Report - authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377

Report Overview

URL

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
IP

20.254.66.73

ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted

2022-11-20T12:31:43Z

Access
Tags

None
urlquery detections

Phishing - Citizens Bank

Detections

urlquery

18
Network Intrusion Detection

0
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org (6)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2028	5317	23.36.76.226
ocsp.digicert.com (2)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682	1594	93.184.220.29
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.35.74.102
devilsms.live (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	726	70247	199.188.200.254
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	63222	34.120.237.76
authctznma1n0.ath.cx (30)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14557	172695	20.254.66.73
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	34.102.187.140
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
ocsp.sectigo.com (2)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680	1928	104.18.32.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-19	medium	authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377	RBS Citizens Bank

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (2)

HTTP Transactions (53)

URL IP Response Size

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377

United States MICROSOFT-CORP-MSN-AS-BLOCK

20.254.66.73

200 OK

24641

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (2056)

Size

24641
Hash

9f828d1213fa3fcaa65bcd19e7823e7c

c3d516c13aac5ad601a6cd9a9ea9e96610753435

a8a4e068fb99fae1df77ccb09529e02b0400018c090c13cfd0265726336253c8

Detections

Analyzer	Verdict	Alert
openphish	RBS Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377 HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

eb76c0b3adf4098ad8a9d1e38250758f

99610ddb2b4ec6d04250ac244f966951695d4f00

01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10040
Expires: Sun, 20 Nov 2022 15:18:52 GMT
Date: Sun, 20 Nov 2022 12:31:32 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

2061bb5a62c7dbe5a39e49a98bf7d214

812ff4923fc0fa69fa7db7c362d5af728e297099

6f0c1ecd37ba47802a386c487e3c2eb1794a06e8b9f56e016326686e3d80ef92

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3200
Cache-Control: max-age=168792
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 12:31:32 GMT
Etag: "637a01fc-1d7"
Expires: Tue, 22 Nov 2022 11:24:44 GMT
Last-Modified: Sun, 20 Nov 2022 10:31:24 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

d130218d0e2841f39c99610fe1a2ab90

29fbe1e177ee55c7a61ae0a206afff271cf5f945

6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 20 Nov 2022 11:45:14 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2778
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e7724a1f27dc1b5b2fb63c7e486f74db

ef0ea648ce8bc189d31382baec4b181c724af93b

2a46916079563d95fa6a695104ebf41829ee95a156d6e4d45b9aef7231a8a80e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A46916079563D95FA6A695104EBF41829EE95A156D6E4D45B9AEF7231A8A80E"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8982
Expires: Sun, 20 Nov 2022 15:01:14 GMT
Date: Sun, 20 Nov 2022 12:31:32 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: ijO9ghjYdnYr6b3WFa10/8X+l6r44l2J7jLoV2mOmP7oJ1eNDnHc0WOWnfdobONTe26udAPrZug=
x-amz-request-id: CEP7713SXCXR6MTZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 20 Nov 2022 11:41:42 GMT
age: 2990
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 12:31:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/normalize.css

20.254.66.73

200 OK

9696

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/normalize.css
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

9696
Hash

ebb479dd9f58736c30739ce9e551010d

f9751153a26e815f3161abd77e1a2a3f97a02ae6

90cb33de6ced42c1ce82fd4a3a0b014f2ce29179ab85e24ebfa7abd73fabd9d8

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/normalize.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 9696
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css

20.254.66.73

200 OK

8900

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Unicode text, UTF-8 text

Size

8900
Hash

63b00c36f13f7bd0112c5d3c6e0d1ad0

f5ea43b50ab8c8d12317dcd56d953cd640ec0133

785818872f719d6d46b9e00e9cdb942779f111aec0421d983ad2a6e02b0e8c3a

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 8900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/ad-containers.css

20.254.66.73

200 OK

7585

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/ad-containers.css
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

7585
Hash

10cf523dd8bc660eb53f3c56783f5fed

9f6df41bda3d811f4d774544f15573023e25eca8

27fd729324c41d300a6f74a95b20b54feca49388cbffeb89933bb18b5764a7b5

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/ad-containers.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 7585
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/jquery-ui-1.10.3.custom.min.css

20.254.66.73

200 OK

22332

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/jquery-ui-1.10.3.custom.min.css
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with very long lines (1404)

Size

22332
Hash

75c7f7f34cb3c6deb89891e022266252

4ba3a397da8746f97b53186e6ec14e704bda003a

daa294bf8eaa7ddd13aeb7d3d462fb53f0c8b080ed1abe2531360892408327cf

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 22332
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/citizensns.min.44438.css

20.254.66.73

200 OK

5849

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/citizensns.min.44438.css
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Unicode text, UTF-8 text

Size

5849
Hash

d9cd3279c50bebdf7371f4c6db6d0d1d

74c0f0bf7786f8bc6d33b831a7d92897fe321fd0

f832c2f83056bbd60a50417f461897bfa4e783df933cafeb7fe91ddf81f6ae33

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/citizensns.min.44438.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 5849
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/cp_challenge/sec-3-5.css

20.254.66.73

200 OK

2277

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/cp_challenge/sec-3-5.css
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

2277
Hash

a8d7730ebae7d5a0f9f1b28705910c82

8c2a3f4543d2326f5803e32ceda9ce60572cafc6

e094fbcf1596ac0af1fe05cd7d6b8724b77dc71c9219deb63738ccae1fdeb2ad

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/cp_challenge/sec-3-5.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 2277
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css

20.254.66.73

200 OK

60617

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text

Size

60617
Hash

5c037b9fa5c1436afc0beef12818a53a

e3208a8dd6d2bbd84631b9a59a044653ebd766f0

3e1e20f8191f692da7ac00c865c48320c19e71585d471a02e2b93e3b3c0b1fc3

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 60617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/lock.png

20.254.66.73

200 OK

349

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/lock.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data

Size

349
Hash

6f9f05d66a5410b90817d0cc6db92b03

891273e368982cdd9ce5408dda3877c52fe72a2e

9b87191a74f704fe3c917fe2a2f17fa3ac20da84f1c361cd3f41802a437f61d5

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/lock.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 349
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/fdicFooter.gif

20.254.66.73

200 OK

2245

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/fdicFooter.gif
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

GIF image data, version 89a, 56 x 24\012- data

Size

2245
Hash

a0742f4f717eac3a1e61f53cbbec74f2

f85639ee91bccd2bddaf043b80c892ae6b700d49

dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/fdicFooter.gif HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-linkedin.png

20.254.66.73

200 OK

3239

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-linkedin.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data

Size

3239
Hash

b187d1cd61b1912b22ebfb4efce30bad

b502a6ed3e50ffe6da8d8d5114fd404650d38ea7

fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-linkedin.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/CTZ_Green-01.png

20.254.66.73

200 OK

5277

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/CTZ_Green-01.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data

Size

5277
Hash

beb4d1c9f430bb08a4ed54df069e8f0c

39950ddd690d1cbe2d08610da5c11c854450523f

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/CTZ_Green-01.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 5277
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/equal-housing.gif

20.254.66.73

200 OK

1134

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/equal-housing.gif
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

GIF image data, version 89a, 14 x 9\012- data

Size

1134
Hash

39fc59327cb01ffbd5ab0ece1b08fba4

6cc1099707564164c3de6f94714808cdb1c415a7

319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/equal-housing.gif HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-facebook.png

20.254.66.73

200 OK

395

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-facebook.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data

Size

395
Hash

25dbaaa7fa1bf41ca6614f1d2cf699f5

56a9e2459a275ef7178ff8c90c2b277265f64fb0

eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-facebook.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/efs/efs/grafx/icon-secure.png

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/efs/efs/grafx/icon-secure.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/efs/efs/grafx/flows-tooltip.png

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/efs/efs/grafx/flows-tooltip.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/efs/efs/grafx/arrow-button-white.png

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/efs/efs/grafx/arrow-button-white.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-twitter.png

20.254.66.73

200 OK

3295

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-twitter.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data

Size

3295
Hash

ab8d8dc7ea3d7b572b2dc47f2aebe5ae

900c9f837d9a015e6609b14eed6d99c384ec5441

9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-twitter.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/elh.gif

20.254.66.73

200 OK

1433

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/elh.gif
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

GIF image data, version 89a, 31 x 24\012- data

Size

1433
Hash

f79e78d673f51194d9b9021cbc72b5b3

79a917fad527cef8d96af24d142653f2f49109b3

56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/elh.gif HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-youtube.png

20.254.66.73

200 OK

3278

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-youtube.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data

Size

3278
Hash

09c8c4f0f417a049b8ab6acdd2581717

2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f

9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-youtube.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.woff

20.254.66.73

200 OK

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.woff
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with no line terminators

Size

94
Hash

494d5b5f24f681e3c43b52ea9bb1be4c

005ceb2099f9c3bf423ddb401479ee0a9dd8d63c

02d0c08ceab09da804ddb85b4e50adad35b9688dbcada103e8b03c61c4d393b1

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 94
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.woff

20.254.66.73

200 OK

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.woff
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with no line terminators

Size

93
Hash

2d3d1e9a820451d4aba30a6189adb344

5c2c9a1aab30b6d9c8af0eb29a59aa490b4cc8ab

15d76789030592dfced7878a6fcbb4222f0780b2e189bd5ffecc28eca68f577b

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.woff

20.254.66.73

200 OK

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.woff
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with no line terminators

Size

98
Hash

10477bffd26aae2d95743e565223edfa

f38c4988d4931d392cc889f6113d8b3261d631bd

ae61a4d9e2535ffa02754fa06adf4762452a4ee0d7fa2f08ec90d923a0463a30

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 98
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.ttf

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.ttf
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.ttf

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.ttf
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.ttf

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.ttf
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:32 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.sectigo.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

2a5268017008ffb2166d5bea44b13f95

5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d

212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=536310,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d134058c0bb4fd-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

2a5268017008ffb2166d5bea44b13f95

5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d

212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=536310,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d134059b30b4eb-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 20 Nov 2022 12:25:04 GMT
cache-control: public,max-age=3600
age: 388
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

27138f8625c320bd1434ccd92263b641

6a8f18728c9f324c1c631ffc85901d84ec4d0e0c

02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6416
Cache-Control: max-age=166936
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 12:31:33 GMT
Etag: "6379ee2d-1d7"
Expires: Tue, 22 Nov 2022 10:53:49 GMT
Last-Modified: Sun, 20 Nov 2022 09:06:53 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

devilsms.live/clve-min.js

199.188.200.254

200 OK

51069

URL HTTP/2

devilsms.live/clve-min.js
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

51069
Hash

724ad5d75674097f5d14e70982a3bc6e

87146103e33be6cdf8d828351685c70f2a6cb7e3

d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260

HTTP Headers

                                        GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 27 Nov 2022 12:31:32 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Sun, 20 Nov 2022 12:31:32 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.35.74.102

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.35.74.102:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +FBMvmhmAfV/OUWmEQY1CQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Y7j1mB19Sz7upkSj4hpDpar8vu0=

devilsms.live/cleave.js

199.188.200.254

200 OK

18428

URL HTTP/2

devilsms.live/cleave.js
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

Unicode text, UTF-8 text, with very long lines (1712)

Size

18428
Hash

fe9f66e28ad0fde897ddcb9571324491

e5ab8ed2bad2578458397898778be698dff70917

ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f

HTTP Headers

                                        GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 27 Nov 2022 12:31:32 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Sun, 20 Nov 2022 12:31:32 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

authctznma1n0.ath.cx/efs/efs/grafx/arrow-down-blue.png

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/efs/efs/grafx/arrow-down-blue.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/efs/efs/grafx/arrow-right-orange.png

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/efs/efs/grafx/arrow-right-orange.png
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.woff

20.254.66.73

200 OK

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.woff
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with no line terminators

Size

93
Hash

eba0198e09ac6c6d70f8300e903251ae

a32ec4928d4dfce66acf8bb360c741b120d2f3a6

d0d0a2db2f53b123855c80859445a56243265b9d65a7a7ef51c07ef6a760e4b7

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 12:31:33 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.ttf

20.254.66.73

404 Not Found

315

URL HTTP/1.1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.ttf
IP

20.254.66.73:0
ASN

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

                                        GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=67bfe727fabcd3d96529d3233cf739a7

                                        HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 12:31:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f7c5da16d7c4384a4c2454d6b0d84710

69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab

a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9412
Expires: Sun, 20 Nov 2022 15:08:26 GMT
Date: Sun, 20 Nov 2022 12:31:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f7c5da16d7c4384a4c2454d6b0d84710

69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab

a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9412
Expires: Sun, 20 Nov 2022 15:08:26 GMT
Date: Sun, 20 Nov 2022 12:31:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (2)

#1 JS:Script (size: 150943)

#2 JS:Script (size: 93486)

HTTP Transactions (53)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic