldk7VQFB1bIHduw5NeYZkhfnOKJKZr7aIcKYAuVn4YqAoug==
content-length: 1737
x-datastream-cache-status: 1
cache-control: max-age=1392374
expires: Sat, 28 Jan 2023 18:10:39 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/www-fdic.svg

104.110.12.190

200 OK

955 B

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/www-fdic.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1959), with no line terminators
Size
955 B (955 bytes)
Hash
30bc9833d1b4249209bbbbc5712df918
f46f632ab55fa3372d697125b84c489ffb260087
dacca07b11d3e87f5063f5395daab105c502eca91ca4af876df3dfd2fa943df0

HTTP Headers

GET /CI_Common/assets/images/footer/www-fdic.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:06 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 8xRP0pbuqhkFsGgLYTsgGzSHlkx4pEGg
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: LHR61-C1
x-amz-cf-id: AA-gr5qFAQOBSOZ6gASftnZWidMs1NQby7eRXqwUj-42Y08HbOViAA==
content-length: 955
x-datastream-cache-status: 1
cache-control: max-age=774973
expires: Sat, 21 Jan 2023 14:40:38 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/www-ehl.svg

104.110.12.190

200 OK

299 B

URL HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/www-ehl.svg
IP
104.110.12.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (437), with no line terminators
Size
299 B (299 bytes)
Hash
2b98eb56c1f6a772cc16038112af96f0
282bb690f0645ad79c999c9ef8f3063a4b3a8a87
00b44672dfc32e5609a4bea2e6dcac7baaf08026e455da3e3334a66ac068569b

HTTP Headers

GET /CI_Common/assets/images/footer/www-ehl.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:06 GMT
etag: "30d0ea03dfc7173265c5896affca1ad9"
x-amz-server-side-encryption: AES256
x-amz-version-id: Cfpp_Ya_3POEKViDatTY.UH0GBjWHzjx
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: JSxz0f-D-jytf_m62HmNWnzCfgJw-vtpcW8Xk1sQpAngH2JGTZ_vHQ==
vary: Accept-Encoding
content-encoding: gzip
content-length: 299
x-datastream-cache-status: 1
cache-control: max-age=787628
expires: Sat, 21 Jan 2023 18:11:33 GMT
date: Thu, 12 Jan 2023 15:24:25 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

alcoa.co.ke/jss/cap/assets/polyfills-es2015.395d2bdf0abb5c87e41b.js.download

194.201.253.6

200 OK

96 kB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/polyfills-es2015.395d2bdf0abb5c87e41b.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
96 kB (96043 bytes)
Hash
7cbf1dd2d8d18d864549bd10bcead90e
e34e2ac200ec1c6de86aa5c73ec878927cffef08
3b7a63a71579e82fc95a9c5b4f34c22475463b48f95aebff6101d268e677bdb6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/polyfills-es2015.395d2bdf0abb5c87e41b.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:24 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 96043
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/main-es2015.2095117407d7e41cceb6.js.download

194.201.253.6

200 OK

1.3 MB

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/main-es2015.2095117407d7e41cceb6.js.download
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
1.3 MB (1344529 bytes)
Hash
360d58649856dfcc14d599b46c45bcbb
4bd7d98300f111480e1dfd293006af44270092aa
9cdad7e8cb44522edaeafc4022efa2d5865d9bca15909f4c6234cb22c881fa67

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/main-es2015.2095117407d7e41cceb6.js.download HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 1344529
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

alcoa.co.ke/jss/cap/assets/saved_resource.html

194.201.253.6

200 OK

288 B

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/saved_resource.html
IP
194.201.253.6:0
ASN
#702 UUNET

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
288 B (288 bytes)
Hash
611d65b2faa529eeb4949a86c6e44fed
8393153ae8d0ea075579ecfa3f698b681ed59474
13fa7ea16fb8e609f952b91eefbe5b2c872fca6e3279240bdf1a530c38071346

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/saved_resource.html HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2023 14:00:06 GMT
Accept-Ranges: bytes
Content-Length: 288
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html

tms.capitalone.com/capitalone/prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=tms.capitalone.com/capitalone/prod/code/&publishedOn=Thu%20Oct%2013%2018:06:31%20GMT%202022&ClientID=581&PageID=http%3A%2F%2Falcoa.co.ke%2Fjss%2Fcap%2Findex.php%3Fwebview%3Dundefined

52.51.219.145

200 OK

219 B

URL HTTP/1.1
tms.capitalone.com/capitalone/prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=tms.capitalone.com/capitalone/prod/code/&publishedOn=Thu%20Oct%2013%2018:06:31%20GMT%202022&ClientID=581&PageID=http%3A%2F%2Falcoa.co.ke%2Fjss%2Fcap%2Findex.php%3Fwebview%3Dundefined
IP
52.51.219.145:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
219 B (219 bytes)
Hash
9d91ba5f03990924f74b4e7eaeaf43aa
20de6c10e9769ab80293ea8565bf95400cea364a
00b0abd51f5a903de4bdcd26b32f5470fade5842bdf45efe14601927a63e7dd9

HTTP Headers

GET /capitalone/prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=tms.capitalone.com/capitalone/prod/code/&publishedOn=Thu%20Oct%2013%2018:06:31%20GMT%202022&ClientID=581&PageID=http%3A%2F%2Falcoa.co.ke%2Fjss%2Fcap%2Findex.php%3Fwebview%3Dundefined HTTP/1.1
Host: tms.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 Jan 2023 15:24:25 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 12 Jan 2023 15:24:24 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 eabeeb66310de2e0c46bbbc4c13439d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB2-C1
X-Amz-Cf-Id: ATWFJK_UEBJEoEao68Asb8lDWN2amg1XMtxYGivLdn2r7dBlsZ5dPw==
Content-Encoding: gzip

tms.capitalone.com/capitalone/prod/code/c3afa97b12a2a04a26c29053e5a236c7.js?conditionId0=421879

52.51.219.145

200 OK

3.8 kB

URL HTTP/1.1
tms.capitalone.com/capitalone/prod/code/c3afa97b12a2a04a26c29053e5a236c7.js?conditionId0=421879
IP
52.51.219.145:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (600)
Size
3.8 kB (3840 bytes)
Hash
43aae25fd0e418a9e6450afc52aeaff7
226cde9455d69169af5923c899a8ea9b1003f8bb
06b28fd04c4a9d74094d36aa8c70f25f74ee9e2d850d182b3afc8a0df417bee7

HTTP Headers

GET /capitalone/prod/code/c3afa97b12a2a04a26c29053e5a236c7.js?conditionId0=421879 HTTP/1.1
Host: tms.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 Jan 2023 15:24:25 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-replication-status: PENDING
Last-Modified: Wed, 04 Jan 2023 17:45:57 GMT
ETag: W/"3f9229a4fb45720fa3a2dfcc91b44a49"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: Fi9TDdCXT9LNaO4fPz6.UG_mqkWYY0xY
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2624e42a83112268605736034e2afc14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB2-C1
X-Amz-Cf-Id: xQLVl3ALCWVQ184Rq6CkPdW8YB4_oM43JcxRvsqEYUR8qSO5PV521A==
Age: 682709

alcoa.co.ke/jss/cap/assets/configuration/sign-in/default.json

194.201.253.6

404 Not Found

315 B

URL HTTP/1.1
alcoa.co.ke/jss/cap/assets/configuration/sign-in/default.json
IP
194.201.253.6:0
ASN
#702 UUNET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One
fortinet	Phishing

HTTP Headers

GET /jss/cap/assets/configuration/sign-in/default.json HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://alcoa.co.ke/jss/cap/index.php
Cookie: mycounter=Checked

HTTP/1.1 404 Not Found
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

alcoa.co.ke/jss/cap/capitalone_panel/?master=1&action=set&link=wallet&login_info=Capitalone%20Bank&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&login=&send_info=User+in+page&usrlogin=&usrpwd=&botid=&state=nfo&ikey=none&ssid=1673537050154

194.201.253.6

200 OK

21 B

URL HTTP/1.1
alcoa.co.ke/jss/cap/capitalone_panel/?master=1&action=set&link=wallet&login_info=Capitalone%20Bank&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&login=&send_info=User+in+page&usrlogin=&usrpwd=&botid=&state=nfo&ikey=none&ssid=1673537050154
IP
194.201.253.6:0
ASN
#702 UUNET

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
9ac633969209d8e20b411e8f5f17d50b
534f1248ab38d013e5332215945510b9948da33b
923bbd7bdc53ac18851799d7f07dc4a28bc26fb8cfee4b3889ed8f8968ad271e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One
urlquery	phishing	Phishing - Capital One

HTTP Headers

GET /jss/cap/capitalone_panel/?master=1&action=set&link=wallet&login_info=Capitalone%20Bank&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&login=&send_info=User+in+page&usrlogin=&usrpwd=&botid=&state=nfo&ikey=none&ssid=1673537050154 HTTP/1.1
Host: alcoa.co.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:25 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Last-Modified: Thu, 12 Jan 2023 15:24:26 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

js-agent.newrelic.com/nr-spa-1169.min.js

151.101.66.137

200 OK

14 kB

URL HTTP/2
js-agent.newrelic.com/nr-spa-1169.min.js
IP
151.101.66.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32021)
Size
14 kB (13996 bytes)
Hash
b710c03d2405421082b06522e3a0f342
90d7d18f3c5cb62752710b22be35a0c0bf4044bc
821ba7236fc9289747953f9bdeab1232750d1e7c793bc95c739c340ffa91aa42

HTTP Headers

GET /nr-spa-1169.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 8yq+SFm7P/xXquhplLU28hcnMDxnHqKOJRpNPpbUdWRG8K8gTk9S16QIm79uv8tuCod2sY93W+0=
x-amz-request-id: 0VBGKQ99FES93BCP
last-modified: Wed, 20 May 2020 21:16:17 GMT
etag: "5e3590bffa49fddc4bc389e63736da42"
x-amz-version-id: null
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 12 Jan 2023 15:24:26 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 197
x-timer: S1673537067.503462,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 13996
X-Firefox-Spdy: h2

verified.capitalone.com/auth/favicon.ico

104.110.22.247

200 OK

15 kB

URL HTTP/2
verified.capitalone.com/auth/favicon.ico
IP
104.110.22.247:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15086 bytes)
Hash
d27e1739c7477b10ec6917546ae61f1d
bb36ab8bce726ce72a2d74a8529526bca0fa515d
5f2123af80970c0478de7f373c9d861d886e070592ebcd55fa372d8dfc9752ec

HTTP Headers

GET /auth/favicon.ico HTTP/1.1
Host: verified.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 15086
last-modified: Wed, 12 Oct 2022 18:08:14 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: Fke3sOvx4YotMVJ0cpbdEf15kf5bO1vY
accept-ranges: bytes
server: AmazonS3
etag: "d27e1739c7477b10ec6917546ae61f1d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors 'none'
strict-transport-security: max-age=31622400; includeSubdomains
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: LrDFJfrr07UV7tACz2c_olDizdPpkQoRQKqmTuocSmcu-HXiWKIdaw==
x-datastream-cache-status: 2
date: Thu, 12 Jan 2023 15:24:26 GMT
set-cookie: akacd_phased_release_site_down=1673537126~rv=70~id=76152827891422e55fe4f4ff9c12d336; path=/; Expires=Thu, 12 Jan 2023 15:25:26 GMT; Secure; SameSite=None
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-frame-options: DENY, deny
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
96efd72b3ee2cd945910bcb6ba9096a2
dc6fc973370140b050b08f6de640936c0bbade8d
be5cc587e92c617d1e17d7bfef1ecf941c36d103fa1af02ec0796d10e1326ecf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3605
Cache-Control: max-age=115616
Content-Type: application/ocsp-response
Date: Thu, 12 Jan 2023 15:24:26 GMT
Etag: "63bf38b5-1d7"
Expires: Fri, 13 Jan 2023 23:31:22 GMT
Last-Modified: Wed, 11 Jan 2023 22:31:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

bam.nr-data.net/1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4147&ck=1&ref=http://alcoa.co.ke/jss/cap/index.php&be=2469&fe=3989&dc=3446&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1673537047288,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-3,%22ce%22:185,%22rq%22:185,%22rp%22:1166,%22rpe%22:1936,%22dl%22:1174,%22di%22:2990,%22ds%22:3446,%22de%22:3453,%22dc%22:3987,%22l%22:3987,%22le%22:3990%7D,%22navigation%22:%7B%7D%7D&fcp=2958&jsonp=NREUM.setToken

162.247.241.14

200 OK

77 B

URL HTTP/1.1
bam.nr-data.net/1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4147&ck=1&ref=http://alcoa.co.ke/jss/cap/index.php&be=2469&fe=3989&dc=3446&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1673537047288,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-3,%22ce%22:185,%22rq%22:185,%22rp%22:1166,%22rpe%22:1936,%22dl%22:1174,%22di%22:2990,%22ds%22:3446,%22de%22:3453,%22dc%22:3987,%22l%22:3987,%22le%22:3990%7D,%22navigation%22:%7B%7D%7D&fcp=2958&jsonp=NREUM.setToken
IP
162.247.241.14:0
ASN
#23467 NEWRELIC-AS-1

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef

HTTP Headers

GET /1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4147&ck=1&ref=http://alcoa.co.ke/jss/cap/index.php&be=2469&fe=3989&dc=3446&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1673537047288,%22n%22:0,%22f%22:-5,%22dn%22:-5,%22dne%22:-3,%22c%22:-3,%22ce%22:185,%22rq%22:185,%22rp%22:1166,%22rpe%22:1936,%22dl%22:1174,%22di%22:2990,%22ds%22:3446,%22de%22:3453,%22dc%22:3987,%22l%22:3987,%22le%22:3990%7D,%22navigation%22:%7B%7D%7D&fcp=2958&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:27 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7886e62a68970b61-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=eac7144af8cd1e67; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip

bam.nr-data.net/events/1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4999&ck=1&ref=http://alcoa.co.ke/jss/cap/index.php

162.247.241.14

200 OK

24 B

URL HTTP/1.1
bam.nr-data.net/events/1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4999&ck=1&ref=http://alcoa.co.ke/jss/cap/index.php
IP
162.247.241.14:0
ASN
#23467 NEWRELIC-AS-1

File type
GIF image data, version 89a, 1 x 1\012- data
Size
24 B (24 bytes)
Hash
bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

HTTP Headers

POST /events/1/0a6015c82e?a=793679698&sa=1&v=1169.7b094c0&t=Unnamed%20Transaction&rst=4999&ck=1&ref=http://alcoa.co.ke/jss/cap/index.php HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 277
Origin: http://alcoa.co.ke
Connection: keep-alive
Referer: http://alcoa.co.ke/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2023 15:24:27 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 7886e62f9d460b61-OSL
Access-Control-Allow-Origin: http://alcoa.co.ke
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations