Report - dg12.duckdns.org/bankf/chase/xbalti%20v4/

Report Overview

Submitted URL
dg12.duckdns.org/bankf/chase/xbalti%20v4/
IP
34.227.14.98
ASN
#14618 AMAZON-AES
Submitted
2023-01-05 05:06:39
Access
Website Title
Final URL
Tags
chase financial phishing dyndns
urlquery detections
Phishing - Chase
Suspicious - DynDNS domain

Detections

urlquery
36
Network Intrusion Detection
4
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	65 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.43.158.219
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.6 kB	104.17.24.14
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
dg12.duckdns.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.8 kB	715 kB	34.227.14.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-05 05:06:17	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-01-05 05:06:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-01-05 05:06:17	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-01-05 05:06:17	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-04	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/	Chase Personal Banking

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.CardValidator.js	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.validate.min.js	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/MyBabyTwo.js	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.min.js	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/img/logo.svg	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/fonts/opensans-regular.ttf	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/fonts/dcefont.woff	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/img/desktopnight.jpeg	Phishing
2023-01-05	medium	dg12.duckdns.org/bankf/chase/xbalti%20v4/img/icon.ico	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/MyBabyTwo.js	44 kB	2023-03-07	2023-11-29
Pretty URL dg12.duckdns.org/bankf/chase/xbalti%20v4/js/MyBabyTwo.js IP 34.227.14.98 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:43 Last Seen2023-11-29 01:34:02 Times Seen27 Hash 59527eea40d7bee599de1a11f3c72698 62c4490050fb23a1ca097f05d85dd31f733a3652 ad0f1cfae7a242160baaf238cc40f9ef344b45337ec80ca8e57f6af6aba41914 Loading...

	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.min.js	160 kB	2023-03-07	2024-04-15
Pretty URL dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.min.js IP 34.227.14.98 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-15 09:41:25 Times Seen198 Hash 50f1aacb05fc40763064d74404c5bcb2 b3c28cab2fc387c630cf23704dde2f1b5013747c 6e1297448cf350be58ab05a6c413fa4d4b97440a0a3ab97fb03c09ff49af5ad4 Loading...

	dg12.duckdns.org/bankf/chase/xbalti%20v4/	126 B	2023-03-07	2024-04-23
Pretty URL dg12.duckdns.org/bankf/chase/xbalti%20v4/ IP 34.227.14.98 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-23 18:22:30 Times Seen119 Hash 8740b4845ab9cab32fb62a6fad538bd4 ced8c839fd8be627298b22c0e5bafee66e700d32 525f18739bc66c1a58912857307bf9c0df387ac5f3c9f585780dc101418a40e2 Loading...

	dg12.duckdns.org/bankf/chase/xbalti%20v4/	42 B	2023-03-07	2024-04-15
Pretty URL dg12.duckdns.org/bankf/chase/xbalti%20v4/ IP 34.227.14.98 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-15 09:41:25 Times Seen154 Hash 2761a67601de260a37acfd3820c114ca d7bfce876cf1303475303d3bc4e6d6c1d9b332c5 696cce9ea2564c7309810ef098e91ce166edaca99d905e1be65f81450f31ff19 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-05-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-05-07 20:46:58 Times Seen3671 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.CardValidator.js	6.4 kB	2023-03-07	2024-04-15
Pretty URL dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.CardValidator.js IP 34.227.14.98 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-15 09:41:25 Times Seen437 Hash fb905575d35b1762182c0bdb0156a8e7 5d7364bb8423174608a55975e985138b09ef16f0 2e31f31633d04598c60731878851d821eaa4403af63b930d58bb10bc9c0428a2 Loading...

	dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.validate.min.js	34 kB	2023-03-07	2024-05-02
Pretty URL dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.validate.min.js IP 34.227.14.98 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-05-02 15:26:27 Times Seen421 Hash 9ea64390e300ed1a23e2b62b7cd5cb20 7df056209ee2091fc674aa9f59a1063c072e9e32 b8302f6aead75ca339781930167f4e1ad42f50cf7e17b654c93159037fc9fd20 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5531a5834816222280f20d1ef9e95f69	4 B	2023-03-12	2024-01-28
Pretty Observations First Seen2023-03-12 12:17:15 Last Seen2024-01-28 13:22:54 Times Seen21116 Hash 5531a5834816222280f20d1ef9e95f69 445cd2fd3273962bdf09425109a2d09f7170e837 d398b29d3dbbb9bf201d4c7e1c19ff9d43c15fd45a0cec46fbe9885ec3f6e97f Loading...

HTTP Transactions (38)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b5997a492d3d161c9009d95add566733
9db765ae549ebe4aa859ca27abe365cf7f62dc4d
1ec0de25b0afd3b402c728b9c6b47c4fcf25fb989052427886841a3f52510a0e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1EC0DE25B0AFD3B402C728B9C6B47C4FCF25FB989052427886841A3F52510A0E"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8200
Expires: Thu, 05 Jan 2023 07:23:07 GMT
Date: Thu, 05 Jan 2023 05:06:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5333
Expires: Thu, 05 Jan 2023 06:35:20 GMT
Date: Thu, 05 Jan 2023 05:06:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
225d42543c0190cdb3686bf236533f4f
13a0940800fce078487372b6b3ca614dd1ab6c31
766bbe15eb1642ac39e9b71669fbb44252471c8de5adb555cd1a76db44fbe7bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "766BBE15EB1642AC39E9B71669FBB44252471C8DE5ADB555CD1A76DB44FBE7BC"
Last-Modified: Mon, 02 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4857
Expires: Thu, 05 Jan 2023 06:27:24 GMT
Date: Thu, 05 Jan 2023 05:06:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 05 Jan 2023 04:47:49 GMT
content-type: application/json
age: 1118
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: zq2vU9BACN5D0XDBUK1hZQuUmbmiN+te1ZE6kd+neiSTJwB4pooJ1lBICOXZcUWkCUchcSA34ZU=
x-amz-request-id: D1W0NP98Z9ZJMYVS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 05 Jan 2023 04:59:24 GMT
age: 423
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 05:06:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 05 Jan 2023 04:33:37 GMT
age: 1971
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fe74c226e54f2f382d278b594df930ae
4e4ebc661443f56b74d7c924ddae50bcb107f0af
511f11fe968867447f6d7e5862d8003e3a5fc18bdb62496ea09d140e9a11f53b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4352
Cache-Control: max-age=105175
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 05:06:28 GMT
Etag: "63b541ab-1d7"
Expires: Fri, 06 Jan 2023 10:19:23 GMT
Last-Modified: Wed, 04 Jan 2023 09:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.43.158.219

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.158.219:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: G17hdKgDo1t+gp0C7AyWdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ykKsXwXYII5/hjEVqqkX58FjEho=

dg12.duckdns.org/bankf/chase/xbalti%20v4/

34.227.14.98

200 OK

142 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5779), with CRLF, LF line terminators
Size
142 kB (142045 bytes)
Hash
ce617439f3f2a2f4c18120441d7fbbaa
51fb93a5f194a62bbb06c853c5ffb50b119b2221
ce5ed3e8eb67925a36c316ee77fd1532c73b1b49d74038e00745a4353103fe23

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Chase Personal Banking
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/ HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.24.14

200 OK

4.5 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.5 kB (4517 bytes)
Hash
e40e054c5726f042bad463e3774a2777
5c9413b72837a440b327444104830c35ae3b052c
fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 05 Jan 2023 05:06:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6700303
expires: Tue, 26 Dec 2023 05:06:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8qXJLJ3jyR4lWwCxWZMIoU6lPXTgA%2BrWHPuGbssyxJyugggmkOGbZxCk0oJX9ejJvNvKvKCVIpcSFICHsKvJ3GR5vwIgNRtozfdx70e0Uk2KuWanQRH0MQGx0iIYrCAvDto0jViu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7849af52a8aab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

dg12.duckdns.org/bankf/chase/xbalti%20v4/css/lostyle.css

34.227.14.98

200 OK

16 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/css/lostyle.css
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with CRLF line terminators
Size
16 kB (15956 bytes)
Hash
8caeecf9afc9290ddb1fddd0dc6631d1
9e2b379226bfc47b963fe33dd4ecb71da056eedd
7d27898c3d4e3e2f6bfce2d14c1bface75802ae741d44364c41e0be93698a17d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /bankf/chase/xbalti%20v4/css/lostyle.css HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:28 GMT
Server: Apache
Last-Modified: Thu, 09 Apr 2020 05:00:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15956
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.CardValidator.js

34.227.14.98

200 OK

2.1 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.CardValidator.js
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
ASCII text
Size
2.1 kB (2083 bytes)
Hash
5e3812c918f22e125f3ea8c08bceaf76
d5e6624b80474ea77e1adb60db6b0ded24205627
31d0740c9a71776c253640a6915be5b120d3e90b6765d1d46f94c72a908b185e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/js/jquery.CardValidator.js HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:28 GMT
Server: Apache
Last-Modified: Tue, 29 Aug 2017 06:03:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2083
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.validate.min.js

34.227.14.98

200 OK

8.0 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.validate.min.js
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (833), with CRLF line terminators
Size
8.0 kB (8046 bytes)
Hash
0d22a2c375340d6f68c7832f5bda6a01
16dfdcf36be9b17505177bf189baa072391da753
045beaf8c0f59e447b3bc0e6aa42da1c9cc563bf68eedcdd17f378afd0a084fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/js/jquery.validate.min.js HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:28 GMT
Server: Apache
Last-Modified: Sat, 11 Aug 2018 21:12:40 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8046
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

dg12.duckdns.org/bankf/chase/xbalti%20v4/js/MyBabyTwo.js

34.227.14.98

200 OK

6.8 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/js/MyBabyTwo.js
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (40849), with CRLF line terminators
Size
6.8 kB (6824 bytes)
Hash
8254e8a3428a728185dc342d9a2a172c
489655fac529ebf336d44cd2db4d5bc51d495b2c
c67b38c99767d51affcfa328176d6fbb58c65572acba0263439675cb11654417

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/js/MyBabyTwo.js HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:28 GMT
Server: Apache
Last-Modified: Sat, 18 Apr 2020 06:55:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6824
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

dg12.duckdns.org/bankf/chase/xbalti%20v4/css/style.css

34.227.14.98

200 OK

68 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/css/style.css
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with CRLF line terminators
Size
68 kB (68491 bytes)
Hash
4bb7500c8e365a32a7430a3eb3c16f67
286b2e8c9959b219109e21f52c6ef54975e7a172
a6745a01df880c2b8abc2b129a84ce094865e8bc132399f40791f07c13ecfaf4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /bankf/chase/xbalti%20v4/css/style.css HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:28 GMT
Server: Apache
Last-Modified: Sat, 04 Apr 2020 05:40:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.min.js

34.227.14.98

200 OK

40 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/js/jquery.min.js
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (568)
Size
40 kB (40021 bytes)
Hash
514a4c838e493228ce16d0b1b5914751
78b1e5eaef6056170d8995820ae5277fe5c9a7a5
4f0974852ba99efb4adb48759d70ea2dc69e7a9f9a824f9947d1a136c8145565

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/js/jquery.min.js HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:28 GMT
Server: Apache
Last-Modified: Fri, 17 Apr 2020 16:17:40 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 40021
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

dg12.duckdns.org/bankf/chase/xbalti%20v4/img/alert.gif

34.227.14.98

200 OK

6.6 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/img/alert.gif
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
GIF image data, version 89a, 240 x 240\012- data
Size
6.6 kB (6593 bytes)
Hash
0c78bd4db596678d440227c2a11cdde0
5a9a5d98aa966e861f375d5b363658e754757c63
d1fe32049ac86d93af566c00ee26b4e846367056de70da4bc8276ec09e9c6d41

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /bankf/chase/xbalti%20v4/img/alert.gif HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Tue, 07 Apr 2020 09:12:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6593
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

dg12.duckdns.org/bankf/chase/xbalti%20v4/img/emdef213.png

34.227.14.98

200 OK

26 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/img/emdef213.png
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
26 kB (25517 bytes)
Hash
3b33db54b9ebcf9eedb23e3617e7d9dc
5bd64751e4c28970e2e8f330762cb1e452ae44b0
84c2db6f485b26a1c6c8e892ce0e3df401f6a500638e6c8a2f578cfab1015468

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /bankf/chase/xbalti%20v4/img/emdef213.png HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Sun, 05 Apr 2020 08:34:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 25517
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

dg12.duckdns.org/bankf/chase/xbalti%20v4/img/logo.svg

34.227.14.98

200 OK

645 B

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/img/logo.svg
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
645 B (645 bytes)
Hash
d9f9bf9d31b5f774a174920f02af0cbd
32207860ceec665b5e3e43cb93964942d8c95494
152fa82655f284db8ec59d3a30631f9ebdb0e2ef44e94801d0a569881f39f956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/img/logo.svg HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/css/lostyle.css
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Sat, 04 Apr 2020 04:54:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 645
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

dg12.duckdns.org/bankf/chase/xbalti%20v4/img/congra.png

34.227.14.98

200 OK

20 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/img/congra.png
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (19567 bytes)
Hash
26813f71d5be84e07001bd432cdab215
3b1740c4f06aa79728b944df179c0dbe715f70dd
83931c78b4c71416b917c1e231007aaf4fe12711c1176bd749cd5cf8490a0872

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /bankf/chase/xbalti%20v4/img/congra.png HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Tue, 03 Dec 2019 03:22:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19567
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

dg12.duckdns.org/bankf/chase/xbalti%20v4/img/loading.gif

34.227.14.98

200 OK

22 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/img/loading.gif
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
GIF image data, version 89a, 200 x 200\012- data
Size
22 kB (22244 bytes)
Hash
9e8b5cfc377e504c83f3d90c60290757
dd2931f061a3e20a5c352671650a8c57e476af31
697a7910fdd807a95871b25d2430185d95e585ef08f3998a5fd6bf29583fc7b4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /bankf/chase/xbalti%20v4/img/loading.gif HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Sat, 11 Aug 2018 20:03:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22244
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

dg12.duckdns.org/bankf/chase/xbalti%20v4/fonts/opensans-regular.ttf

34.227.14.98

200 OK

25 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/fonts/opensans-regular.ttf
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
TrueType Font data, 19 tables, 1st "FFTM", 18 names, Microsoft, language 0x409, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans\012- data
Size
25 kB (24702 bytes)
Hash
813f15507201fff80e70d44b3625ed33
e064bf094b063661d54592ec1ce7922848d9081c
75fc65ef4942d7905326db1102af7dc166908c1abe070537c5589f629bfadb16

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/fonts/opensans-regular.ttf HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Wed, 15 Apr 2020 20:35:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 24702
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/ttf

dg12.duckdns.org/bankf/chase/xbalti%20v4/fonts/dcefont.woff

34.227.14.98

200 OK

70 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/fonts/dcefont.woff
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
Web Open Font Format, TrueType, length 70296, version 0.0\012- data
Size
70 kB (70296 bytes)
Hash
2ec43bffa4424b28d0cc96b37cca33a4
1cde2661fb95ece87155c7931d5da6911331ef43
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Chase
urlquery	phishing	Phishing - Chase
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/fonts/dcefont.woff HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/css/style.css
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Sat, 04 Apr 2020 05:34:38 GMT
Accept-Ranges: bytes
Content-Length: 70296
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

dg12.duckdns.org/bankf/chase/xbalti%20v4/img/desktopnight.jpeg

34.227.14.98

200 OK

251 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/img/desktopnight.jpeg
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
251 kB (251301 bytes)
Hash
8eed6a4ff878c978d0b3252ace5e3f2d
501c47c1503ecab3cba0bd2f70db87850026a8c0
923c71d85d050a0804bdd49c3225dd379b119cd98770b4f82a24f155a9123bd5

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/img/desktopnight.jpeg HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Thu, 16 Apr 2020 05:01:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg

dg12.duckdns.org/bankf/chase/xbalti%20v4/img/icon.ico

34.227.14.98

200 OK

5.9 kB

URL HTTP/1.1
dg12.duckdns.org/bankf/chase/xbalti%20v4/img/icon.ico
IP
34.227.14.98:0
ASN
#14618 AMAZON-AES

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.9 kB (5883 bytes)
Hash
02265c4eb6f403e6fc61bc5194c40c4f
359d280d39b25c02a65c927a6ce01d4dc24b4106
52f3bcf3ee4a82c878561952252adb9bea1d54899b5150b3f1db22dbc6798ecc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Phishing

HTTP Headers

GET /bankf/chase/xbalti%20v4/img/icon.ico HTTP/1.1
Host: dg12.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dg12.duckdns.org/bankf/chase/xbalti%20v4/
Cookie: PHPSESSID=a70cb2092136d6bca77831539b9b9103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 05:06:29 GMT
Server: Apache
Last-Modified: Sun, 13 Sep 2020 21:49:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5883
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5598
Expires: Thu, 05 Jan 2023 06:39:47 GMT
Date: Thu, 05 Jan 2023 05:06:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5598
Expires: Thu, 05 Jan 2023 06:39:47 GMT
Date: Thu, 05 Jan 2023 05:06:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5597
Expires: Thu, 05 Jan 2023 06:39:47 GMT
Date: Thu, 05 Jan 2023 05:06:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5597
Expires: Thu, 05 Jan 2023 06:39:47 GMT
Date: Thu, 05 Jan 2023 05:06:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5597
Expires: Thu, 05 Jan 2023 06:39:47 GMT
Date: Thu, 05 Jan 2023 05:06:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5507a575-db90-4030-a625-ae482beacb61.jpeg

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5507a575-db90-4030-a625-ae482beacb61.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9690 bytes)
Hash
165bf3d40f0584e3b9839304ede47c76
27da520440229f2239721371d9338eb81a8b4b93
00075a96a87b16edb302ccc862e0dc9691c7195ac227ae805bc88ebe8dd3ee52

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5507a575-db90-4030-a625-ae482beacb61.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9690
x-amzn-requestid: eba6ad45-abca-4781-88d0-28514de35851
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePMB5GxGIAMFZcA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f3a5-2f3844833b7ead4f7121ae11;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:46:13 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AUNmGdRW5uyYG9Yiwi4ZR7Ss-aD5k5FuDgyHAgnuJgmtG-S2WQ4T6w==
via: 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:57:37 GMT
age: 25733
etag: "27da520440229f2239721371d9338eb81a8b4b93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F625ac435-5ac8-46ca-9178-7aa9cb621f60.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8307 bytes)
Hash
c820340d5ed98c9573754e3a749bf40c
09d31b45d4cc16c4d321e616e5445d9ba921a1ba
2a69c58358ae763ddef6603f783d7d25c465ff4d3777e6bd540c1b673381813a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F625ac435-5ac8-46ca-9178-7aa9cb621f60.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8307
x-amzn-requestid: 37c27710-0d63-49f5-b929-87fa6fc9d654
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eKbG0GL1oAMFZCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b40bc5-2a3a53235b7c4f9c21dcb51e;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 11:04:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SEpv7jTgKBOEfRLOfLuDOmiadNqYRsIFfVthmVndwcA55BGXLYTV5Q==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 03:34:22 GMT
age: 5528
etag: "09d31b45d4cc16c4d321e616e5445d9ba921a1ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7501442a-ef54-4aa9-a3fa-5362c9f60911.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4974 bytes)
Hash
17023e595d475bd09cd8768fe4099525
f79bc11eb9f5db4d750468d3c896502fdd2b7b23
cccac0d1215a6f0f285dd89c614d2580a2a7fb7c00eff50a8606c78921569b25

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7501442a-ef54-4aa9-a3fa-5362c9f60911.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4974
x-amzn-requestid: 2196cf39-c7fa-4b0b-88d0-04de5751e42f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eKpNxF2_oAMFuNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b42257-33a6f0245389c4b570748d0a;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 12:40:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2ImXkXs0qipRgLRoLbrA4pC_CM2zVNxjVkZ8M3rA0mKls4rq2PoVVQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 05:43:42 GMT
age: 84168
etag: "f79bc11eb9f5db4d750468d3c896502fdd2b7b23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f013561-93d6-474a-8f03-299013f0ba30.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7367 bytes)
Hash
db1b2573cd90d9c94112bc677d90d8a7
52830fa620718a629970f4ca9df109ea1d979f2d
f869d532534d81fd1335a9182409f9f1dda1ec7e8dba6445bcd219aec5f5d1e2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f013561-93d6-474a-8f03-299013f0ba30.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7367
x-amzn-requestid: 24c48b0b-7f01-4f67-b37e-8bc7ed792c36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eGlAJEqsIAMFeIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b28200-0813561555102cf079fd916a;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 07:04:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 37GusA4sbXjkTta8RVbfbgH9DBDcURpydCozw6ZQmS5biBUxqPZEGQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 07:35:50 GMT
age: 77440
etag: "52830fa620718a629970f4ca9df109ea1d979f2d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e008157-006e-4fc4-a009-988efdb9c19f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8464 bytes)
Hash
8be0ecd7647e0d987924b87ff341aaf0
44b7669ac425df3a3212b8c44bb49c8341422057
e4baa8a7c3ac7e057edc5ead61473f8d1eca9c4942fc7d674e57cf79fd9d5711

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e008157-006e-4fc4-a009-988efdb9c19f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: 699d42b6-4512-4db8-a4e3-9635a37054af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eMnz-FZPoAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b4ece6-266bef8e32f275ea38badc4b;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 03:05:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GLN3aKPZ0qArusZ5N_2bjKzKBhA4Fh1OU9osvyxTPiG-Tk8R5CVoNQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 03:40:17 GMT
age: 5173
etag: "44b7669ac425df3a3212b8c44bb49c8341422057"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d88b301-0fcb-4763-915d-1cd04e82663f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7329 bytes)
Hash
f22f65ce84ef540224278e198edbe5dd
e64e4d49a0a630036019dbb06a8e5a526323975f
ad334d8c521c61a83836cecc0c2b2e19381d361c75a8f79a2c00536fdad5f4df

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d88b301-0fcb-4763-915d-1cd04e82663f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7329
x-amzn-requestid: b78bdef1-e211-44e7-b08f-47be8c5ea903
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eJWIBGiYoAMF3EA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b39d66-283f922756ee2b985c85bbb6;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 03:13:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ndC9iWs4MJqPSlJXAoFBp-DIdCdgMWE7Jx1xY7_z1qoBOqdF6LxMpQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 03:23:52 GMT
age: 6158
etag: "e64e4d49a0a630036019dbb06a8e5a526323975f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb16f641-0924-4c5c-9f83-6779c59c746a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11381 bytes)
Hash
7711a1490729319952a150b84e91a5d6
11fda31d48a4df3fd6346d92f45a680f500bff64
e9663e981c6716c243b58ac99549dfbe6dd8371c42d50add46457b5911f63529

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb16f641-0924-4c5c-9f83-6779c59c746a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11381
x-amzn-requestid: 6964d7af-01cd-425b-aeb9-89a336f83a25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePKyuGyJoAMF91Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1aa-62558f6852d5861033eecdef;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BQpaWc_3xnsf6SPx3UvVIfgBRURZkVYrXyKQi6Khv6_90Ao78BZDeg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:55:08 GMT
age: 25888
etag: "11fda31d48a4df3fd6346d92f45a680f500bff64"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (38)

URL HTTP/1.1

IP

ASN