Overview

URLaquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg
IP 208.91.199.118 (United States)
ASN#394695 PUBLIC-DOMAIN-REGISTRY
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-02 06:55:43 UTC
StatusLoading report..
IDS alerts0
Blocklist alert33
urlquery alerts
90
Phishing - Key Bank
Phishing - Key Bank
Tags None

Domain Summary (10)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-01 17:14:08 UTC 34.102.187.140
aquaflow.ae (34) 0 2020-11-11 05:06:05 UTC 2022-11-30 20:23:17 UTC 208.91.199.118 Unknown ranking
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-01 17:12:49 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.187.102.159
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ibx.key.com (2) 130616 2018-06-14 11:27:10 UTC 2019-11-06 21:24:29 UTC 23.52.18.181
www.aquaflow.ae (10) 0 No data No data 208.91.199.118 Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_Ac (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.j (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/integrations Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.j (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.do (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705 (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/bundle.js(1).download Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/otac-72-hours.svg Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/key-logo.svg Phishing
2022-12-02 2 aquaflow.ae/ibxolb/olb/share/assets/images/kds.svg Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/images/kds.svg Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f- (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.4 (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409- (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfon (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843- (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342- (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/share/assets/images/kds.svg Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfo (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-web (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-we (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9 (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.2 (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont (...) Phishing
2022-12-02 2 aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfon (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfo (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-web (...) Phishing
2022-12-02 2 www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-we (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 208.91.199.118
Date UQ / IDS / BL URL IP
2023-01-26 09:25:26 +0000 21 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=2olk66kha (...) 208.91.199.118
2023-01-26 08:37:38 +0000 0 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=l0cemi6bg (...) 208.91.199.118
2023-01-26 03:24:48 +0000 0 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=l0cemi6bg (...) 208.91.199.118
2023-01-26 02:32:58 +0000 0 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=jj69nkdil (...) 208.91.199.118
2023-01-26 00:27:04 +0000 21 - 0 - 24 aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=iimc (...) 208.91.199.118


Last 5 reports on ASN: PUBLIC-DOMAIN-REGISTRY
Date UQ / IDS / BL URL IP
2023-01-27 00:40:21 +0000 0 - 0 - 2 vidyasagarhighschooldhanora.in/kfxokyj/hollow (...) 216.10.243.211
2023-01-27 00:34:38 +0000 0 - 1 - 9 pepzop.com/ramirez/login.php 204.11.58.87
2023-01-27 00:10:10 +0000 4 - 0 - 33 alter-ed.com.ng/wells_fargo/login.php?id=sign (...) 199.79.63.115
2023-01-26 23:47:47 +0000 0 - 0 - 5 www.aryahotelmahabaleshwar.com/ 208.91.199.49
2023-01-26 23:42:39 +0000 0 - 2 - 7 sugandhvatika.com/rulesupdate/QBOT_AZD.ZIP 199.79.62.185


Last 5 reports on domain: aquaflow.ae
Date UQ / IDS / BL URL IP
2023-01-26 09:25:26 +0000 21 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=2olk66kha (...) 208.91.199.118
2023-01-26 08:37:38 +0000 0 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=l0cemi6bg (...) 208.91.199.118
2023-01-26 03:24:48 +0000 0 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=l0cemi6bg (...) 208.91.199.118
2023-01-26 02:32:58 +0000 0 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=jj69nkdil (...) 208.91.199.118
2023-01-26 00:27:04 +0000 21 - 0 - 24 aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=iimc (...) 208.91.199.118


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-26 09:25:26 +0000 21 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=2olk66kha (...) 208.91.199.118
2023-01-26 00:27:04 +0000 21 - 0 - 24 aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=iimc (...) 208.91.199.118
2023-01-25 09:24:26 +0000 22 - 0 - 23 www.aquaflow.ae/ibxkey/Login.php?id=f9c1a04ld (...) 208.91.199.118
2023-01-25 08:38:22 +0000 21 - 0 - 23 aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=k672 (...) 208.91.199.118
2023-01-25 03:24:32 +0000 21 - 0 - 23 aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=k672 (...) 208.91.199.118

JavaScript

Executed Scripts (13)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (67)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5639
Expires: Fri, 02 Dec 2022 08:29:30 GMT
Date: Fri, 02 Dec 2022 06:55:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3816
Cache-Control: max-age=103157
Date: Fri, 02 Dec 2022 06:55:31 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:34:48 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 06:19:52 GMT
cache-control: public,max-age=3600
age: 2139
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3379
Expires: Fri, 02 Dec 2022 07:51:50 GMT
Date: Fri, 02 Dec 2022 06:55:31 GMT
Connection: keep-alive

                                        
                                            GET /usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7929
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3638)
Size:   7929
Md5:    9fcf4be983b2732e2cde8395624f7532
Sha1:   7b08bd76ac554c3be288b9809cb18a49b98895f2
Sha256: c96e54e4699cbcf41fdf66b28908b0baf82d78af56548643ed5259eaa4bf8e75

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 78kDWkZyIY2+saGUdDEX/TyIFWHqO6qDvEwzBXNoPTkiS0ZgPPAalXgroN8jKlrqegdFozr+uoU=
x-amz-request-id: 6AXAEFJE1WERQE9R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 06:46:36 GMT
age: 535
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 02 Dec 2022 06:55:31 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement_Module_ActivityMap.min.js.download HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 02 Dec 2022 06:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 09 Jun 2022 08:40:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1649
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  ASCII text, with very long lines (3157)
Size:   1649
Md5:    db599b3645a80d4aec3003b3148ad2fd
Sha1:   faa463122bdbac7943833a36af985678672af988
Sha256: 82383b027e8bd3a9813b4ece004e9d90bade0c78e5d129843252d9ebead0ba4d

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/1.a4107d5847ce71ae19c1.js.download HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 02 Dec 2022 06:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 09 Jun 2022 08:40:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   29354
Md5:    630276155cb6ef1c5ba43b3d0827908e
Sha1:   49c3eb24ee02bf36166cf3030591cb6f666278b2
Sha256: 25546f2453574cf32df8e4d21fb32205016400d7313a5797904f911116e1e838

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/integrations HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
                                        
Date: Fri, 02 Dec 2022 06:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 09 Jun 2022 08:40:58 GMT
Accept-Ranges: bytes
Content-Length: 3429
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  ASCII text
Size:   3429
Md5:    eb6630d15c587d61118bd375f0259135
Sha1:   a1aeafd1e362f95bd7708adf2d93d6ecb990b318
Sha256: e4fe60aa7f1bcd674a7a83d1ec47f6ef9c309876bec0b84e16930c710ce3b7d8

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 06:11:15 GMT
cache-control: public,max-age=3600
age: 2657
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/7.a62d97ca86043da836ba.js.download HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 02 Dec 2022 06:55:31 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:40:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   73920
Md5:    3d243dee2a78ce0305ba403c77f10405
Sha1:   b47178c46ab516fc0925db4e7fdcf1c4e4c8f9ea
Sha256: 1b2d06b4efb1752f2aede8c1bd1fb306dcc72a0fef4389c935b572ca6e450183

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/AppMeasurement.min.js.download HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 02 Dec 2022 06:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 09 Jun 2022 08:40:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14946
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  ASCII text, with very long lines (32768)
Size:   14946
Md5:    e619db654218c8726f6928d2c4f40a74
Sha1:   8d2b0dfba638d33cf34063f1795d935340cc6db0
Sha256: e9815f331d5c46acc657eae4704b9f0f4539f7f0119d0b89eff54de0b4c5157e

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles-key.css HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Wed, 22 Jun 2022 23:22:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2632
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2632
Md5:    275431eafb66243977f3345542aaf5d3
Sha1:   16524d3f92eaf21bcaa07957f4ecaeca2a94f9cf
Sha256: d7d9f32a643446b1c3f0ef9ae3994b356cbd6aac0a474f26c6015d42881f398e

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/RCcaa4e69ad2d64fb28ce705b92f818cb2-source.min.js.download HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:40:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 422
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (590)
Size:   422
Md5:    7c3fa2fa268c8c345553480a2b701942
Sha1:   743869c756235537e36ededfd42dbedfe240198c
Sha256: 53825cdf8623ca17317efa7df6cc93a3e1fdbe227506ae60af254616c84005c5

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3809
Cache-Control: max-age=98086
Date: Fri, 02 Dec 2022 06:55:32 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:10:18 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/ibx-globals-key.css HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:40:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 148
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   148
Md5:    ef7118d6c9b03f948b3ef254a6bff500
Sha1:   1b395cb53a85f7599d27e878d22bcb71beda37b2
Sha256: 25155b54264bc8a778d8bb23a20a02635aa78f607ff998b0edc620a1e19e83bc

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles.css HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:40:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3419
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   3419
Md5:    9c8e7e0aba9ae057201532a0b39e61e9
Sha1:   0a9bf9414782720c48c54779fb6bcfabd1db738b
Sha256: 881744f59dd18df76a3cd755abf02bc0cdf2d36fcce80048f7f96ce2db84388f

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles(1).css HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8162
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (28423), with no line terminators
Size:   8162
Md5:    9a590c071420824ee5e4fa5255da1da2
Sha1:   deefcb174f5591769fcbd5fec7b4622baca9ffd2
Sha256: f88708fce431cd0b08dcbd3a9ebbb4fb312392338b147dd675b6fb24aa2f6342

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles.a4962029f638dde4888c.css HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (65057)
Size:   41929
Md5:    7f98ac806a27da021f46da494c15a8ed
Sha1:   7db588b596333e0eb59c44ae4e8789599ac3ee4c
Sha256: c92f4a6124fe15fbd119ff99817f0df1e275c7908e3df3df86c2c5d26d0d7458

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/styles-key(1).css HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1828
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (5309), with no line terminators
Size:   1828
Md5:    a410162c839b65012987ee5f5fdf2a4f
Sha1:   d0c8f55b8939e96efc1bc6b29d4d345b9a744cbd
Sha256: 1f1885ef5d2e997cc6a8d5c0fba52aecfb89e0a11a79c485f1b364a370ddf1f9

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:40:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   70476
Md5:    df37295d0ffbc550c196312870b9ae58
Sha1:   e8e01635fb552bdcc5b1cf63d3246df1fa63b977
Sha256: 64f91e85bec553c081acce0fb62813848546ed3c23b3d0c0e342fa2737ce3323

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rr51kjXFbTdSSNkhgNZbOw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.187.102.159
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mso63wUmn4gcS6V8btZHPOnys4E=

                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/bundle.js(1).download HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
                                        
Date: Fri, 02 Dec 2022 06:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 09 Jun 2022 08:40:58 GMT
Accept-Ranges: bytes
Content-Length: 605641
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   605641
Md5:    15c2f48f4b8ef4187c6eaf3b5ace99a9
Sha1:   3ef3ef518ffa5e9142f730ef2052e3e2b7e64146
Sha256: d4c307ca631714afc826c9d36b169ad69b03f5e572ef074f63b404cc9f023f17

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/kloader.gif HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:04 GMT
Accept-Ranges: bytes
Content-Length: 19110
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 400 x 400\012- data
Size:   19110
Md5:    a90e737d05ebfa82bf96168def807c36
Sha1:   ddc76a0c64ebefe5b9a12546c59a37c03d5d1f5b
Sha256: 24ed9db3eb0d97ecf1f0832cbd30bd37744e0d2b520ccdad5af60f7a08a45b90

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/otac-72-hours.svg HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:00 GMT
Accept-Ranges: bytes
Content-Length: 4281
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (307)
Size:   4281
Md5:    59332708e91127186fad4d5b9f9fdfce
Sha1:   64a60efad9d12f1018efdeb645a598779430c5b9
Sha256: 19154c371170b37e378225e8379871b7efecc3009f3ab3925c31f949964e80f5

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/key_white_logo.png HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:00 GMT
Accept-Ranges: bytes
Content-Length: 11797
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 172 x 32, 8-bit/color RGBA, interlaced\012- data
Size:   11797
Md5:    d62d5b0d8627210d502248fd5ba0795b
Sha1:   b54d1d796f26e980cdb17293ff75647f8072c6b7
Sha256: 07eeecd82d157b4f6d4147ede1b838e77e5e772e74307a3f53cf9c4afdffa15e

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/key_black_logo.png HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:00 GMT
Accept-Ranges: bytes
Content-Length: 3375
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 276 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   3375
Md5:    ac718e18ce2383f5581edc92b37b5964
Sha1:   064252d1d84c5fb2bc45b2e510e9f4235c65baeb
Sha256: de35a69575718cdee8f4583e969583506939c38f94c0dad37dfe66abe574dbc0

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/key-logo.svg HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Fri, 02 Dec 2022 06:55:32 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:00 GMT
Accept-Ranges: bytes
Content-Length: 6072
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5966)
Size:   6072
Md5:    b4284724f45b84236572906bb9309724
Sha1:   a919c3dec8149ae38b71d233f4b7d9391ac91691
Sha256: 4712701bf2f3b3b93bdfc9aa8c2c3e8dbdf6f3c4cbce9fc9a766c7cb5b281e5b

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ibxolb/olb/share/assets/images/kds.svg HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/ibxolb/olb/share/assets/images/kds.svg
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/images/kds.svg HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/images/kds.svg
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f-d6cd9b01cd06.woff HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f-d6cd9b01cd06.woff
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.45b47f3e9c7d74b80f5c.woff HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.a4962029f638dde4888c.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.45b47f3e9c7d74b80f5c.woff
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont.79515ad0788973c53340.woff HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.a4962029f638dde4888c.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont.79515ad0788973c53340.woff
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409-534355fbea79.woff HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409-534355fbea79.woff
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/ll_storage_html5.html HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg
Upgrade-Insecure-Requests: 1

search
                                         208.91.199.118
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2022 08:41:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16885
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (43766)
Size:   16885
Md5:    d766058257a34b032bf8e3acc74c79b1
Sha1:   7293775513749f4e51b3ba94690d42c1029dd3b6
Sha256: 69717924a0d2d40a640e72a557740f4c96e9582eb2d1c1fcf455e247986594c6

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfont.697574b47bcfdd2c45e3.woff HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.a4962029f638dde4888c.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfont.697574b47bcfdd2c45e3.woff
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843-1afac814d259.woff HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843-1afac814d259.woff
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342-c5f4f5c3a75d.woff HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/kds-base-key.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342-c5f4f5c3a75d.woff
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/share/assets/images/kds.svg HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/Login.php?id=ignh3ce95icm?access_token=k8ilgdj4fgg

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/share/assets/images/kds.svg
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7881
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 06:55:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7881
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 06:55:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7881
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 06:55:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7881
Expires: Fri, 02 Dec 2022 09:06:54 GMT
Date: Fri, 02 Dec 2022 06:55:33 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 02EF3QEVKmEB2ikbGk9gzQq7_VMi00ufHUNRFTL8MpwJKaXQwdT8HA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 03:42:27 GMT
age: 11586
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4834
Md5:    cd8ad22c2eb1eb91c76970fa449f1bc4
Sha1:   0de97f3a4964038222bd751e043e413113e6db9d
Sha256: 668f805815aede3bc04f8564bd6aefd56029362bb0aa8a794673eb78ab2d4643
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:43:11 GMT
age: 83542
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8863
Md5:    156e9ea97b774cbd8361072e4041b6c8
Sha1:   fc71ae3cae92ed6011904bb2367f23bf4e69fab4
Sha256: 58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FhCtGsjgnq83-zRNBH-y9BHUh2IRaN0ahO-BCUw7bTWU8jAanBqdlA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:35 GMT
age: 32518
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7732
Md5:    379a4a1b95d3aa3c5a4f8e7f9abb030f
Sha1:   d45dceb3dc58a07197aa5077582b5b1cd2ff791a
Sha256: 1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 32737
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2942
Md5:    b47431190f34eccf0a6efb98e2a32b7d
Sha1:   9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
Sha256: 08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:20:09 GMT
age: 84924
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6174
Md5:    b986f9fcbeca91ed5c8d58fbfaf47d19
Sha1:   6e6c8bd2bce144cc4da1cd7be375b046b60dca79
Sha256: 07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 32802
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4840
Md5:    60ccdde4ce64b4a3fe6fc2a059b3bde1
Sha1:   5ce119089f4a4cd139b523889b6cd84cd79191f4
Sha256: 2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.45b47f3e9c7d74b80f5c.woff HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9067
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9067
Md5:    4dfefe8555686a27133e8a0f9730fe43
Sha1:   38fd9dfc70c719ae5a9b3ec40c447c8fb55a2d7b
Sha256: 7bf834ca7e3405471c14772aab57fa8129d6cc0e402ac945b6aa7f29e9825c44

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont.79515ad0788973c53340.woff HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9069
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9069
Md5:    638537081e91212bab66564b027f051c
Sha1:   c502e8a51305683852400109b92b6de9d30c50d7
Sha256: 016de9bbb13c24bf380b9324afd44cb3015dd0ee20e4e001baad30bafa6a682b

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/08edde9d-c27b-4731-a27f-d6cd9b01cd06.woff HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9063
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9063
Md5:    ff855fcf581d94616766ac521584512d
Sha1:   9fdeb5db45ceb2de80c2c9101320d996b34ad941
Sha256: 0d547c6180c42f2f89f6dfd0de9bd1864507e9d6606696e5db1f37e78681bf8e

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/7802e576-2ffa-4f22-a409-534355fbea79.woff HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9064
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9064
Md5:    7f848d41a064fd666f99ffd71f21449c
Sha1:   515f4faba1d46d36eb799f5f9da7da853504e589
Sha256: d4d44f97f3483362440fde05484af42e7751ffd4a69e8f87e43b545749f08ff9

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/0552ce48-950c-471f-b843-1afac814d259.woff HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9064
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9064
Md5:    90002c628a6155c0929e2ff8feb2e527
Sha1:   211e1cf1b1aafd1cdf560808c8f967ca3809b7db
Sha256: 7b51095c56ef3755f9cdb3a9eea079c7f39612fc4eb1bf9ff1591a3a908e2cba

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfont.697574b47bcfdd2c45e3.woff HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9069
Keep-Alive: timeout=5, max=75


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9069
Md5:    d59b6f05d38b6ca0665cb28285e7b583
Sha1:   5e47cde0999301211b8cc77a20518ae315b5307a
Sha256: dba269ead0d2b80544846c1f0ca1ad442a80b32ecbe205072dbfd6de5d0c7933

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/e9722702-4fb8-436a-9342-c5f4f5c3a75d.woff HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9064
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9064
Md5:    62ec036bfc3e7065f583c423518bf958
Sha1:   dbdf832af5cf39a1bbe4ba16b6c0a9b638cc6319
Sha256: 8941a6fe47fdf39fbd3293d4da15d0b1fa3bbbe81cc4801c2bb4909acefa06f6

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.2e98fc3ce85f31f63010.ttf HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.a4962029f638dde4888c.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.2e98fc3ce85f31f63010.ttf
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont.488d5cc145299ba07b75.ttf HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.a4962029f638dde4888c.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont.488d5cc145299ba07b75.ttf
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfont.b32acea6fd3c228b5059.ttf HTTP/1.1 
Host: aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/styles.a4962029f638dde4888c.css

search
                                         208.91.199.118
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:34 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.aquaflow.ae/usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfont.b32acea6fd3c228b5059.ttf
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Light-webfont.2e98fc3ce85f31f63010.ttf HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:34 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9066
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9066
Md5:    1f4760eff265f75897a90c69a3534f93
Sha1:   71939624c9a5e984fdba8dac5c162d6b3dfda1ad
Sha256: c7d7061d92801864b2ddb0612611fbe415ed3a7c030f068085546b70a9d4ef0b

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Regular-webfont.488d5cc145299ba07b75.ttf HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:34 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9067
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9067
Md5:    6477118ff99105bc0f6b9c4907570cfc
Sha1:   720d9d4d13758d9bebd025ac3f5cb04f42d5b133
Sha256: 7d55595078e2acc8ed734e74b358977832b77181340117f6e443c3a03c359261

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /usrsyhgd/ibxkey/KeyBank%20Online_files/OpenSans-Semibold-webfont.b32acea6fd3c228b5059.ttf HTTP/1.1 
Host: www.aquaflow.ae
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://aquaflow.ae
Referer: http://aquaflow.ae/
Connection: keep-alive

search
                                         208.91.199.118
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 02 Dec 2022 06:55:34 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaflow.ae/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9067
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1820)
Size:   9067
Md5:    d38f73069d20ec676a322f60b60db76d
Sha1:   8a9d3054f51e17e6a806a39905cd43d59151a3de
Sha256: 9607c93a0b198f7c45a8a1d3bd2b4d13d8e325004fdeb717c717a8aa2883362c

Alerts:
  urlquery:
    - Phishing - Key Bank
    - Phishing - Key Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3322
Cache-Control: max-age=92243
Date: Fri, 02 Dec 2022 06:55:34 GMT
Etag: "638859bf-1d7"
Expires: Sat, 03 Dec 2022 08:32:57 GMT
Last-Modified: Thu, 01 Dec 2022 07:37:35 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3322
Cache-Control: max-age=92243
Date: Fri, 02 Dec 2022 06:55:34 GMT
Etag: "638859bf-1d7"
Expires: Sat, 03 Dec 2022 08:32:57 GMT
Last-Modified: Thu, 01 Dec 2022 07:37:35 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /ibxolb/login/images/apple-touch-icon.png HTTP/1.1 
Host: ibx.key.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aquaflow.ae/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.52.18.181
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
etag: "63640efd-1322"
last-modified: Thu, 03 Nov 2022 18:57:01 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-xss-protection: 1; mode=block
x-envoy-upstream-service-time: 1
content-security-policy: frame-ancestors *.key.com *.keybank.com
strict-transport-security: max-age=16070400; includeSubDomains
server-timing: dtSInfo;desc="0", dtRpid;desc="-207117230"
content-length: 4898
cache-control: max-age=300
expires: Fri, 02 Dec 2022 07:00:34 GMT
date: Fri, 02 Dec 2022 06:55:34 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size:   4898
Md5:    fee1734f5f10bbd1c030e8cd2e1a8896
Sha1:   18d49e15c6adbf73acf60dc258d3630fb7f5090b
Sha256: f84def209aa5859896a65dc88fabeb52f93d837b5271d8ffe0d557c92b706a07
                                        
                                            GET /ibxolb/login/images/favicon-16x16.png HTTP/1.1 
Host: ibx.key.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aquaflow.ae/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.52.18.181
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
etag: "63640efd-295"
last-modified: Thu, 03 Nov 2022 18:57:01 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-xss-protection: 1; mode=block
x-envoy-upstream-service-time: 2
content-security-policy: frame-ancestors *.key.com *.keybank.com
strict-transport-security: max-age=16070400; includeSubDomains
server-timing: dtSInfo;desc="0", dtRpid;desc="-1913987745"
content-length: 661
cache-control: max-age=300
expires: Fri, 02 Dec 2022 07:00:34 GMT
date: Fri, 02 Dec 2022 06:55:34 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size:   661
Md5:    ea4b275c774e8170ed54751d39a6adbf
Sha1:   c4fda6c23491accd170362ab21108d8ae31a647f
Sha256: 735143f90a8c225ffe4c0a853b25f2068510d81f8f6a82db79db00233ccc4b58