Report - avrgpro.com/afcu/Acu/Login.php

Report Overview

Submitted URL
avrgpro.com/afcu/Acu/Login.php
IP
45.60.97.185
ASN
#19551 INCAPSULA
Submitted
2023-01-28 10:36:26
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.111.148
dpm.demdex.net	204	2012-05-22T07:45:05Z	2023-03-13T05:18:25Z	2.5 kB	4.7 kB	34.248.130.67
sstats.americafirst.com	366317	2020-05-20T11:51:11Z	2023-03-07T05:56:24Z	526 B	901 B	13.37.25.97
cm.everesttech.net	996	2017-01-30T05:59:57Z	2023-03-13T05:18:24Z	422 B	475 B	18.201.4.185
assets.adobedtm.com	512	2014-01-28T05:51:35Z	2023-03-13T05:29:24Z	418 B	13 kB	2.18.172.233
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.0 kB	2.2 kB	93.184.220.29
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	368 B	21 kB	142.250.74.46
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
secure.americafirst.com	369107	2021-10-25T22:34:37Z	2023-03-12T09:43:43Z	1.8 kB	56 kB	216.51.43.116
americafirstcreditunion.demdex.net	387571	2017-05-12T10:45:16Z	2023-03-07T05:56:24Z	498 B	3.4 kB	34.248.130.67
canarytokens.com	380733	2017-02-08T15:30:16Z	2023-03-10T13:52:18Z	331 B	225 B	52.18.63.80
americafirstcreditun.tt.omtrdc.net	341132	2013-05-12T12:25:20Z	2023-03-05T20:33:59Z	540 B	21 kB	52.31.125.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.0 kB	5.3 kB	23.36.76.226
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
avrgpro.com	unknown	2017-02-28T14:55:05Z	2023-03-09T16:27:30Z	13 kB	619 kB	45.60.97.185
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.3 kB	63 kB	34.120.237.76
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	680 B	1.9 kB	172.64.155.188
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	686 B	1.4 kB	142.250.74.131
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	944 B	54.230.245.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-28 10:36:21	high	Client IP	52.18.63.80	ETPRO POLICY Observed HTTP Request to Canary Token Service
2023-01-28 10:36:22	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-01-28 10:36:22	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-27	medium	avrgpro.com/afcu/Acu/Login.php	America First Credit Union
2022-12-27	medium	avrgpro.com/afcu/Acu/Login.php	America First Credit Union

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-28	medium	avrgpro.com/afcu/Acu/Login.php	Phishing
2023-01-28	medium	avrgpro.com/afcu/Acu/Login.php	Phishing
2023-01-28	medium	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js	Phishing
2023-01-28	medium	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/analytics.js	Phishing
2023-01-28	medium	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.js	Phishing
2023-01-28	medium	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js	Phishing
2023-01-28	medium	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.js	Phishing
2023-01-28	medium	avrgpro.com/ruxitagentjs_D_10237220328075400.js	Phishing
2023-01-28	medium	avrgpro.com/ruxitagentjs_D_10237220328075400.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	avrgpro.com/afcu/Acu/Login.php	1.1 kB	2023-03-10	2023-03-14
Pretty URL avrgpro.com/afcu/Acu/Login.php IP 45.60.97.185 ASN #19551 INCAPSULA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:28:01 Last Seen2023-03-14 18:35:41 Times Seen1 Hash 232ac6e4021a996986b0fe27cd05f8cf 58b69d795965267cc271e8fcf4be22cde977c188 abbe8c48700a64d2d2c8695c04da07a70262117d2fb718bb469f1f08ca3a1f94 Loading...

	avrgpro.com/afcu/Acu/Login.php	449 B	2023-03-10	2023-03-14
Pretty URL avrgpro.com/afcu/Acu/Login.php IP 45.60.97.185 ASN #19551 INCAPSULA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:28:01 Last Seen2023-03-14 18:35:41 Times Seen1 Hash b5dd00727b164cc37ee4f84d44e7186a 2592a2b5f7e5a173e3a20fb1d9aaaeca5b158eb3 0a70bd0dbbcfa9a685c7fa339959aca3169aa42fb1c0b643b32c35a45f5b8cda Loading...

	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/analytics.js	50 kB	2023-03-10	2023-03-13
Pretty URL avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/analytics.js IP 45.60.97.185 ASN #19551 INCAPSULA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:28:01 Last Seen2023-03-13 15:15:20 Times Seen1 Hash 7c1f9254c3c76f62a5c46b4eae995bf8 6e355124257c9deb1854718fefbdf0e2836edf9b bf0d223cd640e2cf11fc6e3269eb52c1d0bd13848dcc66ca976e12477a4f8b26 Loading...

	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js	33 kB	2023-03-10	2024-02-07
Pretty URL avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js IP 45.60.97.185 ASN #19551 INCAPSULA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:28:01 Last Seen2024-02-07 05:46:56 Times Seen1 Hash 19b697198488aa8ed5f6c7de52156d42 068be580d93e13d0d41237df286b001266aabc57 7295edc714344081717ef4527cceb39c3c3d3180bdde137924210e950f1ab047 Loading...

	assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js	34 kB	2023-03-07	2024-05-06
Pretty URL assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js IP 2.18.172.233 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-06 16:06:59 Times Seen24986 Hash f259ee6445c19c2ce3c64a1b117a4f35 a4c64554f653ab4e5bd5d2d03ce5685bb0a9ddb8 d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32 Loading...

	americafirstcreditunion.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Favrgpro.com	6.7 kB	2023-03-07	2024-03-23
Pretty URL americafirstcreditunion.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Favrgpro.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	avrgpro.com/afcu/Acu/Login.php	460 B	2023-03-10	2023-03-14
Pretty URL avrgpro.com/afcu/Acu/Login.php IP 45.60.97.185 ASN #19551 INCAPSULA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:28:00 Last Seen2023-03-14 18:34:01 Times Seen1 Hash 1ee0e4ae22183c18a8979da849d456c5 eabce6425481eaa54801b128c98c7c276d49ac05 f9e0595e30040e67c0f92aad5e02a83c28f783bb8269c2b14e9034aee8c761c6 Loading...

	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js	229 kB	2023-03-10	2023-03-13
Pretty URL avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js IP 45.60.97.185 ASN #19551 INCAPSULA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:28:01 Last Seen2023-03-13 15:15:20 Times Seen1 Hash 1a2118b690758acbc992d081f43bcd75 fd018f0b2b3fdf2ae4703472a44f8446f6e4ae52 be1fc1afc4e48de488498624ac4dc1d7eef43b43c6d56ca23eee789850dffbc1 Loading...

	avrgpro.com/afcu/Acu/Login.php	422 B	2023-03-07	2024-01-12
Pretty URL avrgpro.com/afcu/Acu/Login.php IP 45.60.97.185 ASN #19551 INCAPSULA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:46:22 Last Seen2024-01-12 04:38:59 Times Seen117 Hash 0f8c4cebc0f30cfb1781291cd3827b22 3750585a4e96e92212ce4452bc4f66a5ac024a55 6bd2c8d6568f84f0711c68953b24f72974b352b8bbfa137bf890e4dbd9dc6c65 Loading...

	avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/ruxitagentjs_ICA2QVfgjqru_10237220328075400.js	310 kB	2023-03-10	2023-03-13
Pretty URL avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/ruxitagentjs_ICA2QVfgjqru_10237220328075400.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:28:00 Last Seen2023-03-13 15:15:20 Times Seen1 Hash fc33f675267f35dab6132809288f37de 66b656e6d3d118c622f5ae9c493caf02713564a6 87633edeebdb1a8a832df425fba3ae3817ec2710a7ada0c81174ff02a2c92254 Loading...

HTTP Transactions (56)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3125
Expires: Sat, 28 Jan 2023 11:28:20 GMT
Date: Sat, 28 Jan 2023 10:36:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19136
Expires: Sat, 28 Jan 2023 15:55:11 GMT
Date: Sat, 28 Jan 2023 10:36:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6207
Expires: Sat, 28 Jan 2023 12:19:42 GMT
Date: Sat, 28 Jan 2023 10:36:15 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 10:35:29 GMT
content-type: application/json
age: 46
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 5nk/6kNny3Blq0g7wque7CkvJk3CyMt3nIMu6W9P0Gr3hbd7Ccf4RnJLcHrNK2exVcTpxzJ5ydgtjeSMtN3+Vw==
x-amz-request-id: REJ4XSCN1VPF0E0Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 09:49:49 GMT
age: 2786
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 10:36:15 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/Login.php

45.60.97.185

302 Found

222 B

URL HTTP/1.1
avrgpro.com/afcu/Acu/Login.php
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
222 B (222 bytes)
Hash
df34fe242a76222f8c3925811be54d5c
12c50d669f9e3b5262b3c462219fa901b5f961f5
f626268f367c7a8ed503c70f1c258e5cfd4b0c3f78d01cfad9089857f1e0ef7d

Detections

Analyzer	Verdict	Alert
openphish	America First Credit Union
fortinet	Phishing

HTTP Headers

GET /afcu/Acu/Login.php HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 10:36:15 GMT
Server: Apache
Location: https://avrgpro.com/afcu/Acu/Login.php
Content-Length: 222
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; expires=Sun, 28 Jan 2024 07:11:44 GMT; HttpOnly; path=/; Domain=.avrgpro.com
incap_ses_1369_2798871=zbyCZom3UyPydtg1xqr/Ep/61GMAAAAAY6Fndogzd/j8IOeB40a4Qw==; path=/; Domain=.avrgpro.com
X-CDN: Imperva
X-Iinfo: 14-47265890-47265892 NNNN CT(46 -1 0) RT(1674902175775 5) q(0 0 1 0) r(1 1) U11

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3990
Expires: Sat, 28 Jan 2023 11:42:46 GMT
Date: Sat, 28 Jan 2023 10:36:16 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 09:41:40 GMT
age: 3276
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.149.111.148

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.111.148:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Vd5fTw05oxWSlhXvRUXNTA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tyHlKqHM9D2KnQnykqoKhEWrDMs=

avrgpro.com/afcu/Acu/Login.php

45.60.97.185

200 OK

132 kB

URL HTTP/2
avrgpro.com/afcu/Acu/Login.php
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9774)
Size
132 kB (132372 bytes)
Hash
1219f72e03f21374516435fdbf0927d1
79d995051c07e6bb32fc6e7238bdce7e29d18228
27d6308981fce5e6ab67bf352b4c26e7185c93a89796fa60398292c1c6023a99

Detections

Analyzer	Verdict	Alert
openphish	America First Credit Union
fortinet	Phishing

HTTP Headers

GET /afcu/Acu/Login.php HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:36:16 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/html; charset=UTF-8
set-cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; expires=Sun, 28 Jan 2024 07:11:44 GMT; HttpOnly; path=/; Domain=.avrgpro.com
incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==; path=/; Domain=.avrgpro.com
x-cdn: Imperva
x-iinfo: 14-47265956-47266026 NNNN CT(51 51 0) RT(1674902176210 193) q(0 0 1 0) r(1 1) U12
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js

45.60.97.185

200 OK

72 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (71676 bytes)
Hash
b61b3e206d5075767ed8c59e888e9f30
32a553c29a4d50b0ce6f036126bba7220a380f14
93f767545f8877f79ce5c9fbff02c1b1c2b71d55bd0eb9cfd178e2fda66f6695

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "6d33eb70"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 71676
content-encoding: gzip
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 688) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/analytics.js

45.60.97.185

200 OK

20 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/analytics.js
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
ASCII text, with very long lines (14812)
Size
20 kB (19844 bytes)
Hash
c2ace65be0af2841ae578bcca6bac41e
87f419836a9c4040095bf2539eb490a8649c2c18
f16cd2cce4045368168dd4a205b8f01c969c502524e3df69d41bbc2d977f389a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/analytics.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "bfa652fb"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 19844
content-encoding: gzip
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 689) q(0 -1 -1 -1) r(1 -1)
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.css

45.60.97.185

200 OK

1.1 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.css
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1107 bytes)
Hash
7dfe867dc6a23f81c7f54f83c4c93c4e
0ccb4eb6981015623bd94f21ace328fb62f9bcac
a3c6eb524612691e533b3512279b6c4d2790e09bbc6813b4417e6f219a165262

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/app.css HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "67a6a5ce"
last-modified: Tue, 24 May 2022 05:09:32 GMT
content-type: text/css
content-length: 1107
content-encoding: gzip
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 691) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.js

45.60.97.185

200 OK

63 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.js
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
63 kB (63335 bytes)
Hash
cd07d1e455a8170f8e7981c87f058dcf
263410d33e11a0454256945119a443700a3e421b
3748a011f14cc2adb0ff6d8558e717799e3b07f2a1bb8531c23c9fbfa157573b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/app.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "4ad07136"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 63335
content-encoding: gzip
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 694) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.css

45.60.97.185

200 OK

120 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.css
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
ASCII text
Size
120 kB (119589 bytes)
Hash
c2cd3099cbc98916ca43b32d160b4674
2cc79c97eff2bebac360da34a00dee7a4e8dcb8f
9ddf7961a2e1c34aff3b1fa3245ad044f7aba5c613cff0ee3926b07343d0bb5d

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.css HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "582be71c"
last-modified: Tue, 24 May 2022 05:16:36 GMT
content-type: text/css
content-length: 119589
content-encoding: gzip
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 692) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js

45.60.97.185

200 OK

12 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
ASCII text, with very long lines (33334), with no line terminators
Size
12 kB (12086 bytes)
Hash
2ef41156365629385c86821bb4d1d2af
f61b2fdfa441a6edbc53a4db7931db8da8d59c9e
714b580647b34daae3ae628914739ff97814ab65b67fbea18a67fba5a0a6d0f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "df698d5e"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 12086
content-encoding: gzip
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 690) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/logo-desktop-inverse.png

45.60.97.185

200 OK

6.9 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/logo-desktop-inverse.png
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
PNG image data, 390 x 134, 8-bit colormap, non-interlaced\012- data
Size
6.9 kB (6942 bytes)
Hash
1e294edb03f6c6aad7da011e5f42b2e4
bc7f9150741b80e29e54bdda0285fca09b98b7ea
522339b3af26cde9d1a7963d11581ec5c18f71d142c27594626d1ee3a852d0fd

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/logo-desktop-inverse.png HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "ee985d29"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: image/png
content-length: 6942
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 696) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js

2.18.172.233

200 OK

12 kB

URL HTTP/2
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
IP
2.18.172.233:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32766)
Size
12 kB (12184 bytes)
Hash
ef1dca45932932a17b01c4b6946f6042
0f0f0501b7d48e1e2b2aead666d9b9b59c07720c
37d818de56459121621e8df2e54ff42109e6ac62fab1ead9aae508fab006073d

HTTP Headers

GET /extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12184
unused62: 8096267
expires: Sat, 28 Jan 2023 11:36:17 GMT
date: Sat, 28 Jan 2023 10:36:17 GMT
cache-control: no-cache
access-control-allow-origin: https://avrgpro.com
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9c61a659fc21720e8eb04f7acf8c1f04
749627b6730b74e25c4795e4d11ea49a77a4b5ac
7e8953d316bc55cf5ffe967bffacf9f1cdd9cf41b1a51cc04143a0f0c84c31bd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6151
Cache-Control: max-age=162790
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:36:17 GMT
Etag: "63d4bb80-1d7"
Expires: Mon, 30 Jan 2023 07:49:27 GMT
Last-Modified: Sat, 28 Jan 2023 06:06:56 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.js

45.60.97.185

200 OK

186 kB

URL HTTP/2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.js
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
Unicode text, UTF-8 text, with very long lines (65531), with no line terminators
Size
186 kB (186311 bytes)
Hash
90f7be05799f2f64d9df124e1fbb66db
c546cb6f9e2ec030b17ae66eaab885b71463b2ae
4218eda3cead519a378600e9e38deb019ec5dcf5f0ae42a946e6727259b04887

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: "a2d24cea"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 186311
content-encoding: gzip
cache-control: max-age=1, public
expires: Sat, 28 Jan 2023 10:36:17 GMT
date: Sat, 28 Jan 2023 10:36:16 GMT
x-cdn: Imperva
x-iinfo: 14-47265956-0 0cNN RT(1674902176210 695) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1674902179830

34.248.130.67

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1674902179830
IP
34.248.130.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1674902179830 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://avrgpro.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-085e2ce89.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1674902179830
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=62583411255116618861459188765305010764; Max-Age=15552000; Expires=Thu, 27 Jul 2023 10:36:17 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: cG/Mq2cPQ+4=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1674902179830

34.248.130.67

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1674902179830
IP
34.248.130.67:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1674902179830 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avrgpro.com
Content-Type: application/x-www-form-urlencoded
Referer: https://avrgpro.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://avrgpro.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0cfa310b8.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: I5FTiXdySHo=
Content-Length: 124
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15669
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 10:36:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15669
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 10:36:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13375 bytes)
Hash
b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 46040
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7585 bytes)
Hash
ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 42605
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7367 bytes)
Hash
1e309628617789c29791d3e5d7dfeb19
bdcc8216d475268a7429c69a6b49a2c1febb8ff2
8810db74253ce6101c61ad97c59a3558e4ae7387593ff7ac66003a0d309d04c8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7367
x-amzn-requestid: 1e89d117-3167-4873-b596-f7f93e75d009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EWHDYIAMF1tQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b5-17fd5e5649207dff1289c699;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ppdJECiDzgoYOBafVKAzErsXswgAYG83Glj_HFY9KgTJqdC5dqZYwA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:08 GMT
age: 46030
etag: "bdcc8216d475268a7429c69a6b49a2c1febb8ff2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12397 bytes)
Hash
0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 45581
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4475 bytes)
Hash
4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 45572
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 41557
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f88ae036c60df7cd066a8c37ada46ac1
50ec864638ffacb6ffe3f78a8a63bc603f124842
23afba448a7a6625bf7bf141f59b562b7ad1fac54c2274e8c8f5ea8b2dcd0036

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:36:18 GMT
Server: ECS (amb/6B92)
Content-Length: 471

avrgpro.com/ruxitagentjs_D_10237220328075400.js

45.60.97.185

404 Not Found

29 B

URL HTTP/2
avrgpro.com/ruxitagentjs_D_10237220328075400.js
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
f250ac1b1f4e1e4ccfb2ec8dcbbaaa60
1de4a6c02ddaeb04435975e80cce081f4f65de12
9ffcf79d60f88a0c44ebd9e028ce69ab44eab081dae308c36ab3dc8ca0ad15d7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ruxitagentjs_D_10237220328075400.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==; dtCookie=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597; rxVisitor=1674902179681IK31HL11CIEOG6HNO5BKO7K6H5N0146L; dtPC=-63$302179666_448h1vKGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0e0; rxvt=1674903979694|1674902179685; dtLatC=490; dtSa=-
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Sat, 28 Jan 2023 10:36:17 GMT
server: Apache
cache-control: no-cache
x-ds-version: 1672809868
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 29
content-type: text/html; charset=UTF-8
x-cdn: Imperva
x-iinfo: 14-47265956-47265585 2NNN RT(1674902176210 1271) q(0 0 0 -1) r(8 8) U11
X-Firefox-Spdy: h2

sstats.americafirst.com/id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1674902180237

13.37.25.97

200 OK

48 B

URL HTTP/2
sstats.americafirst.com/id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1674902180237
IP
13.37.25.97:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
6267c588d5c2af69a06e2925e3ac2be7
486a4a0e49ba6192a79a655edd892e8b106a78f9
c257b9bb788878e3ccefb8897dd0becd9fff1cf2f2e74bfcd93c744a3ffef04e

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1674902180237 HTTP/1.1
Host: sstats.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://avrgpro.com
access-control-allow-credentials: true
date: Sat, 28 Jan 2023 10:36:18 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=0%7CMCMID%7C37859533728723943011913798165590703138; Path=/; Domain=americafirst.com; Max-Age=63072000; Expires=Mon, 27 Jan 2025 10:36:36 GMT;
s_ecid=MCMID%7C37859533728723943011913798165590703138; Path=/; Domain=americafirst.com; Max-Age=63072000; Expires=Mon, 27 Jan 2025 10:36:36 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=37859533728723943011913798165590703138&ts=1674902180643

34.248.130.67

200 OK

898 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=37859533728723943011913798165590703138&ts=1674902180643
IP
34.248.130.67:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (2321), with no line terminators
Size
898 B (898 bytes)
Hash
154b02c489723ed42dd0f11b8b521221
7125f47d52dda2dfc6282207a3bbecaea914c96a
d8672156de8df585a5cda6bdd283f84482fb5c7e0ce3d471fb7a8c4086ba5968

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=37859533728723943011913798165590703138&ts=1674902180643 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://avrgpro.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0227c85fb.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=44694710706320539371153912715337217710; Max-Age=15552000; Expires=Thu, 27 Jul 2023 10:36:18 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: bFus2EhdQqM=
Content-Length: 898
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
01f8f8b189f570653c80c47e1e2a29c6
8de1eafaa6d237e66d7d799eec9f0369d1eba904
a69e2daa07b5c48192f6e2fbd053e14ff6b56cb92ab28f378e1291d394345845

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:36:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 27 Jan 2023 07:27:28 GMT
Expires: Fri, 03 Feb 2023 07:27:27 GMT
Etag: "8de1eafaa6d237e66d7d799eec9f0369d1eba904"
Cache-Control: max-age=506468,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79091617cae1b4e8-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
25be21377fa0821f8dbc12c13f657df8
f3fdeca4d751b2824cc0631d659a4e2a4db4f7bb
e981c5bc6e6820f280276d04dad2edde7e78df85708b3ee9e4519d5acc8327ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2401
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:36:18 GMT
Last-Modified: Sat, 28 Jan 2023 09:56:17 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
01f8f8b189f570653c80c47e1e2a29c6
8de1eafaa6d237e66d7d799eec9f0369d1eba904
a69e2daa07b5c48192f6e2fbd053e14ff6b56cb92ab28f378e1291d394345845

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:36:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 27 Jan 2023 07:27:28 GMT
Expires: Fri, 03 Feb 2023 07:27:27 GMT
Etag: "8de1eafaa6d237e66d7d799eec9f0369d1eba904"
Cache-Control: max-age=506468,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79091617ec72b4ff-OSL

americafirstcreditunion.demdex.net/dest5.html?d_nsid=0

34.248.130.67

200 OK

2.8 kB

URL HTTP/1.1
americafirstcreditunion.demdex.net/dest5.html?d_nsid=0
IP
34.248.130.67:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: americafirstcreditunion.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 28 Jan 2023 10:36:18 GMT
DCS: dcs-prod-irl1-1-v045-0ba8f5f7e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: sOAg9ONPRLk=
Content-Length: 2791
Connection: keep-alive

canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://avrgpro.com/afcu/Acu/Login.php&r=

52.18.63.80

200 OK

55 B

URL HTTP/1.1
canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://avrgpro.com/afcu/Acu/Login.php&r=
IP
52.18.63.80:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
55 B (55 bytes)
Hash
185695cd1669914f5338d8b0461ce776
283cd2c856f899ff4a8c4b0b9c20b3b9e56140f3
35679d2e3f0639729b18de7ae45abb47073fbbf1aa4bc59aa065991494d63d7d

Detections

NIDS	Severity	Alert
suricata	high	ETPRO POLICY Observed HTTP Request to Canary Token Service

HTTP Headers

GET /d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://avrgpro.com/afcu/Acu/Login.php&r= HTTP/1.1
Host: canarytokens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 10:36:18 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

secure.americafirst.com/fonts/roboto-latin-500.020c97dc.woff2

216.51.43.116

200

16 kB

URL HTTP/1.1
secure.americafirst.com/fonts/roboto-latin-500.020c97dc.woff2
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Size
16 kB (15872 bytes)
Hash
020c97dc8e0463259c2f9df929bb0c69
8f956a31154047d1b6527b63db2ecf0f3a463f24
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

HTTP Headers

GET /fonts/roboto-latin-500.020c97dc.woff2 HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"15872-1665719314000"
Last-Modified: Fri, 14 Oct 2022 03:48:34 GMT
Content-Type: font/woff2
Content-Length: 15872
Date: Sat, 28 Jan 2023 10:36:18 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

secure.americafirst.com/fonts/roboto-latin-400.479970ff.woff2

216.51.43.116

200

16 kB

URL HTTP/1.1
secure.americafirst.com/fonts/roboto-latin-400.479970ff.woff2
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Size
16 kB (15736 bytes)
Hash
479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

HTTP Headers

GET /fonts/roboto-latin-400.479970ff.woff2 HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"15736-1665719314000"
Last-Modified: Fri, 14 Oct 2022 03:48:34 GMT
Content-Type: font/woff2
Content-Length: 15736
Date: Sat, 28 Jan 2023 10:36:18 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

secure.americafirst.com/fonts/roboto-latin-500.87284894.woff

216.51.43.116

200

20 kB

URL HTTP/1.1
secure.americafirst.com/fonts/roboto-latin-500.87284894.woff
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
Web Open Font Format, TrueType, length 20464, version 1.1\012- data
Size
20 kB (20464 bytes)
Hash
87284894879f5b1c229cb49c8ff6decc
fb1bd3baf122d5d350eb387f0536c20da71f09df
ba98f991d002c6bfaaf7b874652ffdcde9261a86925db87df3ed2861ea080adf

HTTP Headers

GET /fonts/roboto-latin-500.87284894.woff HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"20464-1665719314000"
Last-Modified: Fri, 14 Oct 2022 03:48:34 GMT
Content-Type: font/woff
Content-Length: 20464
Date: Sat, 28 Jan 2023 10:36:18 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

americafirstcreditun.tt.omtrdc.net/rest/v1/delivery?client=americafirstcreditun&sessionId=5e6ca034ea2e44a394a1a7048847cf6f&version=2.4.0

52.31.125.76

200 OK

21 kB

URL HTTP/2
americafirstcreditun.tt.omtrdc.net/rest/v1/delivery?client=americafirstcreditun&sessionId=5e6ca034ea2e44a394a1a7048847cf6f&version=2.4.0
IP
52.31.125.76:0
ASN
#16509 AMAZON-02

File type
data
Size
21 kB (20575 bytes)
Hash
fd5f056bda9bad3b6482e3befb258206
efbe9c71e6ec769fed0d638c4be06b8f8c0cf1c1
7f9e9245f01d442141fc7b0b582947d70bd0220a9d61cc7dab4a6f55934875da

HTTP Headers

POST /rest/v1/delivery?client=americafirstcreditun&sessionId=5e6ca034ea2e44a394a1a7048847cf6f&version=2.4.0 HTTP/1.1
Host: americafirstcreditun.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 790
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:36:18 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
access-control-allow-origin: https://avrgpro.com
access-control-allow-credentials: true
x-request-id: 7f607c618ce8f6e6c0db06d19a05d84a
timing-allow-origin: *
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 09:45:20 GMT
expires: Sat, 28 Jan 2023 11:45:20 GMT
cache-control: public, max-age=7200
age: 3059
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

avrgpro.com/ruxitagentjs_D_10237220328075400.js

45.60.97.185

404 Not Found

29 B

URL HTTP/2
avrgpro.com/ruxitagentjs_D_10237220328075400.js
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
f250ac1b1f4e1e4ccfb2ec8dcbbaaa60
1de4a6c02ddaeb04435975e80cce081f4f65de12
9ffcf79d60f88a0c44ebd9e028ce69ab44eab081dae308c36ab3dc8ca0ad15d7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ruxitagentjs_D_10237220328075400.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==; dtCookie=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597; rxVisitor=1674902179681IK31HL11CIEOG6HNO5BKO7K6H5N0146L; dtPC=-63$302179666_448h1vKGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0e0; rxvt=1674903979694|1674902179685; dtLatC=490; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19386%7CvVersion%7C5.2.0; mbox=session#5e6ca034ea2e44a394a1a7048847cf6f#1674904040; at_check=true; _ga=GA1.2.14421890.1674902180; _gid=GA1.2.1319475320.1674902180
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Sat, 28 Jan 2023 10:36:18 GMT
server: Apache
cache-control: no-cache
x-ds-version: 1672809868
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 29
content-type: text/html; charset=UTF-8
x-cdn: Imperva
x-iinfo: 14-47265956-47265585 2NNN RT(1674902176210 2176) q(0 0 0 -1) r(7 7) U11
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
630c7f1741d02a01645fa5e9cd97b620
72e85cc57fb93a96fac54104413728255130b295
7e55fc10e02b7711652d653e9a8f226052db3edce2f8cefc4e63e5f691919280

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 28 Jan 2023 10:36:19 GMT
Last-Modified: Sat, 28 Jan 2023 08:49:25 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GBC8EU9bdfp5NZYT-d0ach7Az_YwpL1B7L5bTFZUoQojfgQXVsMeGQ==
Age: 6414

cm.everesttech.net/cm/dd?d_uuid=44694710706320539371153912715337217710

18.201.4.185

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=44694710706320539371153912715337217710
IP
18.201.4.185:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=44694710706320539371153912715337217710 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Sat, 28 Jan 2023 10:36:19 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y9T6owAAAMIZwwN-; Domain=.everesttech.net; Expires=Sun, 28-Jan-2024 10:36:19 GMT; Path=/
everest_session_v2=Y9T6owAAAMIZxAN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9T6owAAAMIZwwN-
Server: AMO-cookiemap/1.1

dpm.demdex.net/ibs:dpid=411&dpuuid=Y9T6owAAAMIZwwN-

34.248.130.67

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y9T6owAAAMIZwwN-
IP
34.248.130.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y9T6owAAAMIZwwN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avrgpro.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0e6039550.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9T6owAAAMIZwwN-
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=77728711397016409563220550065247145059; Max-Age=15552000; Expires=Thu, 27 Jul 2023 10:36:19 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 9UypzQmVSqM=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9T6owAAAMIZwwN-

34.248.130.67

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9T6owAAAMIZwwN-
IP
34.248.130.67:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9T6owAAAMIZwwN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avrgpro.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-000256d3c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: gtygqyfURdA=
Content-Length: 59
Connection: keep-alive

secure.americafirst.com/favicon.ico

216.51.43.116

200

1.2 kB

URL HTTP/1.1
secure.americafirst.com/favicon.ico
IP
216.51.43.116:0
ASN
#17150 AFCU

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
5f0fb15bba173e0aa54bd6434418f8fe
fc16c82f44707eb5045be0f68cfcfce4a4ac29d9
0534a1a2f971f20a153479d5e01ad4051a8af96221bb5f7c80ff06a759d1ea2e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Accept-Ranges: bytes
ETag: W/"1150-1665719314000"
Last-Modified: Fri, 14 Oct 2022 03:48:34 GMT
Content-Type: image/x-icon
Content-Length: 1150
Date: Sat, 28 Jan 2023 10:36:19 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000

avrgpro.com/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597&svrid=-63&flavor=post&vi=KGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=917324786&en=ztho6o9v&end=1

45.60.97.185

406 Not Acceptable

0 B

URL HTTP/2
avrgpro.com/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597&svrid=-63&flavor=post&vi=KGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=917324786&en=ztho6o9v&end=1
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597&svrid=-63&flavor=post&vi=KGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=917324786&en=ztho6o9v&end=1 HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 561
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==; dtCookie=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597; rxVisitor=1674902179681IK31HL11CIEOG6HNO5BKO7K6H5N0146L; dtPC=-63$302179666_448h1vKGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0e0; rxvt=1674903979694|1674902179685; dtLatC=490; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19386%7CMCMID%7C37859533728723943011913798165590703138%7CMCAID%7CNONE%7CMCOPTOUT-1674909380s%7CNONE%7CMCAAMLH-1675506980%7C6%7CMCAAMB-1675506980%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C5.2.0; mbox=session#5e6ca034ea2e44a394a1a7048847cf6f#1674904040|PC#5e6ca034ea2e44a394a1a7048847cf6f.37_0#1738146981; at_check=true; _ga=GA1.2.14421890.1674902180; _gid=GA1.2.1319475320.1674902180; AMCVS_A7873BC75245AD770A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 406 Not Acceptable
date: Sat, 28 Jan 2023 10:36:19 GMT
server: Apache
content-type: text/html; charset=iso-8859-1
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-47265956-47266026 PNYN RT(1674902176210 3274) q(0 0 0 -1) r(1 1) U6
X-Firefox-Spdy: h2

45.60.97.185

406 Not Acceptable

0 B

URL HTTP/2
avrgpro.com/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597&svrid=-63&flavor=post&vi=KGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=3911044738&en=ztho6o9v&end=1
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597&svrid=-63&flavor=post&vi=KGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=3911044738&en=ztho6o9v&end=1 HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1175
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==; dtCookie=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597; rxVisitor=1674902179681IK31HL11CIEOG6HNO5BKO7K6H5N0146L; dtPC=-63$302179666_448h-vKGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0e0; rxvt=1674903981876|1674902179685; dtLatC=490; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19386%7CMCMID%7C37859533728723943011913798165590703138%7CMCAID%7CNONE%7CMCOPTOUT-1674909380s%7CNONE%7CMCAAMLH-1675506980%7C6%7CMCAAMB-1675506980%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19393%7CvVersion%7C5.2.0; mbox=session#5e6ca034ea2e44a394a1a7048847cf6f#1674904040|PC#5e6ca034ea2e44a394a1a7048847cf6f.37_0#1738146981; at_check=true; _ga=GA1.2.14421890.1674902180; _gid=GA1.2.1319475320.1674902180; AMCVS_A7873BC75245AD770A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 406 Not Acceptable
date: Sat, 28 Jan 2023 10:36:21 GMT
server: Apache
content-type: text/html; charset=iso-8859-1
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-47265956-47266026 PNYN RT(1674902176210 4857) q(0 0 0 -1) r(1 1) U6
X-Firefox-Spdy: h2

45.60.97.185

406 Not Acceptable

0 B

URL HTTP/2
avrgpro.com/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597&svrid=-63&flavor=post&vi=KGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=2619545676&en=ztho6o9v&end=1
IP
45.60.97.185:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597&svrid=-63&flavor=post&vi=KGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=2619545676&en=ztho6o9v&end=1 HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3686
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=rBma6vogTHSbmMGJVZFuZ5/61GMAAAAAQUIPAAAAAADr3gfwTTIdN7UyiVrsHajE; incap_ses_1369_2798871=sD4vfV0/Ag3ydtg1xqr/EqD61GMAAAAAOwIyD28epx/MfZ1vGJVGFQ==; dtCookie=v_4_srv_-2D63_sn_G146P4HRIJI70HNJMADJGR6O6ANAG597; rxVisitor=1674902179681IK31HL11CIEOG6HNO5BKO7K6H5N0146L; dtPC=-63$302179666_448h-vKGUUMJPRDQGAMPJAFBCCOCNJHSGCRHRA-0e0; rxvt=1674903981876|1674902179685; dtLatC=490; dtSa=-; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19386%7CMCMID%7C37859533728723943011913798165590703138%7CMCAID%7CNONE%7CMCOPTOUT-1674909380s%7CNONE%7CMCAAMLH-1675506980%7C6%7CMCAAMB-1675506980%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19393%7CvVersion%7C5.2.0; mbox=session#5e6ca034ea2e44a394a1a7048847cf6f#1674904040|PC#5e6ca034ea2e44a394a1a7048847cf6f.37_0#1738146981; at_check=true; _ga=GA1.2.14421890.1674902180; _gid=GA1.2.1319475320.1674902180; AMCVS_A7873BC75245AD770A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 406 Not Acceptable
date: Sat, 28 Jan 2023 10:36:22 GMT
server: Apache
content-type: text/html; charset=iso-8859-1
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-47265956-47266026 PNYN RT(1674902176210 6584) q(0 0 0 -1) r(1 1) U6
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML