Report - aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access

Report Overview

Submitted URL
aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
IP
208.91.199.118
ASN
#394695 PUBLIC-DOMAIN-REGISTRY
Submitted
2023-01-30 14:31:28
Access
Website Title
Final URL
Tags
key_bank financial phishing
urlquery detections
Phishing - Key Bank

Detections

urlquery
17
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
aquaflow.ae	unknown	2020-11-11T06:06:05Z	2023-03-13T04:45:15Z	13 kB	868 kB	208.91.199.118
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.189.204.30
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.6 kB	93.184.220.29
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	54 kB	34.120.237.76
ibx.key.com	130616	2017-02-09T11:52:42Z	2023-03-13T04:45:06Z	805 B	6.7 kB	23.52.18.181

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_ActivityMap.min.js.download	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.download	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/integrations	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705b92f818cb2-source.min.js.download	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/bundle.js(1).download	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key-logo.svg	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/otac-72-hours.svg	Phishing
2023-01-30	medium	aquaflow.ae/ibxolb/olb/share/assets/images/kds.svg	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/images/kds.svg	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.js.download	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342-c5f4f5c3a75d.woff	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843-1afac814d259.woff	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f-d6cd9b01cd06.woff	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409-534355fbea79.woff	Phishing
2023-01-30	medium	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.js.download	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5	133 B	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5 IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:54 Last Seen2024-01-12 04:38:59 Times Seen120 Hash cb11547feee05289ecfe9cdf277e9987 1b01fa5f78f6aa32f98df998a658ce2fc2351bf9 7ec3de16fb9ad1e32514fdfc4fdcfd1dfe606d28814eb2393aa081a8a82ef562 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5	105 B	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5 IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:37:30 Last Seen2024-01-12 04:38:59 Times Seen122 Hash 33632c3780005643f62dcef1a5005d3e 44c18426e34982e5ae573d921a5f7da605de1483 f5f6e19b6f06db10ea2f02f2d0b8109ca659935618d4d72778cdeb09ff733b93 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5	422 B	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5 IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:22 Last Seen2024-01-12 04:38:59 Times Seen117 Hash 0f8c4cebc0f30cfb1781291cd3827b22 3750585a4e96e92212ce4452bc4f66a5ac024a55 6bd2c8d6568f84f0711c68953b24f72974b352b8bbfa137bf890e4dbd9dc6c65 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.js.download	205 kB	2023-03-08	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.js.download IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:30:15 Last Seen2024-01-12 04:38:59 Times Seen127 Hash 492cef07d14eef4e7dc1611831213e97 f8515e30ea4a9bb2fe0c0aa1db14f5a88c7b8236 8cb624ece3be4d4a6ee0f0ced2ba87c19fb7d2c841b4abc12d50fd0e93bf4ce0 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5	226 B	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5 IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:35 Last Seen2024-01-12 04:38:59 Times Seen125 Hash 2524824eaca60bdc110bfb35e7dab692 f524741a7e1ec94f484be26810c187d51973a550 ca6be38a4f96c1342558d040db99fe368d9f096c6fb3c4bc213c870547d12577 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_ActivityMap.min.js.download	3.3 kB	2023-03-07	2024-04-15
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_ActivityMap.min.js.download IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:35 Last Seen2024-04-15 14:32:27 Times Seen450 Hash abbe69e5c8f385f00652c3d0c2bba347 2ec04dab77effc7b16ae07a38e565c3f24083b4a 99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c Loading...

	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/integrations	3.4 kB	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/integrations IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:54 Last Seen2024-01-12 04:38:59 Times Seen173 Hash eb6630d15c587d61118bd375f0259135 a1aeafd1e362f95bd7708adf2d93d6ecb990b318 e4fe60aa7f1bcd674a7a83d1ec47f6ef9c309876bec0b84e16930c710ce3b7d8 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705b92f818cb2-source.min.js.download	737 B	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705b92f818cb2-source.min.js.download IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:54 Last Seen2024-01-12 04:38:59 Times Seen168 Hash d3809b41fb159fb8bf7f1c286c87b55d 486d36fca4eac476f2d60a2f371001472665e102 d2bd438bf5c213ea8e8717e91451fa82fa5c30411b0c0231500386489e8584e1 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5	142 B	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5 IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:54 Last Seen2024-01-12 04:38:59 Times Seen120 Hash 44f32964cdd751f371ac6035c461f587 ecb5d1478b710b7175f0d73e594a8dbbddfd501a 55fc0fadc7a58c15a426c0d7f94ab40d1e09da06f29e3b189bb86b9cd043eb64 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html	44 kB	2023-03-07	2023-04-05
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:35 Last Seen2023-04-05 02:07:38 Times Seen62 Hash 1ce358cf7eeb8f4e31d78e424392d30d e45e9ea9e750bec59e6590e03f57aec8a65d9772 2e57e1de709bfc021b4b52581a9dc961d7299158f0fbb5abd21cc653f526fb59 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.js.download	69 kB	2023-03-07	2024-01-12
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.js.download IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:22 Last Seen2024-01-12 04:38:59 Times Seen163 Hash 0054b78e5d6285e5241c7e0183acc0a6 4d58c1d2ebfdebbc2d49de3d63b147fb1a777776 fa732c1cc06fcf15768947eecba659b6ed94cef69664cee3f41f31f1322d638d Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 08:02:04 Times Seen37056804 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.download	34 kB	2023-03-07	2024-04-15
Pretty URL aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.download IP 208.91.199.118 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:35 Last Seen2024-04-15 14:32:27 Times Seen457 Hash 820eb42f3120ddf65e303b24a8285815 0bade8fc2f8710d533e48853a549466058b46ba8 04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a Loading...

HTTP Transactions (48)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9152
Expires: Mon, 30 Jan 2023 17:03:50 GMT
Date: Mon, 30 Jan 2023 14:31:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13806
Expires: Mon, 30 Jan 2023 18:21:24 GMT
Date: Mon, 30 Jan 2023 14:31:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8275
Expires: Mon, 30 Jan 2023 16:49:13 GMT
Date: Mon, 30 Jan 2023 14:31:18 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 13:35:43 GMT
content-type: application/json
age: 3335
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 2doUzJuicRD1QlkDzRILDYyuldWPvClMxAKKUnmmtZknTKHJUSNLZx1DyW15Vzb91Si1XnOBTeM=
x-amz-request-id: XG65Z69D1768WJKM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 14:21:49 GMT
age: 569
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 14:31:18 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
577f71d0f85618933f10df6390a737eb
295498852bcec82db924fd902b4cfb431a90ee83
f2c7421471b6a330faf0c04f22c55bc7ab59076f361bf473bd837ca458017174

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2C7421471B6A330FAF0C04F22C55BC7AB59076F361BF473BD837CA458017174"
Last-Modified: Mon, 30 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 30 Jan 2023 20:31:18 GMT
Date: Mon, 30 Jan 2023 14:31:18 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 13:41:41 GMT
age: 2977
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7920
Expires: Mon, 30 Jan 2023 16:43:18 GMT
Date: Mon, 30 Jan 2023 14:31:18 GMT
Connection: keep-alive

aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5

208.91.199.118

200 OK

7.9 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3638)
Size
7.9 kB (7929 bytes)
Hash
9fcf4be983b2732e2cde8395624f7532
7b08bd76ac554c3be288b9809cb18a49b98895f2
c96e54e4699cbcf41fdf66b28908b0baf82d78af56548643ed5259eaa4bf8e75

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5 HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 7929
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_ActivityMap.min.js.download

208.91.199.118

200 OK

1.6 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_ActivityMap.min.js.download
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (3157)
Size
1.6 kB (1649 bytes)
Hash
db599b3645a80d4aec3003b3148ad2fd
faa463122bdbac7943833a36af985678672af988
82383b027e8bd3a9813b4ece004e9d90bade0c78e5d129843252d9ebead0ba4d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_ActivityMap.min.js.download HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1649
content-type: application/javascript
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.189.204.30

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.204.30:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7MI8L8ytsUTYDk5e3RRgXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wNzXNy2v7O+IABm8FM/9TUBwa00=

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.download

208.91.199.118

200 OK

15 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.download
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (32768)
Size
15 kB (14946 bytes)
Hash
e619db654218c8726f6928d2c4f40a74
8d2b0dfba638d33cf34063f1795d935340cc6db0
e9815f331d5c46acc657eae4704b9f0f4539f7f0119d0b89eff54de0b4c5157e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.download HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14946
content-type: application/javascript
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles-key.css

208.91.199.118

200 OK

2.6 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles-key.css
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
2.6 kB (2632 bytes)
Hash
275431eafb66243977f3345542aaf5d3
16524d3f92eaf21bcaa07957f4ecaeca2a94f9cf
d7d9f32a643446b1c3f0ef9ae3994b356cbd6aac0a474f26c6015d42881f398e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles-key.css HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 22 Jun 2022 23:22:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2632
content-type: text/css
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/integrations

208.91.199.118

200 OK

3.4 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/integrations
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
3.4 kB (3429 bytes)
Hash
eb6630d15c587d61118bd375f0259135
a1aeafd1e362f95bd7708adf2d93d6ecb990b318
e4fe60aa7f1bcd674a7a83d1ec47f6ef9c309876bec0b84e16930c710ce3b7d8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/integrations HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:58 GMT
accept-ranges: bytes
content-length: 3429
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705b92f818cb2-source.min.js.download

208.91.199.118

200 OK

422 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705b92f818cb2-source.min.js.download
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (590)
Size
422 B (422 bytes)
Hash
7c3fa2fa268c8c345553480a2b701942
743869c756235537e36ededfd42dbedfe240198c
53825cdf8623ca17317efa7df6cc93a3e1fdbe227506ae60af254616c84005c5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705b92f818cb2-source.min.js.download HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:58 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 422
content-type: application/javascript
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ibx-globals-key.css

208.91.199.118

200 OK

148 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ibx-globals-key.css
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with no line terminators
Size
148 B (148 bytes)
Hash
ef7118d6c9b03f948b3ef254a6bff500
1b395cb53a85f7599d27e878d22bcb71beda37b2
25155b54264bc8a778d8bb23a20a02635aa78f607ff998b0edc620a1e19e83bc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/ibx-globals-key.css HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:58 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 148
content-type: text/css
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/bundle.js(1).download

208.91.199.118

200 OK

606 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/bundle.js(1).download
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
606 kB (605641 bytes)
Hash
15c2f48f4b8ef4187c6eaf3b5ace99a9
3ef3ef518ffa5e9142f730ef2052e3e2b7e64146
d4c307ca631714afc826c9d36b169ad69b03f5e572ef074f63b404cc9f023f17

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/bundle.js(1).download HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:58 GMT
accept-ranges: bytes
content-length: 605641
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.css

208.91.199.118

200 OK

3.4 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.css
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
3.4 kB (3419 bytes)
Hash
9c8e7e0aba9ae057201532a0b39e61e9
0a9bf9414782720c48c54779fb6bcfabd1db738b
881744f59dd18df76a3cd755abf02bc0cdf2d36fcce80048f7f96ce2db84388f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles.css HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:58 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3419
content-type: text/css
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key_white_logo.png

208.91.199.118

200 OK

12 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key_white_logo.png
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 172 x 32, 8-bit/color RGBA, interlaced\012- data
Size
12 kB (11797 bytes)
Hash
d62d5b0d8627210d502248fd5ba0795b
b54d1d796f26e980cdb17293ff75647f8072c6b7
07eeecd82d157b4f6d4147ede1b838e77e5e772e74307a3f53cf9c4afdffa15e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/key_white_logo.png HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:41:00 GMT
accept-ranges: bytes
content-length: 11797
content-type: image/png
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key_black_logo.png

208.91.199.118

200 OK

3.4 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key_black_logo.png
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 276 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
3.4 kB (3375 bytes)
Hash
ac718e18ce2383f5581edc92b37b5964
064252d1d84c5fb2bc45b2e510e9f4235c65baeb
de35a69575718cdee8f4583e969583506939c38f94c0dad37dfe66abe574dbc0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/key_black_logo.png HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:41:00 GMT
accept-ranges: bytes
content-length: 3375
content-type: image/png
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key-logo.svg

208.91.199.118

200 OK

6.1 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key-logo.svg
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5966)
Size
6.1 kB (6072 bytes)
Hash
b4284724f45b84236572906bb9309724
a919c3dec8149ae38b71d233f4b7d9391ac91691
4712701bf2f3b3b93bdfc9aa8c2c3e8dbdf6f3c4cbce9fc9a766c7cb5b281e5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/key-logo.svg HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:41:00 GMT
accept-ranges: bytes
content-length: 6072
content-type: image/svg+xml
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles(1).css

208.91.199.118

200 OK

8.2 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles(1).css
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (28423), with no line terminators
Size
8.2 kB (8162 bytes)
Hash
9a590c071420824ee5e4fa5255da1da2
deefcb174f5591769fcbd5fec7b4622baca9ffd2
f88708fce431cd0b08dcbd3a9ebbb4fb312392338b147dd675b6fb24aa2f6342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles(1).css HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:41:00 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8162
content-type: text/css
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kloader.gif

208.91.199.118

200 OK

19 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kloader.gif
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
GIF image data, version 89a, 400 x 400\012- data
Size
19 kB (19110 bytes)
Hash
a90e737d05ebfa82bf96168def807c36
ddc76a0c64ebefe5b9a12546c59a37c03d5d1f5b
24ed9db3eb0d97ecf1f0832cbd30bd37744e0d2b520ccdad5af60f7a08a45b90

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/kloader.gif HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:41:04 GMT
accept-ranges: bytes
content-length: 19110
content-type: image/gif
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/otac-72-hours.svg

208.91.199.118

200 OK

4.3 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/otac-72-hours.svg
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (307)
Size
4.3 kB (4281 bytes)
Hash
59332708e91127186fad4d5b9f9fdfce
64a60efad9d12f1018efdeb645a598779430c5b9
19154c371170b37e378225e8379871b7efecc3009f3ab3925c31f949964e80f5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/otac-72-hours.svg HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:41:00 GMT
accept-ranges: bytes
content-length: 4281
content-type: image/svg+xml
date: Mon, 30 Jan 2023 14:31:19 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3978
Expires: Mon, 30 Jan 2023 15:37:38 GMT
Date: Mon, 30 Jan 2023 14:31:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3978
Expires: Mon, 30 Jan 2023 15:37:38 GMT
Date: Mon, 30 Jan 2023 14:31:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3978
Expires: Mon, 30 Jan 2023 15:37:38 GMT
Date: Mon, 30 Jan 2023 14:31:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3978
Expires: Mon, 30 Jan 2023 15:37:38 GMT
Date: Mon, 30 Jan 2023 14:31:20 GMT
Connection: keep-alive

aquaflow.ae/ibxolb/olb/share/assets/images/kds.svg

208.91.199.118

200 OK

328 B

URL HTTP/2
aquaflow.ae/ibxolb/olb/share/assets/images/kds.svg
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
328 B (328 bytes)
Hash
26190a75e40824ac009ba288b6a29070
a96c4f4eabe85bb2bada4e25bb0b5604cb0fafa8
597112cd55bacadd9f395f9493c755c60d804c8d4bbf6695af08aac0158e0be1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ibxolb/olb/share/assets/images/kds.svg HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 328
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 14:31:20 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/images/kds.svg

208.91.199.118

200 OK

328 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/images/kds.svg
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
328 B (328 bytes)
Hash
26190a75e40824ac009ba288b6a29070
a96c4f4eabe85bb2bada4e25bb0b5604cb0fafa8
597112cd55bacadd9f395f9493c755c60d804c8d4bbf6695af08aac0158e0be1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/images/kds.svg HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 328
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 14:31:20 GMT
server: Apache
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7679 bytes)
Hash
3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Wx-qjsrMLYpLmE-8QmpR46BeRySbUGL2Rrr6LqhEQ8jaEEj_6Aj0qg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:52:09 GMT
age: 59951
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css

208.91.199.118

200 OK

78 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
78 kB (78014 bytes)
Hash
1782b81b67e287c427e4000268bb4d20
9848a65ad9a820019602986b7554faa49efbe91e
510c20b63bb0d54b597bb108c93f3922bc8f969ee33e5206bd2e794c6bc52dd9

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:58 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9457 bytes)
Hash
51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: soTFEnYjNcti77h3FpnztwzR7ypv68NbyoI6DxS0NhU412ykFsWAgA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:00:38 GMT
age: 59442
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12507 bytes)
Hash
5190c0bdc6abe0ee258e9f8c20ddaf51
d60f280f8a742480527dbc32d08f321f972d4fcf
874b38a04aa3736e65aaef72da2cc2efceb208618267107a495bdfe51ec58e58

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12507
x-amzn-requestid: 85c9adcd-b997-48ca-bbfb-ccdeaf3e8cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFaJoAMFqKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-2bcdd8c353d8429d2b1e95f6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UDJKl99GiUxTW_EgWFDjLaJZbKFhfaJR-XRLsbQphwHuCXczDlxrDA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:54:37 GMT
age: 59803
etag: "d60f280f8a742480527dbc32d08f321f972d4fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8464 bytes)
Hash
fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UNub7Gd4S0ogn5EJhtJVu8q1qML5_4eL2lIPQXiAuXy_q-XiR4s-5w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:55:21 GMT
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
age: 59759
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10997 bytes)
Hash
65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:53:08 GMT
age: 59892
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.js.download

208.91.199.118

200 OK

74 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.js.download
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
74 kB (74248 bytes)
Hash
c82b695c1e37dad102badbcc68b479b1
d4f40e70061902088a0c90881801151eda7f1aea
cad5d9d4b3ea14e08dd73b38daee2e7bc4ccd5529bbfec0a254fc9a1568a765b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.js.download HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html

208.91.199.118

200 OK

17 kB

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (43766)
Size
17 kB (16885 bytes)
Hash
d766058257a34b032bf8e3acc74c79b1
7293775513749f4e51b3ba94690d42c1029dd3b6
69717924a0d2d40a640e72a557740f4c96e9582eb2d1c1fcf455e247986594c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Key Bank
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:41:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16885
content-type: text/html
date: Mon, 30 Jan 2023 14:31:20 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
70abb58db924a6b7b3af22bd46620012
c82f9b7ab66445426c1b0d262d9d6a070ee4a969
e988cacf72a8c791fddbdaef9bb5260c1ffc7f2da93cf0e292579e250eb2fcac

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5932
Cache-Control: max-age=153897
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 14:31:20 GMT
Etag: "63d773b5-1d7"
Expires: Wed, 01 Feb 2023 09:16:17 GMT
Last-Modified: Mon, 30 Jan 2023 07:37:25 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
70abb58db924a6b7b3af22bd46620012
c82f9b7ab66445426c1b0d262d9d6a070ee4a969
e988cacf72a8c791fddbdaef9bb5260c1ffc7f2da93cf0e292579e250eb2fcac

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 731
Cache-Control: max-age=148696
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 14:31:20 GMT
Etag: "63d773b5-1d7"
Expires: Wed, 01 Feb 2023 07:49:36 GMT
Last-Modified: Mon, 30 Jan 2023 07:37:25 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ibx.key.com/ibxolb/login/images/favicon-16x16.png

23.52.18.181

200 OK

661 B

URL HTTP/2
ibx.key.com/ibxolb/login/images/favicon-16x16.png
IP
23.52.18.181:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
661 B (661 bytes)
Hash
ea4b275c774e8170ed54751d39a6adbf
c4fda6c23491accd170362ab21108d8ae31a647f
735143f90a8c225ffe4c0a853b25f2068510d81f8f6a82db79db00233ccc4b58

HTTP Headers

GET /ibxolb/login/images/favicon-16x16.png HTTP/1.1
Host: ibx.key.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
etag: "638900d0-295"
last-modified: Thu, 01 Dec 2022 19:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-xss-protection: 1; mode=block
x-envoy-upstream-service-time: 1
content-security-policy: frame-ancestors *.key.com *.keybank.com
strict-transport-security: max-age=16070400; includeSubDomains
server-timing: dtSInfo;desc="0", dtRpid;desc="-2082717748"
content-length: 661
cache-control: max-age=300
expires: Mon, 30 Jan 2023 14:36:20 GMT
date: Mon, 30 Jan 2023 14:31:20 GMT
X-Firefox-Spdy: h2

ibx.key.com/ibxolb/login/images/apple-touch-icon.png

23.52.18.181

200 OK

4.9 kB

URL HTTP/2
ibx.key.com/ibxolb/login/images/apple-touch-icon.png
IP
23.52.18.181:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
4.9 kB (4898 bytes)
Hash
fee1734f5f10bbd1c030e8cd2e1a8896
18d49e15c6adbf73acf60dc258d3630fb7f5090b
f84def209aa5859896a65dc88fabeb52f93d837b5271d8ffe0d557c92b706a07

HTTP Headers

GET /ibxolb/login/images/apple-touch-icon.png HTTP/1.1
Host: ibx.key.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
etag: "638900d0-1322"
last-modified: Thu, 01 Dec 2022 19:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-xss-protection: 1; mode=block
x-envoy-upstream-service-time: 0
content-security-policy: frame-ancestors *.key.com *.keybank.com
strict-transport-security: max-age=16070400; includeSubDomains
server-timing: dtSInfo;desc="0", dtRpid;desc="-491533371"
content-length: 4898
cache-control: max-age=300
expires: Mon, 30 Jan 2023 14:36:20 GMT
date: Mon, 30 Jan 2023 14:31:20 GMT
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342-c5f4f5c3a75d.woff

208.91.199.118

200 OK

0 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342-c5f4f5c3a75d.woff
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342-c5f4f5c3a75d.woff HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 14:31:20 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843-1afac814d259.woff

208.91.199.118

200 OK

0 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843-1afac814d259.woff
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843-1afac814d259.woff HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 14:31:20 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f-d6cd9b01cd06.woff

208.91.199.118

200 OK

0 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f-d6cd9b01cd06.woff
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f-d6cd9b01cd06.woff HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 14:31:20 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409-534355fbea79.woff

208.91.199.118

200 OK

0 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409-534355fbea79.woff
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409-534355fbea79.woff HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 14:31:20 GMT
server: Apache
X-Firefox-Spdy: h2

aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.js.download

208.91.199.118

200 OK

0 B

URL HTTP/2
aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.js.download
IP
208.91.199.118:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.js.download HTTP/1.1
Host: aquaflow.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=d60el0d0l419?access_token=7o518l0jigm5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 09 Jun 2022 08:40:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 30 Jan 2023 14:31:18 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML