firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 20:14:02 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ELh8AfOXp4AKDoO4nq3cL58oQh7tmq3kaCW5MudEKNAfJ5FwhPNl2Q==
Age: 3414
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17881
Expires: Fri, 23 Sep 2022 02:08:57 GMT
Date: Thu, 22 Sep 2022 21:10:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 22 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _fZu1oy7qdsoMCCBv8SAYtziy99oUdvVLvZwhmCuHutgokDhUc6olA==
age: 59742
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 21:10:56 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 22 Sep 2022 21:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Thu, 22 Sep 2022 21:11:11 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3nsNjnMn_ExZbcG7E8pyXrCMf6FW0RDYz0_oxe3AmfubCH1E39HsPg==
Age: 455
ocsp.digicert.com/
200 OK 471 B IP
Hash 86624f45fb3b7126dbe002f69c94dd86
30bcf274db5037122f989fb25dbf1e72c9ec417b
2cc9600578cf057dc499835773fb495caa60ac154c4945f0fc1f2b31d43f5502
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6251
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:10:57 GMT
Last-Modified: Thu, 22 Sep 2022 19:26:46 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
connect-rbfcu.duckdns.org/online/login
200 OK 81 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/login
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6402fb949fd57a5f2d1553ad8066d0c2
1d5ac67ebe042ff7a9e88f505c2dd97dd9ee1e34
39de979727e004b3ba0a75f68881952b8295c745f519708496bf3e51382f2236
Analyzer Verdict Alert urlquery DynDNS domain detected
openphish RBFCU
fortinet Phishing
GET /online/login HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:55 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
connect-rbfcu.duckdns.org/online/assets/icon
200 OK 568 B URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/icon
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash a5e9276f826e5122d5520c564ff46fb2
9b58bed19646d1fd670b33c22fe886e117ee0d2c
415afc12cef02264dab61ba05de6b9eabb4146c0b4fedfbd160a1fb379f895d0
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/icon HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:55 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 568
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
connect-rbfcu.duckdns.org/online/assets/randolph-common.js.download
200 OK 418 B URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/randolph-common.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (418), with no line terminators
Hash f643fc130460c95df020a5f8db792a2d
7e21e16dc8608da03926d12b893c8100a2951bd3
358607e8e793528da34b88a1423b4f3deca11c45bf2a8bb1949d73e8c88cd0d6
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/randolph-common.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:55 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:40 GMT
Accept-Ranges: bytes
Content-Length: 418
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/randolph-common.js(1).download
200 OK 7.0 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/randolph-common.js(1).download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (7017), with no line terminators
Hash 2459832825c346d7f30eb6af48e9051d
680946f30c39834cc650197db3e39e40fa5a09f6
8b37bad31cd174ce669e8e146c66320a55b2e92f6d71114c5a9f0c83c11af9c5
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/randolph-common.js(1).download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:55 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:40 GMT
Accept-Ranges: bytes
Content-Length: 7017
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mI/1e3qB4FsMwdmlLZ7RLA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UA4NiU3Qc284QNKiuyERF29gMxg=
connect-rbfcu.duckdns.org/online/assets/css
200 OK 25 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 2cc8cbf33d71c88046717619349f9c9a
2256cdb48476a2750ddd67fd8c2b15cb18325a30
96d69ac0482cfaa6baa7b098732fdea0dcaa73a08dfc1b5b6e5d104e7923bb08
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/css HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 24640
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
connect-rbfcu.duckdns.org/online/assets/additional.js.download
200 OK 72 B URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/additional.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3483cbef7e80ce11d89cbe757a8448e6
ee41a520b00ec8f66f58897a53c17104cc8c2d88
aa336a5c506ccf90651922b6545257b3130da8d8020e63c416a2242b22958d47
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/additional.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 72
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/trustev.min.js.download
200 OK 35 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/trustev.min.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (35386), with no line terminators
Hash 3858449a29cb6e4c9674e676cb43800b
7cc943faf5439e4897e88933b9cff4fbb595b8b4
aeb978c283f75e5d28bded65b65f4bbf2c867414162039f8ded5b6b75eb1d94e
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/trustev.min.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 35386
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/js
200 OK 139 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2223)
Size 139 kB (139180 bytes)
Hash 6251c7215db9544f7337c476fd3ba19c
8cd70e9b8771efa1ac20d3c46295b72495d1abf2
cf3587ffe9e64da366507e4b066ffe7f11f07f76395ffca28bdd75885dcb982f
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/js HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 139180
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
connect-rbfcu.duckdns.org/online/assets/randolph-common.js(2).download
200 OK 180 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/randolph-common.js(2).download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Size 180 kB (180536 bytes)
Hash 915b2f270b9947a86175387f588409c8
c6d634c89682cc760a7d74de5d021c287fac3a36
7bdcf2f9afd6a68755e5dbe595a6a4071eb8a6911a0dc95ee9ca812eec89b380
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/randolph-common.js(2).download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:55 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 180536
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
connect-rbfcu.duckdns.org/online/assets/css(1)
200 OK 6.0 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/css(1)
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash cf0139a6997ab9d024d9b630f8d638e2
32277f0dec21e1f34f7c4c5e2257e3cc2f3e1265
d4876c12b071f74470f52c0404d10730ab271ae769c2c407fe131dae8b33e236
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/css(1) HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 6014
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
connect-rbfcu.duckdns.org/online/assets/gtm.js.download
200 OK 238 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/gtm.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (3180)
Size 238 kB (238539 bytes)
Hash 9d7380b7c3f79274c3125df2db010815
a1abd657b09426d829dadb539b7d54f44a113165
efa6b9295c5fdc9bb7be7d2ab881fd7bd2f36f6611d2efb039dd997183aa16d4
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/gtm.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:55 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:40 GMT
Accept-Ranges: bytes
Content-Length: 238539
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/css(2)
200 OK 8.3 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/css(2)
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash d50eb912648bf86bb8eaa471a70ec599
46ada3a6cd7e3524c9355b2566cfb276eb499814
62b964c6110d2300c2b25824348217c5226ce87eb4a681bde737ed016285b2b1
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/css(2) HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 8280
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
connect-rbfcu.duckdns.org/online/assets/styles.dc314ef46c0af7a3f05c.css
200 OK 255 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/styles.dc314ef46c0af7a3f05c.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (424)
Size 255 kB (254749 bytes)
Hash a6f52432b15485ceabb027037525c1da
63548d46e6aa508ba88083bb69091882feee8efe
dbcfa115a9918f15f934fc566aad583400e5c14d36ed844fe32e89c94acc6d31
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /online/assets/styles.dc314ef46c0af7a3f05c.css HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 11:26:34 GMT
Accept-Ranges: bytes
Content-Length: 254749
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
connect-rbfcu.duckdns.org/online/assets/common.js.download
200 OK 93 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/common.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1315)
Hash 444cd67b574a59bd1621cb25fb25042b
e3ff8fd7e4359ca3cdbe6cd5030e2d7d47688f31
52457f43fac8bd97be53969d99098b81c82c17fd1d8290def76de807ae816f87
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/common.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 92625
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/adrum-latest.js.download
200 OK 105 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/adrum-latest.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (645)
Size 105 kB (105120 bytes)
Hash d71f70963d43c22075bfa322b7b2a5c2
1fac6e38ec9634ae47540fbd0ca2f46940d74bc6
f0339925b6c86b12fa34030ea450278f1a275a3ef5d440cb2eb0c3b209f6f920
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/adrum-latest.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 105120
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/update-browser.js.download
200 OK 2.7 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/update-browser.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (877)
Hash 38bdca9c5438b59f18450404c7a88287
80296f4d788caf74f85a612bdbbd85987740f2b9
899acf0cf948364fe587e535bc4b6160d83689a9be0255f201c8cf4695a769e9
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/update-browser.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 2702
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/runtime.5f13a53d897c68f57e2c.js.download
200 OK 2.8 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/runtime.5f13a53d897c68f57e2c.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2764), with no line terminators
Hash 8169e387bb8a8904d6fe958658ce8c30
5bc2bc83eab184981d4b901b06146706b9ad839b
816b5f02087b89140ccde6bbdf3c5fa736b2e383f9aca3ed7b1ffbe709ff4723
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/runtime.5f13a53d897c68f57e2c.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 2764
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/flex-web-react-plugin-v27.js.download
200 OK 1.3 MB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/flex-web-react-plugin-v27.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Size 1.3 MB (1331929 bytes)
Hash 86f25800647067cc5ab5d37932fdb272
ca9956518583508eed4ca52cac0893e2c194a4fe
a9e3b4c1e30be14f60438ae3f60f1f1d7a1198e3d9f79e63178fb5514fe37f77
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/flex-web-react-plugin-v27.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:55 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:40 GMT
Accept-Ranges: bytes
Content-Length: 1331929
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/scripts.8bd4377bc7fbc2f4bdbc.js.download
200 OK 246 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/scripts.8bd4377bc7fbc2f4bdbc.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65450)
Size 246 kB (245590 bytes)
Hash db53c887b5f083513a4e475b86a41638
b5ced09a298f701ca94d21073ab01de8f91fe3c6
df97232ba41d044b3c67ffe9b6f284251cb826eceff841428136d3f13056a9fa
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/scripts.8bd4377bc7fbc2f4bdbc.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 245590
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/rbfcu-logo.svg
200 OK 5.4 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/rbfcu-logo.svg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5383), with no line terminators
Hash 2d436455d162d3e00f0ca92055cef754
5b64a30fd987d469bd818fc8ed6a4ed89b873d02
09092e11153b90955b14c6dcad28c3e2902b035f6b12ac85e24a693e5c97c884
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/rbfcu-logo.svg HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:57 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 5383
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
connect-rbfcu.duckdns.org/online/assets/EHL-logo-gray.svg
200 OK 1.6 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/EHL-logo-gray.svg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364)
Hash 4c3e76f3539f8138ce127058adda3f16
3d24cf4b8ac04557b1cb49ba5200e06513bc5136
8113eb956366da6d18ed13faa5cc8e9a459c09cdcf41c2619c80828d4ac2b152
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/EHL-logo-gray.svg HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:57 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 1613
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/svg+xml
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b9893dbb93b5cc3cb8637b496ecd3c1c
007b31caa727ce627f6ba81a3f43326a1538181e
b82608484e9e9dbf009de73986da468fff9833e5d040016b3214b8774ba9f500
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:10:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect-rbfcu.duckdns.org/online/assets/util.js.download
200 OK 471 B URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/util.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 375756444a8871bbe816165e294fb262
2f9e18473daa3daae633a4df448a2230e77f8c33
c2e94c3082cb76fad8f5ace3c686f46d43c807b7f2d3cb9f2b4d9965b91af4c2
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/util.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 295239
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
IP
Hash ee5d9697f07e1d4e72d706315179e094
6eb06c8c0f1950e86b1d823f8ed17238382f42ae
2619eeea40d3d897c01e419d671ae26851285bdc896efbb742186d09b49f2f6d
GET /css?family=Open+Sans:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 22 Sep 2022 21:10:58 GMT
date: Thu, 22 Sep 2022 21:10:58 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/js?libraries=places&key=AIzaSyC2AdLpShQk1DnoA0NHjCvvZQUevNDYHlQ
200 OK 56 kB URL HTTP/2 maps.googleapis.com/maps/api/js?libraries=places&key=AIzaSyC2AdLpShQk1DnoA0NHjCvvZQUevNDYHlQ
IP
File type ASCII text, with very long lines (2458)
Hash 34bf0aecce52d3ee7376fb1ef43f9a06
3ddd5328ddbfdd38f8fa6c09df9ef83548722efc
9cca61f5854c900a345ae72781cad94a8ed09a244130e61324537cd79ae7478f
GET /maps/api/js?libraries=places&key=AIzaSyC2AdLpShQk1DnoA0NHjCvvZQUevNDYHlQ HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Thu, 22 Sep 2022 21:10:58 GMT
expires: Thu, 22 Sep 2022 21:40:58 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 56267
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5B5PGN
200 OK 84 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5B5PGN
IP
File type Unicode text, UTF-8 text, with very long lines (44551)
Hash ccca77d935c2ef939795054cbcc74cbb
c4eed642194fb3fce672110572a332ca7d2c6037
02fc946c79d886642e6081ceeb2495979a9be0460616bbed730274b6c3394eb8
GET /gtm.js?id=GTM-5B5PGN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 22 Sep 2022 21:10:58 GMT
expires: Thu, 22 Sep 2022 21:10:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 83639
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.appdynamics.com/adrum/adrum-latest.js
200 OK 41 kB URL HTTP/2 cdn.appdynamics.com/adrum/adrum-latest.js
IP
Hash 6b08824dcc147d52461a95ec6aa8b401
daef325180684fd1e02c825a8ffdef81f5d51de1
d1940b7380884323629d9909d8f14b72993b4ddbae5f44fba12b60a1682d444f
GET /adrum/adrum-latest.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 20 Sep 2022 17:25:06 GMT
server: nginx/1.16.1
last-modified: Tue, 06 Sep 2022 21:05:13 GMT
etag: W/"6317b609-1b2d9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WJAAPtP1w3rIk1AHr17pDWVsjdjGews1jw4XhFLWHLZ0lQkA7H_NbQ==
age: 186352
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash af5773255351157d72c28a670a355c60
c803e5866edbe6c9baec14e93677f610bdf09bff
3229b4aa1c698647ad96d114174782549ad240f1b2c4ba8c268165a16afc84f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10754
x-amzn-requestid: 2d03531d-6055-477f-9cb6-9ea9fa27eeb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vHJ4IAMF42Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-692620e80d5b2efe1d0e3a82;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -3bQG5Av1EDxj7_3i8MktwjlPSEU8WDdxt5M6TsrWaodLWgSf3vdEA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:22 GMT
age: 84996
etag: "c803e5866edbe6c9baec14e93677f610bdf09bff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91c56f0b9810bfdd84e10a626b89e389
15d83e44d568938b6c9c87201e898cedb3edec0a
942de9764e1c408f7512759774aab0479db201e6fae15ccc39e653adae4cb86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8678
x-amzn-requestid: c671a9ab-c5d0-4743-b13e-cc9a47e3d2fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vEThIAMFSwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-17ed13811d3833ea00a34423;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hp-WIGb9M8tEmNGOVjx6UQKx9E4-1oJmka0a6seG7inahqYByPmRAg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:22 GMT
age: 84996
etag: "15d83e44d568938b6c9c87201e898cedb3edec0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2795c07b-89a5-463f-b878-f9fc1516ca2c.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2795c07b-89a5-463f-b878-f9fc1516ca2c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83b8fc3c907a9376f388cdd41eb30de3
227691093684ffbda302b03e47a2da98d7223080
c44a8ab222a9bfb2d9d3f3d5b77518677ce71267176687ed83c582a0a90b2668
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2795c07b-89a5-463f-b878-f9fc1516ca2c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11128
x-amzn-requestid: 43c8e452-ecc3-4e55-8cde-5436e10e75f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYqRFG6ZoAMFaSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202406-757f6268476aae3976dc901a;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 06:32:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: F3H08JktbAs-ob7s_GN0VkBu6mr9UTDKg-7lH95uGbBDsFyKg7KkBg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 19:10:24 GMT
age: 7234
etag: "227691093684ffbda302b03e47a2da98d7223080"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c0201d377c57a684452c0d26372e674d
3829f81048cc63b5f0d1e82dfbe3b8e31646e733
efa055dc93267be2dddd94b334c0655c2e1f1682467fd738e013a778aea175b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14397
x-amzn-requestid: c5a03ce8-f695-4ad3-8c42-c3bfd47d6279
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1wLGqKIAMF-Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329699a-2b130d8b1a4b1b9131db8984;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:19:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: itH-GLLUay6dtfjGStUDeT3wOwVf-S3tWSY31HjriEFaRUiD8aFKNw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 17:06:02 GMT
age: 14696
etag: "3829f81048cc63b5f0d1e82dfbe3b8e31646e733"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9becda6e892a190dbbc63216ae697506
ba3369e1827d8f01ca10acb8648195847dd02ffd
d71dd28e0ff260326ba0c30748fa11160f4544c2a264d3a3dc361af0de9fd283
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11286
x-amzn-requestid: 7263b60d-fffe-4c0b-8de5-59dc9ac92a47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwZHOaIAMFSQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84cf-62e160b156b587cc21c7fda5;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QxgrVMX7xwI6qE3T3-LRS3JWoJauPyvCSb9TacW9-ktw-BIq5PSF-g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:16:03 GMT
etag: "ba3369e1827d8f01ca10acb8648195847dd02ffd"
content-type: image/jpeg
age: 82495
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f739db-1c27-4929-8aff-997c0f66b2ed.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f739db-1c27-4929-8aff-997c0f66b2ed.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5edcd9aee78a6cacc9241b47cbce598
f95b843029e84dbb188427a8c2ff8c9f32740465
6a56c3d0eb1d641e565d3d7d31b42be03bdad30beb20b994ffc9a6f2aaceee1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f739db-1c27-4929-8aff-997c0f66b2ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5650
x-amzn-requestid: 41ceb886-c038-4ba0-9e3a-a27879cf48ce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwjFVjoAMFWNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84d0-3f4f6a367c893c7a0669dffe;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d8Kelwi2OY0jt17q80szh8-ErN3ZQM1hhl3HZeNQvlKijygQIJtNww==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:16:00 GMT
etag: "f95b843029e84dbb188427a8c2ff8c9f32740465"
content-type: image/jpeg
age: 82498
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
connect-rbfcu.duckdns.org/online/assets/main.d65dafd7b45014857d65.js.download
200 OK 4.0 MB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/main.d65dafd7b45014857d65.js.download
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (2560)
Size 4.0 MB (4024731 bytes)
Hash bd03f025b85bff9310d39863cd3e4a2f
852a92f6efb8b0c2318fa266933d83b19aa94836
20b2f576d0c72560a953768219e5f217b284a9068fb0d5da8504a54b8646cea9
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/main.d65dafd7b45014857d65.js.download HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:56 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 07:00:12 GMT
Accept-Ranges: bytes
Content-Length: 4024731
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
connect-rbfcu.duckdns.org/online/assets/vendor-scripts/flex-web-react-plugin-v27.js
404 Not Found 315 B URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/vendor-scripts/flex-web-react-plugin-v27.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/vendor-scripts/flex-web-react-plugin-v27.js HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Thu, 22 Sep 2022 21:10:57 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
connect-rbfcu.duckdns.org/online/assets/white-phone-header.4a066fd87a48426d8cf5.svg
200 OK 1.7 kB URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/white-phone-header.4a066fd87a48426d8cf5.svg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (845)
Hash 4a066fd87a48426d8cf5d81f2f1e7622
bc25e0aaa78aa736100d278b1a4beb5fa46db78b
2c0b8abef50020a91c0b8f07a8478c65eea5bd77446467b9a44ae1b1d98828b7
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/white-phone-header.4a066fd87a48426d8cf5.svg HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:57 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 07:12:40 GMT
Accept-Ranges: bytes
Content-Length: 1653
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edd6c63988b69a64a51433c3fd91b0ba
a0a41a5403a2c397d70cfa267c1d6407250df043
c9b1efff4ebf41ad54d3137ee7a93b688c66765df99e387ae730b39abe2f115f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:10:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edd6c63988b69a64a51433c3fd91b0ba
a0a41a5403a2c397d70cfa267c1d6407250df043
c9b1efff4ebf41ad54d3137ee7a93b688c66765df99e387ae730b39abe2f115f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:10:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash f00e7e4432f7c70d8c97efbe2c50d43b
d836c7d4bc52bcd67626b8960ae030ad315c2507
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
GET /s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://connect-rbfcu.duckdns.org
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 01:34:47 GMT
expires: Sun, 17 Sep 2023 01:34:47 GMT
cache-control: public, max-age=31536000
age: 502572
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://connect-rbfcu.duckdns.org
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 12:31:58 GMT
expires: Sun, 17 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 463141
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edd6c63988b69a64a51433c3fd91b0ba
a0a41a5403a2c397d70cfa267c1d6407250df043
c9b1efff4ebf41ad54d3137ee7a93b688c66765df99e387ae730b39abe2f115f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:10:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
snap.licdn.com/li.lms-analytics/insight.min.js
200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=80272
date: Thu, 22 Sep 2022 21:11:00 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 22 Sep 2022 20:41:09 GMT
expires: Thu, 22 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 1791
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4c0c0fad8096bc252b17b37fb6b081da
7be5fd67940d59e6ec825096e9dffc95d4bacf95
60790d372fe87d1cbef9a734b51d083ab2044ac3777c6b54e8c789b187570084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60790D372FE87D1CBEF9A734B51D083AB2044AC3777C6B54E8C789B187570084"
Last-Modified: Wed, 21 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15931
Expires: Fri, 23 Sep 2022 01:36:31 GMT
Date: Thu, 22 Sep 2022 21:11:00 GMT
Connection: keep-alive
fullstory.com/s/fs.js
301 Moved Permanently 48 B IP
File type ASCII text, with no line terminators
Hash 7b12595d471f02dde9ebc1b7c701e936
77abfc06684d022f59656235c475fbe61775da94
7bc37f83786f13fe81ada038f604a9256dd3da7722b885ee8fdace203fbc5752
GET /s/fs.js HTTP/1.1
Host: fullstory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://connect-rbfcu.duckdns.org
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
age: 2463
cache-control: public, max-age=0, must-revalidate
content-type: text/plain
date: Thu, 22 Sep 2022 20:29:58 GMT
location: https://www.fullstory.com/s/fs.js
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GDKGM808SXHPCQDN9SE8TA8A
x-xss-protection: 1; mode=block
content-length: 48
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1663881059681&url=https%3A%2F%2Fconnect-rbfcu.duckdns.org%2Fonline%2Flogin
302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1663881059681&url=https%3A%2F%2Fconnect-rbfcu.duckdns.org%2Fonline%2Flogin
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=2367698&time=1663881059681&url=https%3A%2F%2Fconnect-rbfcu.duckdns.org%2Fonline%2Flogin HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1663881059681%26url%3Dhttps%253A%252F%252Fconnect-rbfcu.duckdns.org%252Fonline%252Flogin%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQIn2wEtkHOSBAAAAYNnCh_rvTvQVvWTPr1buju6MGNOqaYTraBqz0F7A-BwoDtPwKzAP7P9Q-jSvw; Max-Age=2592000; Expires=Sat, 22 Oct 2022 21:11:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQKstuerye2UnwAAAYNnCh_rDDTnNCzd33ixVfLDgmtZlkWMAFpjpLBMemibZu_bFtOmVDoBWIEXddGzNpLY5A; Max-Age=2592000; Expires=Sat, 22 Oct 2022 21:11:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&4c5a1abd-7128-4793-887e-e68616d6c76d"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 22-Sep-2023 21:11:00 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2391:u=1:x=1:i=1663881060:t=1663967460:v=2:sig=AQEpnsy-xceRALe45RfThJdqcXpzM6KU"; Expires=Fri, 23 Sep 2022 21:11:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXpSn+MYn7pZtIZCZ7/HA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: CD17A45D58284D64A1BFFA00891C2BE2 Ref B: OSL30EDGE0122 Ref C: 2022-09-22T21:11:00Z
date: Thu, 22 Sep 2022 21:10:59 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 3eaa593eb9ce2d4e2c1cd2b695dc92a7
79a0e8bd28a5e53afdea1bbb1ac929d3e5e97bdc
adab3a925537782aefbb82de8b7e01276de87f354faa16204686d9bf38c34648
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2899
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:11:00 GMT
Last-Modified: Thu, 22 Sep 2022 20:22:41 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 9ca540bb639bf8cd1442623f858bbd60
58e1a96457e785b15f34b9bb895036430f89337a
f7204a4877db8b5d4ba0e6dddfb65a7452eb6c2d35717949c5d0f960ec484142
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:11:00 GMT
Server: ECS (amb/6BBD)
Content-Length: 471
www.rbfcu.org/online/favicon.ico
200 OK 12 kB URL HTTP/1.1 www.rbfcu.org/online/favicon.ico
IP
File type MS Windows icon resource - 3 icons, 48x48, 24 bits/pixel, 32x32, 24 bits/pixel\012- data
Hash 01533d87a3fa4ab325ac78763070dbfc
abbc6bea4bdcbf24d14690703ef3559f14140f25
b63cd18dad99d364bc0c69937734208fd5a12c7f83f8609b237baafde52c44d6
GET /online/favicon.ico HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:11:00 GMT
Content-Type: image/x-icon
Content-Length: 12014
Connection: keep-alive
Cache-Control: public, max-age=604800
SystemID: asc02
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: nginx
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!JyrBJHfhkH2MCgj2YpNBywzuFCZYhKJjdWymPj0pp4APNoPx193amURthfnzOhONQ/e+DjTXDaFaK5w=; path=/; Httponly; Secure
Via: 1.1 dca1-bit13027
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e6561e23e9d181a4b18c7174cb89a590
221a300522f62c4bde7dd23420609a12ae3bd5b6
a66e6d4e834dfd29d86921222d86c7f8ac5d11a4e0c83ab40ff150629f2b9cec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:11:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-6286893-1&cid=1703914523.1663881060&jid=993544725&gjid=361087667&_gid=2135258491.1663881060&_u=YEBAAEAAAAAAAC~&z=1167767762
200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-6286893-1&cid=1703914523.1663881060&jid=993544725&gjid=361087667&_gid=2135258491.1663881060&_u=YEBAAEAAAAAAAC~&z=1167767762
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-6286893-1&cid=1703914523.1663881060&jid=993544725&gjid=361087667&_gid=2135258491.1663881060&_u=YEBAAEAAAAAAAC~&z=1167767762 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://connect-rbfcu.duckdns.org
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://connect-rbfcu.duckdns.org
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 22 Sep 2022 21:11:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e6561e23e9d181a4b18c7174cb89a590
221a300522f62c4bde7dd23420609a12ae3bd5b6
a66e6d4e834dfd29d86921222d86c7f8ac5d11a4e0c83ab40ff150629f2b9cec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 21:11:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1663881059681%26url%3Dhttps%253A%252F%252Fconnect-rbfcu.duckdns.org%252Fonline%252Flogin%26liSync%3Dtrue
302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1663881059681%26url%3Dhttps%253A%252F%252Fconnect-rbfcu.duckdns.org%252Fonline%252Flogin%26liSync%3Dtrue
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1663881059681%26url%3Dhttps%253A%252F%252Fconnect-rbfcu.duckdns.org%252Fonline%252Flogin%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://connect-rbfcu.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1663881059681&url=https%3A%2F%2Fconnect-rbfcu.duckdns.org%2Fonline%2Flogin&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&e0eb07d8-79ea-4d32-89ac-002e71147c68"; Domain=.linkedin.com; Expires=Fri, 22-Sep-2023 21:11:01 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220922211101294847cc-50d0-4e55-8be5-0a6cab457244AQH6jhG7x6MW2PNFGfRNlC-Dul9KZFh7"; Domain=.www.linkedin.com; Expires=Fri, 22-Sep-2023 21:11:01 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjM4ODEwNjE7MjswMjG+g//hFW5ZPiZLpJiwcU7X4hUqneVx4laaAZdan9XRPA==; Domain=.linkedin.com; Expires=Tue, 21 Mar 2023 21:11:01 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2387:u=1:x=1:i=1663881061:t=1663967461:v=2:sig=AQEp_SOzlSiu7zoUQ7kmqXhZKWBxtJTR"; Expires=Fri, 23 Sep 2022 21:11:01 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXpSn+XF9qou/SCCkEuuQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: E0222B33BCB44A329FEA6A13A2DE728A Ref B: OSL30EDGE0122 Ref C: 2022-09-22T21:11:00Z
date: Thu, 22 Sep 2022 21:11:00 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1663881059681&url=https%3A%2F%2Fconnect-rbfcu.duckdns.org%2Fonline%2Flogin&liSync=true
200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1663881059681&url=https%3A%2F%2Fconnect-rbfcu.duckdns.org%2Fonline%2Flogin&liSync=true
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=2367698&time=1663881059681&url=https%3A%2F%2Fconnect-rbfcu.duckdns.org%2Fonline%2Flogin&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://connect-rbfcu.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&6b0e06fd-e80e-4a67-88dc-5257426b4649"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 22-Sep-2023 21:11:01 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2387:u=1:x=1:i=1663881061:t=1663967461:v=2:sig=AQEp_SOzlSiu7zoUQ7kmqXhZKWBxtJTR"; Expires=Fri, 23 Sep 2022 21:11:01 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXpSn+Z12e5XFxj17qgQA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 96C2ABF9FA7C4787A0267359248ED549 Ref B: OSL30EDGE0122 Ref C: 2022-09-22T21:11:01Z
date: Thu, 22 Sep 2022 21:11:00 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
200 OK 20 kB URL HTTP/2 cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP
Hash 3c49fea23191de89fa88b5b0262f31ff
5c8a33e4203a5740bd9c08d582b5234e0bd7bd23
f7b2319284d2f6b8108955f4999b207a26af72f13f3e5efbb729f691a6003c57
GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 06 Sep 2022 21:13:11 GMT
server: nginx/1.16.1
last-modified: Tue, 06 Sep 2022 21:05:12 GMT
etag: W/"6317b608-d132"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IBVt-7UqYfNvV6jKPzRNCVVddxCpoyQZNcKF3cEGEnGrcmhn9wZgjQ==
age: 1382270
X-Firefox-Spdy: h2
connect-rbfcu.duckdns.org/online/assets/NCUA-logo-gray.svg
200 OK 0 B URL HTTP/1.1 connect-rbfcu.duckdns.org/online/assets/NCUA-logo-gray.svg
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert urlquery DynDNS domain detected
fortinet Phishing
GET /online/assets/NCUA-logo-gray.svg HTTP/1.1
Host: connect-rbfcu.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/online/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 21:10:57 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2021 06:57:48 GMT
Accept-Ranges: bytes
Content-Length: 104580
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
cdn.appdynamics.com/adrum-xd.c74f9315ac2eb17a0d3c4975c3deb222.html
200 OK 0 B URL HTTP/2 cdn.appdynamics.com/adrum-xd.c74f9315ac2eb17a0d3c4975c3deb222.html
IP
GET /adrum-xd.c74f9315ac2eb17a0d3c4975c3deb222.html HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://connect-rbfcu.duckdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
date: Sun, 11 Sep 2022 16:50:10 GMT
server: nginx/1.16.1
last-modified: Tue, 06 Sep 2022 21:05:12 GMT
etag: W/"6317b608-77c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: juzpY2Dk_xcpH1nKTbq1bSMvrNur_Pb8hg2nC9s0O8CQ6ELsx7AFjQ==
age: 966051
X-Firefox-Spdy: h2
69.49.228.32
23.36.76.210
147.75.40.150
93.184.220.29
0.0.0.0