Report - day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

Report Overview

Submitted URL
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8
ASN
#16509 AMAZON-02
Submitted
2024-03-28 17:49:43
Access
public
Website Title
Pay Customs Charge | Customs Online | An Post
Final URL
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
82

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-03-28	442 B	5.5 kB	104.17.24.14
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-03-28	1.1 kB	17 kB	142.250.74.99
day9.foodstamps.cc	unknown	2024-03-18	2024-03-18	2024-03-24	27 kB	2.9 MB	35.180.91.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post
2024-03-27	medium	day9.foodstamps.cc/	An Post

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	unknown	38 B	2023-04-10	2024-04-28
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 16:02:06 Last Seen2024-04-28 00:36:09 Times Seen14005 Hash 43e28c5553d54ed2964bd5147521769b 0a2b8c3db330a47aa7b9195e6dfdf944adb9240d d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23 Loading...

	unknown	47 B	2023-04-11	2024-04-27
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-11 00:43:32 Last Seen2024-04-27 18:42:08 Times Seen872 Hash 8e97e26f6649ae53ee5c226d080c1b6f a6629873663a59457f804cf75d6cad5074f125b2 9cd1315fc74685fddc7bb9e52cc5b6d7461b4f5f804d26a832983995ffe5f8d8 Loading...

	day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177	555 B	2023-08-26	2024-03-28
Pretty URL day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 IP 35.180.91.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-26 04:54:06 Last Seen2024-03-28 18:49:45 Times Seen180 Hash ac5a20f685344bb808a1f662cfb0d9fb 93a5584ffeb2cc9d93e107ef7692ea8525d2ead8 fa4c678bf9cb803a3669513744d60a3df3346d8a79231b116c0b9ee6686518e7 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-04-27
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-27 19:30:05 Times Seen3639 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

	day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.min.js	90 kB	2023-03-07	2024-04-28
Pretty URL day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.min.js IP 35.180.91.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-28 01:38:25 Times Seen262581 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.mask.js	18 kB	2023-03-07	2024-04-25
Pretty URL day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.mask.js IP 35.180.91.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:19 Last Seen2024-04-25 02:03:14 Times Seen3598 Hash 219d169a80568884a3d6baab3e5e7def 61d00104de8c972c820cd9b527d8e2edb30e5c4a cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a Loading...

	day9.foodstamps.cc/e/authID=kWcqu/sources/custom.js	1.1 kB	2023-03-13	2024-04-05
Pretty URL day9.foodstamps.cc/e/authID=kWcqu/sources/custom.js IP 35.180.91.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:58:25 Last Seen2024-04-05 10:02:34 Times Seen297 Hash 8bd6daab670e230db2f8a67aafa8911d 249849e3e9e0624251c295c8c8a226b9ee01264a 77db5b6b2d5d9fa17a6f16926a1925ba4977f7225f92de34cbff572a4fa7b7e2 Loading...

HTTP Transactions (44)

URL IP Response Size

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

34 kB

URL User Request GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
34 kB (33565 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/html; charset=UTF-8
content-length: 33565
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.24.14

200 OK

4.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
4.5 kB (4517 bytes)
Hash
053305c2b293c27c02523cda42962c09
556b0af7346b9e21a8eea1be8b195b563169ecd5
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 772473
expires: Tue, 18 Mar 2025 17:49:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zQpLfhrgh%2FcB3V6sc9gfw15flb3d9PhzQlgQmzN%2FA2PeQz5Rny2HyOZgO9ytwl%2BvQ1XYfj1E0ydUJsS5LJZd5VCrq6Qe4tHVQe5dYlkwGh4Ou66TvIy5QiwC8kr58fzXrmPeYwTZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86b974babf227131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/magnify.svg

35.180.91.8

200 OK

598 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/magnify.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
598 B (598 bytes)
Hash
9fa4fa4e560cbd106850b0fc2975c7aa
19e390763ac6bae56f5408f65862076fa2dd786d
2b214077e4e1052e2f0eddc6fb87f777301622f05d761cce65db3fd9db3fc9f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/magnify.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 598
x-accel-version: 0.01
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: "256-614190328b000"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/anPostLogo.svg

35.180.91.8

200 OK

66 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/anPostLogo.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
66 kB (65618 bytes)
Hash
727eb67120c0a7c3f1f768463285787f
c7d61bdbe221acb5e5d53bb8b13d41145b43493f
56070667e7c231cf6d86005febb13929fe5873d327926478c332e5ccfbc9073c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/anPostLogo.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 65618
last-modified: Wed, 20 Mar 2024 15:11:56 GMT
etag: "65fafcbc-10052"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/twitter.svg

35.180.91.8

200 OK

1.1 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/twitter.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1105 bytes)
Hash
c6a21e761a65baf031199345ba6f01a3
3ac2176bd6483b23f6ecb17ea0defeb2e1edf4b9
2bc51053b4493eee708f4ec186f15212ce058a29581c4079f354f17a2239c3bc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/twitter.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 1105
last-modified: Wed, 20 Mar 2024 15:12:02 GMT
etag: "65fafcc2-451"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/icon-warning-colored.svg

35.180.91.8

200 OK

2.4 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/icon-warning-colored.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2434 bytes)
Hash
16f0e384d857961899fcb56e8feb6fae
84faa94dacf3c5319900bb04539f853c13f363f0
f1bca0a94f37dddb19b7aef670a2a81f762bae661ffe650600d9ff69e9c3e268

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/icon-warning-colored.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 2434
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: "65fafcc0-982"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/search-doc.svg

35.180.91.8

200 OK

2.9 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/search-doc.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2852 bytes)
Hash
1538063e11078060ab04f07058460db0
681113f365e190e7c2eb1c256edd6b5496cc3594
9049e5b9d42ac457c5261067472a5176464c9308b8043232738eb3a856060e91

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/search-doc.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 2852
last-modified: Wed, 20 Mar 2024 15:12:02 GMT
etag: "65fafcc2-b24"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/arrow-left-white.svg

35.180.91.8

200 OK

569 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/arrow-left-white.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
569 B (569 bytes)
Hash
9f05e0532caeea9e8ae299c9f67b6a17
193253f7b885e4edf6fe90ad9a1c3b4127d51ffa
93aff74ba57535ceeae7f3ebc57fcfbac1ff63b7ff194608be00befb1422ec08

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/arrow-left-white.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 569
x-accel-version: 0.01
last-modified: Wed, 20 Mar 2024 15:11:56 GMT
etag: "239-6141902eba700"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/icon-message.svg

35.180.91.8

200 OK

4.4 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/icon-message.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
4.4 kB (4412 bytes)
Hash
bedd5972d22c5b85fdc832c38388b485
63537baf530e01394c646e02acb4018a8e3ac2c4
ae0b6f3c2a5ca59f54578f851cec41b51ed0e6b71b4a65d500e55158d98a6f67

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/icon-message.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 4412
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: "65fafcc0-113c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/instagram.svg

35.180.91.8

200 OK

1.5 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/instagram.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1504 bytes)
Hash
f87461f18f88abe2512ab8785e35bb8b
03f52e2383b24298e222bb9806daee9ee09921ef
9fd317d9a4a1a22498074ea1380f3faa4828aa188409a15d9f6a46c06e730c12

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/instagram.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 1504
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: "65fafcc0-5e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/rocket.svg

35.180.91.8

200 OK

3.6 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/rocket.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3595 bytes)
Hash
f7cc9a9857e72f2eb9918b24e277c943
310405e3f2b01b64566f901d4c856befaff5cede
48f515734cf29070ba75c13a25c6c66fc20baa957222f6f10c84ffb7fbeb1c0a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/rocket.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 3595
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: "65fafcc0-e0b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/youtube.svg

35.180.91.8

200 OK

902 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/youtube.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
902 B (902 bytes)
Hash
7597d1de821da195f66fe44375d049cb
7ccfd8c12a0f48f9d8d28dba9616a8b80790094a
c8a38e021f03e9990fe4f6c0ca53608952c3865081b8bf06791af86e16ff59de

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/youtube.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 902
x-accel-version: 0.01
last-modified: Wed, 20 Mar 2024 15:12:02 GMT
etag: "386-6141903473480"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/facebook.svg

35.180.91.8

200 OK

811 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/facebook.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
811 B (811 bytes)
Hash
664e53cd2657fb23a35b14f4d853784f
e4fb7221ae14ecff7180e27ca766f94b195ff1cf
c3dff0597ea74bd572025d33f74865f47eeb15ff91c9e6026f690951f8d4ede4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/facebook.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 811
x-accel-version: 0.01
last-modified: Wed, 20 Mar 2024 15:11:58 GMT
etag: "32b-61419030a2b80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/linkedin.svg

35.180.91.8

200 OK

849 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/linkedin.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
849 B (849 bytes)
Hash
8c1af1fa3b9d876161a9102cc028be83
fdabdea12d33278b8449fe7ec0678de9228a4bf6
ee6dc7a1b78cc1b3a354c91855e82469da2176b2872196d8ad453e5fc23f7489

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/linkedin.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 849
x-accel-version: 0.01
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: "351-614190328b000"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/announcement.svg

35.180.91.8

200 OK

3.2 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/announcement.svg
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
SVG Scalable Vector Graphics image
Size
3.2 kB (3234 bytes)
Hash
88dec57d1bc644184df489e0489ff453
92af1afb6bff3cd3cdfed219a90f25e6937f5cf7
94d771c28da447ab7ffd70e96c2c102c593f38a31ec1235f5a0756648f5d7753

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/announcement.svg HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: image/svg+xml
content-length: 3234
last-modified: Wed, 20 Mar 2024 15:11:56 GMT
etag: "65fafcbc-ca2"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/f15.min.css

35.180.91.8

200 OK

1.4 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/f15.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
ASCII text, with very long lines (1945), with no line terminators
Size
1.4 kB (1368 bytes)
Hash
b9fa72a10180253d626c597f1343b993
80f223b10a0f5b37fcfbf88a0e7bbb459268cec7
b07456bec3bfd9facfdcf172509ac2d1ea1934c4ae0c422d7a8ff1bf3c284832

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/f15.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:11:58 GMT
etag: W/"65fafcbe-799"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/m13.min.css

35.180.91.8

200 OK

8.7 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/m13.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
ASCII text, with very long lines (4177), with no line terminators
Size
8.7 kB (8721 bytes)
Hash
53a008101efbd175eba085b229060a85
5daac847abad7d25130afd06ed1a64bbee18c54f
f789e1b48cfef5a32d5c55472d1e9df8ca1aa6c0325e793c1cbd5a86df964b91

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/m13.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: W/"65fafcc0-1051"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.99

200 OK

7.8 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://day9.foodstamps.cc
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:35:57 GMT
expires: Fri, 28 Mar 2025 17:35:57 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
age: 801
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Bold.woff

35.180.91.8

404 Not Found

808 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Bold.woff
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text
Size
808 B (808 bytes)
Hash
a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/webfonts/AnPostSans-Bold.woff HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/newassets/core.min.css
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html
content-length: 808
last-modified: Mon, 18 Mar 2024 08:24:08 GMT
etag: "328-613eb14dde8f0"
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Regular.woff2

35.180.91.8

404 Not Found

808 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Regular.woff2
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text
Size
808 B (808 bytes)
Hash
a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/webfonts/AnPostSans-Regular.woff2 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/newassets/core.min.css
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html
content-length: 808
last-modified: Mon, 18 Mar 2024 08:24:08 GMT
etag: "328-613eb14dde8f0"
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

34 kB

URL User Request GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
34 kB (33565 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
content-length: 33565
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Regular.woff

35.180.91.8

404 Not Found

808 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Regular.woff
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text
Size
808 B (808 bytes)
Hash
a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/webfonts/AnPostSans-Regular.woff HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/newassets/core.min.css
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html
content-length: 808
last-modified: Mon, 18 Mar 2024 08:24:08 GMT
etag: "328-613eb14dde8f0"
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

9.1 kB

URL User Request GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3
Size
9.1 kB (9090 bytes)
Hash
218fbaa4499b9dfbdf790eb6b1588b15
91041beed32e201d87018524f69b2df01b721874
7a62e5407e35366f9527d4ca152bac2f4908f1e6c34e6b4d8264841578e71bf6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

206 kB

URL User Request GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
206 kB (206310 bytes)
Hash
550896d5503e1fad4038bc9a3bd3fb38
8a3b93a6e64a7886009af556e22e2beeb24f9c13
7e83d307e8ba22d70a0beb8645dfda7c7bd85a494f2619d9751f2eea24d7f7e8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

208 kB

URL User Request GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
208 kB (207480 bytes)
Hash
00c50295b570a7492873e0c56008c3e0
199027ffbae96778b9a276f04a3fb383546dfbce
075affa26ba7301f5f53c3c32f1fd155a689e54413950e32598d44152dc18a21

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

200 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
200 kB (200275 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

200 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
200 kB (200275 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

200 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
200 kB (200275 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
content-length: 33565
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

200 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
200 kB (200275 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/f17.min.css

35.180.91.8

200 OK

3.7 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/f17.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
ASCII text, with very long lines (3667), with no line terminators
Size
3.7 kB (3663 bytes)
Hash
0cb17f41cb8cd0c31661e4b5c5090889
88d642d93abff9a4463e4aef531058bb66838bec
77334bdbc4a9162a18be69f0d1414fa4755142ea735c3f7c531288d44d420419

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/f17.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:11:58 GMT
etag: W/"65fafcbe-e4f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

200 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
200 kB (200275 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Bold.woff2

35.180.91.8

404 Not Found

808 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/webfonts/AnPostSans-Bold.woff2
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (866), with no line terminators
Size
808 B (808 bytes)
Hash
b45bdabc5c2538b0c4e5f352bcdfb585
5a97ce87ce8d3d86a043c1a5e68e968e20a1e146
c96189c857253fcdbe13dfcbc7f919050fae21ccb7116c3078ee3c8d8d0f12c7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/webfonts/AnPostSans-Bold.woff2 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/newassets/core.min.css
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html
content-length: 808
last-modified: Mon, 18 Mar 2024 08:24:08 GMT
etag: "328-613eb14dde8f0"
accept-ranges: bytes
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/sources/html2canvas.min.js?_=1711648158114

35.180.91.8

404 Not Found

808 B

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/sources/html2canvas.min.js?_=1711648158114
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (866), with no line terminators
Size
808 B (808 bytes)
Hash
b45bdabc5c2538b0c4e5f352bcdfb585
5a97ce87ce8d3d86a043c1a5e68e968e20a1e146
c96189c857253fcdbe13dfcbc7f919050fae21ccb7116c3078ee3c8d8d0f12c7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/sources/html2canvas.min.js?_=1711648158114 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html
last-modified: Mon, 18 Mar 2024 08:24:08 GMT
etag: W/"328-613eb14dde8f0"
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.mask.js

35.180.91.8

200 OK

18 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.mask.js
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
JavaScript source, ASCII text
Size
18 kB (18430 bytes)
Hash
219d169a80568884a3d6baab3e5e7def
61d00104de8c972c820cd9b527d8e2edb30e5c4a
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/sources/jquery.mask.js HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/javascript
last-modified: Wed, 20 Mar 2024 15:12:02 GMT
etag: W/"65fafcc2-47fe"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/common-deferred.min.css

35.180.91.8

200 OK

203 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/common-deferred.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type

Size
203 kB (202739 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/common-deferred.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:11:56 GMT
etag: W/"65fafcbc-317f3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/f14.min.css

35.180.91.8

200 OK

2.3 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/f14.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
ASCII text, with very long lines (2342), with no line terminators
Size
2.3 kB (2338 bytes)
Hash
037074a457932707919a9b3d74a2b2be
969c6d1d5ed19bd74f8579bd2485c4cb88d6687a
1efc26b37f025ae4d22e31da60bd918445d98d3c317948ba9729cb7571f691a8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/f14.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:11:58 GMT
etag: W/"65fafcbe-922"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/core.min.css

35.180.91.8

200 OK

714 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/core.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type

Size
714 kB (713974 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/core.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:11:58 GMT
etag: W/"65fafcbe-ae4f6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177

35.180.91.8

200 OK

200 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
HTML document, ASCII text, with very long lines (51579), with CRLF line terminators
Size
200 kB (200275 bytes)
Hash
3c3bcaf9d56a73ae269824af72cabf8d
2bab2cf09148be1a577f7530bd178278f62c3f84
6a2ead33a7efc7129aced87ddd7d6d32a9d0a110767ef7a2c9e26f44b7593370

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177 HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:18 GMT
content-type: text/html; charset=UTF-8
content-length: 33565
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/css.css

35.180.91.8

200 OK

3.2 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/css.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
ASCII text, with very long lines (3225), with no line terminators
Size
3.2 kB (3153 bytes)
Hash
76c6e9e68f780295f7a60e8e6f488531
92f37227cfd282f6b930dc918a2a626f40e8536d
8a4a66ec17eca4387364ff7b1d17c0e20f01cf2750b0b510638306f7f3a68cfd

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/css.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:11:58 GMT
etag: W/"65fafcbe-c51"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/f16.min.css

35.180.91.8

200 OK

2.0 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/f16.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
ASCII text, with very long lines (2011), with no line terminators
Size
2.0 kB (2007 bytes)
Hash
5ef77b311145751aa131921bd1e38ed7
f8057f7073518d1cb52ab9a05e296845b88cd47f
10f17e3e2715a5f01ade00fc75bba83542ae97cdac968a0da2ab4143c08a07b5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/f16.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:11:58 GMT
etag: W/"65fafcbe-7d7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.min.js

35.180.91.8

200 OK

90 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/sources/jquery.min.js
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/sources/jquery.min.js HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/javascript
last-modified: Wed, 20 Mar 2024 15:12:02 GMT
etag: W/"65fafcc2-15d9d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/sources/custom.js

35.180.91.8

200 OK

1.1 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/sources/custom.js
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
JavaScript source, ASCII text, with very long lines (1178), with no line terminators
Size
1.1 kB (1070 bytes)
Hash
45298805be6f4f03f1db11e226321e80
9f8e2606d5a64cefd15b967bcedd62b80c0dcc10
d4d8a978b94b1163e13b8440718dbf9d4263c48892e8b3130945e2ed9d831e64

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/sources/custom.js HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/javascript
last-modified: Wed, 20 Mar 2024 15:12:02 GMT
etag: W/"65fafcc2-42e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.99

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://day9.foodstamps.cc
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 02:41:18 GMT
expires: Fri, 28 Mar 2025 02:41:18 GMT
cache-control: public, max-age=31536000
age: 54480
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

day9.foodstamps.cc/e/authID=kWcqu/newassets/m18.min.css

35.180.91.8

200 OK

28 kB

URL GET HTTP/2
day9.foodstamps.cc/e/authID=kWcqu/newassets/m18.min.css
IP
35.180.91.8:443
ASN
#16509 AMAZON-02

Requested by
https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Certificate
IssuerLet's Encrypt
Subjectday9.foodstamps.cc
FingerprintCB:2E:4B:EC:77:93:0E:52:6D:5A:93:14:11:43:58:9A:3B:FA:E0:50
ValidityMon, 18 Mar 2024 07:36:42 GMT - Sun, 16 Jun 2024 07:36:41 GMT

File type
ASCII text, with very long lines (28384), with no line terminators
Size
28 kB (28384 bytes)
Hash
30e1b1d1fe0797804e76a42eb02c8fb8
74afc2b6290850dd2107bc8d0dc2fd2825effc8a
013db3f74bfcace16da0bea1211c0e240d85f746c10d9e7a2826cb4a100c684c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	An Post

HTTP Headers

GET /e/authID=kWcqu/newassets/m18.min.css HTTP/1.1
Host: day9.foodstamps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://day9.foodstamps.cc/e/authID=kWcqu/tracking.php?sessionid=e9+i502hf+8cabd4gj7631PowS+aBD++J+wggpTK5uSGN2b1fI+8FLaOmZH4rkME3+9AY6XC+759604114177
Cookie: PHPSESSID=pnkrc07uivb2mp7jhfjs0bcd6a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 17:49:17 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 15:12:00 GMT
etag: W/"65fafcc0-6ee0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (44)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2