Report - authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377

Report Overview

Submitted URL
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
IP
20.254.66.73
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2022-11-19 18:37:07
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citizens Bank

Detections

urlquery
18
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
authctznma1n0.ath.cx	unknown			15 kB	173 kB	20.254.66.73
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	43 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.4 kB	6.2 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	34.216.192.228
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T14:35:32Z	340 B	964 B	104.18.32.68
devilsms.live	unknown	2022-06-09T23:23:15Z	2023-03-09T17:10:48Z	726 B	70 kB	199.188.200.254

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	devilsms.live/cleave.js	94 kB	2023-03-07	2023-12-17
Pretty URL devilsms.live/cleave.js IP 199.188.200.254 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:56:13 Last Seen2023-12-17 14:10:58 Times Seen29 Hash ead7731c4b02b3e134ec2d390e7fccd0 3491430271d8a9f15548ca5a00e90b5d4e10b437 f97d8e2f7cc9b436d478f1168d22b9ae3c292d97d2d5285c4ccd01f3bbef47f5 Loading...

	devilsms.live/clve-min.js	151 kB	2023-03-07	2023-04-30
Pretty URL devilsms.live/clve-min.js IP 199.188.200.254 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:38:47 Last Seen2023-04-30 22:10:37 Times Seen11 Hash a0af62af3a5f980137ece52d9604b17e 47803e4451aaae4f38c40d154f915e89155edc0d 28899904b99b7dc185a3ee4ef8a53a522ae488db692a9ee4d45ddfc07dc04a24 Loading...

HTTP Transactions (53)

URL IP Response Size

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377

20.254.66.73

200 OK

25 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (2056)
Size
25 kB (24641 bytes)
Hash
9f828d1213fa3fcaa65bcd19e7823e7c
c3d516c13aac5ad601a6cd9a9ea9e96610753435
a8a4e068fb99fae1df77ccb09529e02b0400018c090c13cfd0265726336253c8

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377 HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb76c0b3adf4098ad8a9d1e38250758f
99610ddb2b4ec6d04250ac244f966951695d4f00
01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18892
Expires: Sat, 19 Nov 2022 23:51:48 GMT
Date: Sat, 19 Nov 2022 18:36:56 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f732c50f6a2482aeea20552e0370c2d0
6f33119d5c38e92a0a62f3a46766ff86014e4d68
a47e38c199c5fecd5594544a3889e1cfca5547d85f19056f06eaeeadf17f4fe9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3793
Cache-Control: max-age=147450
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 18:36:56 GMT
Etag: "6378b071-1d7"
Expires: Mon, 21 Nov 2022 11:34:26 GMT
Last-Modified: Sat, 19 Nov 2022 10:31:13 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 19 Nov 2022 17:44:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3119
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e7724a1f27dc1b5b2fb63c7e486f74db
ef0ea648ce8bc189d31382baec4b181c724af93b
2a46916079563d95fa6a695104ebf41829ee95a156d6e4d45b9aef7231a8a80e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A46916079563D95FA6A695104EBF41829EE95A156D6E4D45B9AEF7231A8A80E"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3316
Expires: Sat, 19 Nov 2022 19:32:12 GMT
Date: Sat, 19 Nov 2022 18:36:56 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: dVoFGfdqg4RC9vgGqWMPBeJLWWqfvbN+zY0rQsJQH7VaA01x+xcBTBub/S5SuNF9Als+5yrPAvKgtsMQpSI/yQ==
x-amz-request-id: 12PGQBG01AMW0WRF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 19 Nov 2022 17:53:27 GMT
age: 2609
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/normalize.css

20.254.66.73

200 OK

9.7 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/normalize.css
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
9.7 kB (9696 bytes)
Hash
ebb479dd9f58736c30739ce9e551010d
f9751153a26e815f3161abd77e1a2a3f97a02ae6
90cb33de6ced42c1ce82fd4a3a0b014f2ce29179ab85e24ebfa7abd73fabd9d8

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/normalize.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 9696
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 18:36:56 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/jquery-ui-1.10.3.custom.min.css

20.254.66.73

200 OK

22 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/jquery-ui-1.10.3.custom.min.css
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (1404)
Size
22 kB (22332 bytes)
Hash
75c7f7f34cb3c6deb89891e022266252
4ba3a397da8746f97b53186e6ec14e704bda003a
daa294bf8eaa7ddd13aeb7d3d462fb53f0c8b080ed1abe2531360892408327cf

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 22332
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css

20.254.66.73

200 OK

8.9 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text
Size
8.9 kB (8900 bytes)
Hash
63b00c36f13f7bd0112c5d3c6e0d1ad0
f5ea43b50ab8c8d12317dcd56d953cd640ec0133
785818872f719d6d46b9e00e9cdb942779f111aec0421d983ad2a6e02b0e8c3a

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 8900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/ad-containers.css

20.254.66.73

200 OK

7.6 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/ad-containers.css
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
7.6 kB (7585 bytes)
Hash
10cf523dd8bc660eb53f3c56783f5fed
9f6df41bda3d811f4d774544f15573023e25eca8
27fd729324c41d300a6f74a95b20b54feca49388cbffeb89933bb18b5764a7b5

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/ad-containers.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 7585
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/citizensns.min.44438.css

20.254.66.73

200 OK

5.8 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/citizensns.min.44438.css
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text
Size
5.8 kB (5849 bytes)
Hash
d9cd3279c50bebdf7371f4c6db6d0d1d
74c0f0bf7786f8bc6d33b831a7d92897fe321fd0
f832c2f83056bbd60a50417f461897bfa4e783df933cafeb7fe91ddf81f6ae33

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/citizensns.min.44438.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 5849
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/cp_challenge/sec-3-5.css

20.254.66.73

200 OK

2.3 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/cp_challenge/sec-3-5.css
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
2.3 kB (2277 bytes)
Hash
a8d7730ebae7d5a0f9f1b28705910c82
8c2a3f4543d2326f5803e32ceda9ce60572cafc6
e094fbcf1596ac0af1fe05cd7d6b8724b77dc71c9219deb63738ccae1fdeb2ad

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/cp_challenge/sec-3-5.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 2277
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css

20.254.66.73

200 OK

61 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
61 kB (60617 bytes)
Hash
5c037b9fa5c1436afc0beef12818a53a
e3208a8dd6d2bbd84631b9a59a044653ebd766f0
3e1e20f8191f692da7ac00c865c48320c19e71585d471a02e2b93e3b3c0b1fc3

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 60617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/CTZ_Green-01.png

20.254.66.73

200 OK

5.3 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/CTZ_Green-01.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5277 bytes)
Hash
beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/CTZ_Green-01.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 5277
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-linkedin.png

20.254.66.73

200 OK

3.2 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-linkedin.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3239 bytes)
Hash
b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-linkedin.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/lock.png

20.254.66.73

200 OK

349 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/lock.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
349 B (349 bytes)
Hash
6f9f05d66a5410b90817d0cc6db92b03
891273e368982cdd9ce5408dda3877c52fe72a2e
9b87191a74f704fe3c917fe2a2f17fa3ac20da84f1c361cd3f41802a437f61d5

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/lock.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 349
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/fdicFooter.gif

20.254.66.73

200 OK

2.2 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/fdicFooter.gif
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 56 x 24\012- data
Size
2.2 kB (2245 bytes)
Hash
a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/fdicFooter.gif HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-facebook.png

20.254.66.73

200 OK

395 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-facebook.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Size
395 B (395 bytes)
Hash
25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-facebook.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/equal-housing.gif

20.254.66.73

200 OK

1.1 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/equal-housing.gif
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 14 x 9\012- data
Size
1.1 kB (1134 bytes)
Hash
39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/equal-housing.gif HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-twitter.png

20.254.66.73

200 OK

3.3 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-twitter.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3295 bytes)
Hash
ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-twitter.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/elh.gif

20.254.66.73

200 OK

1.4 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/elh.gif
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 31 x 24\012- data
Size
1.4 kB (1433 bytes)
Hash
f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/elh.gif HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-youtube.png

20.254.66.73

200 OK

3.3 kB

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-youtube.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3278 bytes)
Hash
09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/img/footer-follow-youtube.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/?cont=QERldmlsbWFzazA5&token=4b427263fd699a9d19b84dcce86c6377
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

authctznma1n0.ath.cx/efs/efs/grafx/icon-secure.png

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/efs/efs/grafx/icon-secure.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/efs/efs/grafx/flows-tooltip.png

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/efs/efs/grafx/flows-tooltip.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/efs/efs/grafx/arrow-button-white.png

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/efs/efs/grafx/arrow-button-white.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/flows.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.woff

20.254.66.73

200 OK

94 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.woff
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with no line terminators
Size
94 B (94 bytes)
Hash
494d5b5f24f681e3c43b52ea9bb1be4c
005ceb2099f9c3bf423ddb401479ee0a9dd8d63c
02d0c08ceab09da804ddb85b4e50adad35b9688dbcada103e8b03c61c4d393b1

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 94
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.woff

20.254.66.73

200 OK

93 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.woff
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with no line terminators
Size
93 B (93 bytes)
Hash
2d3d1e9a820451d4aba30a6189adb344
5c2c9a1aab30b6d9c8af0eb29a59aa490b4cc8ab
15d76789030592dfced7878a6fcbb4222f0780b2e189bd5ffecc28eca68f577b

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.woff

20.254.66.73

200 OK

98 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.woff
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with no line terminators
Size
98 B (98 bytes)
Hash
10477bffd26aae2d95743e565223edfa
f38c4988d4931d392cc889f6113d8b3261d631bd
ae61a4d9e2535ffa02754fa06adf4762452a4ee0d7fa2f08ec90d923a0463a30

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 98
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.ttf

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.ttf
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_roman.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.ttf

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.ttf
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_book.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.ttf

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.ttf
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_extrabold.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 19 Nov 2022 18:25:01 GMT
cache-control: public,max-age=3600
age: 716
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
060d538b33e370fcd033339830d33a42
4a37d427988358eb318e18e2678c3484ef4a5ebd
efa33f92547243814b5bd3bca4f94d26055d590a4431611b3ba251a8d774bfbb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3840
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 18:36:57 GMT
Last-Modified: Sat, 19 Nov 2022 17:32:58 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.216.192.228

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.216.192.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JMbC+n4nb5Jk+liWSBaC6g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /dB52J/WVjiAi8W6trLmgKUtvKk=

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2a5268017008ffb2166d5bea44b13f95
5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d
212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=600785,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76cb0dec5b251c06-OSL

devilsms.live/cleave.js

199.188.200.254

200 OK

18 kB

URL HTTP/2
devilsms.live/cleave.js
IP
199.188.200.254:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (1712)
Size
18 kB (18428 bytes)
Hash
fe9f66e28ad0fde897ddcb9571324491
e5ab8ed2bad2578458397898778be698dff70917
ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f

HTTP Headers

GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 18:36:57 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Sat, 19 Nov 2022 18:36:57 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14642
Expires: Sat, 19 Nov 2022 22:41:00 GMT
Date: Sat, 19 Nov 2022 18:36:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14642
Expires: Sat, 19 Nov 2022 22:41:00 GMT
Date: Sat, 19 Nov 2022 18:36:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14642
Expires: Sat, 19 Nov 2022 22:41:00 GMT
Date: Sat, 19 Nov 2022 18:36:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14642
Expires: Sat, 19 Nov 2022 22:41:00 GMT
Date: Sat, 19 Nov 2022 18:36:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14642
Expires: Sat, 19 Nov 2022 22:41:00 GMT
Date: Sat, 19 Nov 2022 18:36:58 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4851 bytes)
Hash
459df915ce91b32b2dcc4850516d68a0
d7a5473d367e7965a4af55acbf4675ed7088fab2
a03e26ebee79ad9b9dda1bf680e0d2467ae6d5e582589ada9fe6ddfa437c483c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4851
x-amzn-requestid: 8c868655-d0eb-428d-9fc0-a7449f770bd4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brtDFF9HoAMFV9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748ee0-4f7daf8f7451dc5e0840f620;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:18:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xirMw5z5GPbmx9Sii_I4iNeh1GS5k9lGmaaJvUGAPWoVyP0Tldhf1w==
via: 1.1 e9ba0a9a729ff2960a04323bf1833df8.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 03:31:06 GMT
age: 54352
etag: "d7a5473d367e7965a4af55acbf4675ed7088fab2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.0 kB (3035 bytes)
Hash
d6b026c34985bbf2ebf89a62d0724c66
72369ebeccf447fa91ef77711d6297063c99777e
e5598ada634274ab9995dedda8c1fd18344abcfdd49b3a1aaede0a86fafc0f40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3035
x-amzn-requestid: 3e3f3a7f-9a1d-4b37-b932-22c6e3e638f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRcFOuoAMF_fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6f-09dc20ea5620dd167e3f7265;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pLsLyVnqWVp3c5Z5IavS9Xumx3cYUsungYuOLojzKNtOoRQx7-rEOQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:48:36 GMT
etag: "72369ebeccf447fa91ef77711d6297063c99777e"
content-type: image/jpeg
age: 74902
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11249 bytes)
Hash
481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: s1153EpshSWYGLcN7Zzzs4PgXl9cddZ20gTwh5bK2HOBu4e_PSNCpQ==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 03:36:46 GMT
age: 54012
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3007b4f3-f5db-4eb7-b71a-f9f854ae287e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7631 bytes)
Hash
b2b393e36ee2c9649d90db136aa49542
e88c5832ff0c49bab181d948c3a510d88343bb6f
8b524701df43bff56ac52a021ff0fbd964e06f00e84b4861aa557ec6ae6b4ffd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3007b4f3-f5db-4eb7-b71a-f9f854ae287e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7631
x-amzn-requestid: b47e545d-1fb6-4a62-ab45-28cdb9d3f0b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-vQE0XoAMFS3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab2e-56365eed3d4c082c53b172b3;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WpaBFpaCu0GBiHiiQzCCsyXrA7uzesHS92c_PsgxROxPkqjZ8RyI6Q==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 22:35:17 GMT
age: 72101
etag: "e88c5832ff0c49bab181d948c3a510d88343bb6f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce07c59e-2c1b-4d3b-8c02-f1ed4bca6607.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3962 bytes)
Hash
49115517a3f79b5092934e128d54c721
14582e35cacbfc2543587e546cb3b4faf2c898bf
0f9015683cacc252fb5e5053681da1b85b3dd0694e2cd04417e73e5e82ecac2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce07c59e-2c1b-4d3b-8c02-f1ed4bca6607.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3962
x-amzn-requestid: 29b553ab-9ef2-44b8-aea9-b1582b207a6b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRWGKmIAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6e-3fb68804386112d17eba689d;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6ISYqEe7AEtnPxzJUN6oEX_ohOSxVbfoW6b1_TNH6FInCc61ek4UnQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:48:36 GMT
etag: "14582e35cacbfc2543587e546cb3b4faf2c898bf"
content-type: image/jpeg
age: 74902
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57d03484-7ccd-4a2d-81a2-0205f032f99d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6365 bytes)
Hash
f5af431deee2fb28fcc08b25f5162944
6dac89954db5946b9ac1fdca3196d8b6bb3f54c3
b22d9111361ebce06d55d14d05f4a5206ca7097b059bbe6bc02b10391b61f458

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57d03484-7ccd-4a2d-81a2-0205f032f99d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6365
x-amzn-requestid: 60bd00c0-6808-4bc5-a0cb-e4390d353d65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: befxSFJOIAMF6Lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f466e-514b3be121f077d559acdb86;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 07:08:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IQiCXdikH067-EmFBDjg6HCQ-ZNTCBRBhWDaScbj-U2z8aNW3Ia7zQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 07:17:10 GMT
age: 40788
etag: "6dac89954db5946b9ac1fdca3196d8b6bb3f54c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

devilsms.live/clve-min.js

199.188.200.254

200 OK

51 kB

URL HTTP/2
devilsms.live/clve-min.js
IP
199.188.200.254:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (51069 bytes)
Hash
724ad5d75674097f5d14e70982a3bc6e
87146103e33be6cdf8d828351685c70f2a6cb7e3
d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260

HTTP Headers

GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 18:36:58 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Sat, 19 Nov 2022 18:36:58 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

authctznma1n0.ath.cx/efs/efs/grafx/arrow-right-orange.png

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/efs/efs/grafx/arrow-right-orange.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/efs/efs/grafx/arrow-down-blue.png

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/efs/efs/grafx/arrow-down-blue.png
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.woff

20.254.66.73

200 OK

93 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.woff
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with no line terminators
Size
93 B (93 bytes)
Hash
eba0198e09ac6c6d70f8300e903251ae
a32ec4928d4dfce66acf8bb360c741b120d2f3a6
d0d0a2db2f53b123855c80859445a56243265b9d65a7a7ef51c07ef6a760e4b7

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.woff HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 18:36:59 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 17:43:39 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: font/woff

authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.ttf

20.254.66.73

404 Not Found

315 B

URL HTTP/1.1
authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.ttf
IP
20.254.66.73:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/font/citizen_bold.ttf HTTP/1.1
Host: authctznma1n0.ath.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://authctznma1n0.ath.cx/53b0cfbb9882e0fc6bdcc9bcfdaffffa/css/main.css
Cookie: PHPSESSID=f465f1093417776580b2e9a2e98e255b

HTTP/1.1 404 Not Found
Date: Sat, 19 Nov 2022 18:36:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (53)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size