Report - ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php

Report Overview

Submitted URL
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
IP
192.236.154.88
ASN
#54290 HOSTWINDS
Submitted
2024-04-16 20:21:17
Access
public
Website Title
Log in to your account
Final URL
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Tags
paypal phishing financial
urlquery detections
Phishing - PayPal

Detections

urlquery
10
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ams-shared-1.masterns.com	unknown	unknown	No data	No data	6.2 kB	144 kB	192.236.154.88
static.elfsight.com	17480	2012-07-09	2019-12-01	2024-04-13	901 B	804 kB	172.67.22.83
js-codes.com	unknown	2017-08-28	2017-12-08	2024-03-10	429 B	7.6 kB	172.67.199.99
core.service.elfsight.com	unknown	2012-07-09	2021-11-08	2024-04-13	615 B	239 kB	104.22.69.95
files.elfsightcdn.com	82787	2021-03-25	2021-06-02	2024-04-15	508 B	82 kB	104.26.4.247
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-16	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/js/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-29
Pretty URL ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/js/jquery-3.3.1.min.js IP 192.236.154.88 ASN #54290 HOSTWINDS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-29 21:12:00 Times Seen106914 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php	4.7 kB	2023-03-07	2024-04-20
Pretty URL ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php IP 192.236.154.88 ASN #54290 HOSTWINDS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:58:44 Last Seen2024-04-20 14:14:14 Times Seen28 Hash 729214496ba6b86a19f16a3a274f8162 2b87775527475d4c4ad5faab003d4a9ee75c4e2f 7c418358c3bcd31f72343f7d53217f68915f5e8b8b3611e1d85af69bc9cafe46 Loading...

	static.elfsight.com/platform/platform.js	49 kB	2024-02-21	2024-04-29
Pretty URL static.elfsight.com/platform/platform.js IP 172.67.22.83 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-21 02:25:44 Last Seen2024-04-29 15:13:15 Times Seen51 Hash ea938560ae1a20790bf6327458b05878 609d91756a2674f8fbf36b14fbaa3cc6e7e11e48 fb7a4c81cad32e268d69dab0797be43a729e94bf17884e2c33f5a4de1f4823c1 Loading...

	static.elfsight.com/apps/popup/stable/5d8deeec4e477df8f206ae4fbe9cea7d7e0dca67/app/popup.js	770 kB	2024-04-16	2024-04-20
Pretty URL static.elfsight.com/apps/popup/stable/5d8deeec4e477df8f206ae4fbe9cea7d7e0dca67/app/popup.js IP 172.67.22.83 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 22:21:24 Last Seen2024-04-20 14:14:14 Times Seen7 Hash 84582415215de6b6798196faafb6c633 921666470b9e4dbb521073f40955424c3b6123e0 b5a8071848f69e3c8e1cfe2f0640938b2dc8f9ee1cbe7e82277f6fe101141a37 Loading...

HTTP Transactions (16)

URL IP Response Size

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php

192.236.154.88

200 OK

1 B

URL User Request GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/signin.php HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b; path=/
location: index.php
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Tue, 16 Apr 2024 20:20:52 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/index.php

192.236.154.88

302 Found

1 B

URL User Request GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/index.php
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/index.php HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: signin.php
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Tue, 16 Apr 2024 20:20:52 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php

192.236.154.88

200 OK

6.8 kB

URL User Request GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
6.8 kB (6771 bytes)
Hash
0d651d1b74aca858cbe6bec61a04ec67
c223d04b511f262cca6e6fa0c47f586e53ec6ccc
dbaa47ee3677c489fd8a014abd246ac0fa59280c359a22b930969dec84443b53

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/signin.php HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: br
content-length: 6771
content-type: text/html; charset=UTF-8
date: Tue, 16 Apr 2024 20:20:52 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/styles/signin.css

192.236.154.88

200 OK

2.7 kB

URL GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/styles/signin.css
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
2.7 kB (2677 bytes)
Hash
831d64d9b9920cd08ce45762aec8d025
eb22b4bc9ddc3d25600b7c6ef13ed6f1b73e86ac
44334e15099fb14b56b78e0fa275cf5a74469c83dee771388b0df6fd1777d6f7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/lib/styles/signin.css HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 2677
content-type: text/css
date: Tue, 16 Apr 2024 20:20:53 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/js/jquery-3.3.1.min.js

192.236.154.88

200 OK

30 kB

URL GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/js/jquery-3.3.1.min.js
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (29708 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/lib/js/jquery-3.3.1.min.js HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 29708
content-type: text/javascript
date: Tue, 16 Apr 2024 20:20:53 GMT
server: Apache
X-Firefox-Spdy: h2

static.elfsight.com/platform/platform.js

172.67.22.83

200 OK

32 kB

URL GET HTTP/2
static.elfsight.com/platform/platform.js
IP
172.67.22.83:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.elfsight.com
Fingerprint60:0D:53:C1:E5:36:E2:3C:EB:15:DD:CA:58:66:6A:DD:C4:F1:DA:F9
ValidityWed, 27 Mar 2024 11:53:50 GMT - Tue, 25 Jun 2024 11:53:49 GMT

File type
gzip compressed data, from Unix
Size
32 kB (32363 bytes)
Hash
121cce3a75c3c3eca363994bcf53b59f
b5f23e8d387955e3247b4b16a040c8430c91436e
8f8e18e1f22e039e595f30b2072e6ec3c7bc7530c707a27bdaef83d4fcf1708b

HTTP Headers

GET /platform/platform.js HTTP/1.1
Host: static.elfsight.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:20:53 GMT
content-type: application/javascript
last-modified: Tue, 13 Feb 2024 12:43:55 GMT
x-rgw-object-type: Normal
etag: W/"ea938560ae1a20790bf6327458b05878"
x-amz-request-id: tx000002944742c753d07fd-0065cb64c7-53bcfc37-sfo2a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=0
x-do-cdn-uuid: e32c40dc-02c3-4408-a6ec-51bfedff6dd9
cache-control: max-age=3600
x-envoy-upstream-healthchecked-cluster: 
content-encoding: gzip
cf-cache-status: HIT
age: 2875
server: cloudflare
cf-ray: 8756e0e76d69b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js-codes.com/modernizr/2.9.0/modernizr.min.js

172.67.199.99

521 No Reason Phrase

6.8 kB

URL GET HTTP/2
js-codes.com/modernizr/2.9.0/modernizr.min.js
IP
172.67.199.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuerLet's Encrypt
Subjectjs-codes.com
Fingerprint7D:02:72:68:8C:94:7B:4C:CF:EB:32:13:BF:A4:77:E3:60:F0:F1:89
ValidityWed, 21 Feb 2024 18:23:12 GMT - Tue, 21 May 2024 18:23:11 GMT

File type
HTML document, ASCII text, with very long lines (394)
Size
6.8 kB (6809 bytes)
Hash
e866c85c81f950a95dc975679be79d42
5f21d924abb0ceaaced65a7c9aaa9e6354aed3a2
27077cdf1cd45db796a53d30f105d3b15ee31fadfae9b828a2b69102dda9cd61

HTTP Headers

GET /modernizr/2.9.0/modernizr.min.js HTTP/1.1
Host: js-codes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 521 No Reason Phrase
date: Tue, 16 Apr 2024 20:20:53 GMT
content-type: text/html; charset=UTF-8
content-length: 6809
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YDIpJr1S15jfJ2IOiCALOqGuwvKT6OKMwebd%2FAR3dREeF9ZPGp1pZKDEYZgRkC37Ck0qCFSWfWIW9rit84lN0xaZ6M6y%2FDO3ZZspd6l1Umhr%2FZJMRxE59XXMb0UWR5M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8756e0e7a926569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/logo_official.svg

192.236.154.88

200 OK

1.8 kB

URL GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/logo_official.svg
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1800 bytes)
Hash
0d105318575ea6a4fc653aa8290a3410
b8ef6c644ffdb3983c518014bc4c0ff4317a011b
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/logo_official.svg HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/styles/signin.css
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1800
content-type: image/svg+xml
date: Tue, 16 Apr 2024 20:20:53 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/fonts/p_small_regular.woff

192.236.154.88

200 OK

47 kB

URL GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/fonts/p_small_regular.woff
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 47339, version 1.0
Size
47 kB (47339 bytes)
Hash
20f0f192de040edc17e47e61752e142f
713967babdefbc54dceacb052776c67527aada22
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/lib/fonts/p_small_regular.woff HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/styles/signin.css
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 01 Apr 2019 16:39:48 GMT
accept-ranges: bytes
content-length: 47339
vary: Accept-Encoding
content-type: font/woff
date: Tue, 16 Apr 2024 20:20:53 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/fonts/p_small_light.woff

192.236.154.88

200 OK

47 kB

URL GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/fonts/p_small_light.woff
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 46703, version 1.0
Size
47 kB (46703 bytes)
Hash
75dadb2e9d1d569b0320c420826e0e27
8bd7ffdc044dbdf5cadde1cc790522feeacf40a4
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/lib/fonts/p_small_light.woff HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/styles/signin.css
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 01 Apr 2019 16:39:48 GMT
accept-ranges: bytes
content-length: 46703
vary: Accept-Encoding
content-type: font/woff
date: Tue, 16 Apr 2024 20:20:53 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/favi.png

192.236.154.88

200 OK

4.5 kB

URL GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/favi.png
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
Size
4.5 kB (4518 bytes)
Hash
5ff4fb77dc2ba5364283b18256b34e1a
37f8e1586e4a091d7a0a266842fd3a3d4e15c5aa
965b855f8212fb12dac35c751da64ae8c1a10ab93ac274c0f40c1d28d159ebce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/favi.png HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
accept-ranges: bytes
content-length: 4518
content-type: image/png
date: Tue, 16 Apr 2024 20:20:53 GMT
server: Apache
X-Firefox-Spdy: h2

ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/favi.ico

192.236.154.88

200 OK

1.3 kB

URL GET HTTP/2
ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/favi.ico
IP
192.236.154.88:443
ASN
#54290 HOSTWINDS

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuercPanel, Inc.
Subjectams-shared-1.masterns.com
Fingerprint68:22:53:9B:54:C4:B5:0C:7A:E7:7A:1D:1A:7D:3C:48:C1:01:BF:A7
ValidityMon, 19 Feb 2024 00:00:00 GMT - Sun, 19 May 2024 23:59:59 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
Size
1.3 kB (1308 bytes)
Hash
e1528b5176081f0ed963ec8397bc8fd3
ff60afd001e924511e9b6f12c57b6bf26821fc1e
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - PayPal

HTTP Headers

GET /~rlsfswem/load/verif/verif/ppl/verification/app/lib/pics/favi.ico HTTP/1.1
Host: ams-shared-1.masterns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Cookie: PHPSESSID=1cfe6464b0837600008b4f4e53dee50b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1308
content-type: image/x-icon
date: Tue, 16 Apr 2024 20:20:53 GMT
server: Apache
X-Firefox-Spdy: h2

core.service.elfsight.com/p/boot/?page=https%3A%2F%2Fams-shared-1.masterns.com%2F~rlsfswem%2Fload%2Fverif%2Fverif%2Fppl%2Fverification%2Fapp%2Fsignin.php&w=f5cf8956-7b85-4887-ae11-dc505c24e809

104.22.69.95

200 OK

238 kB

URL GET HTTP/2
core.service.elfsight.com/p/boot/?page=https%3A%2F%2Fams-shared-1.masterns.com%2F~rlsfswem%2Fload%2Fverif%2Fverif%2Fppl%2Fverification%2Fapp%2Fsignin.php&w=f5cf8956-7b85-4887-ae11-dc505c24e809
IP
104.22.69.95:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuerCloudflare, Inc.
Subjectelfsight.com
Fingerprint46:EE:F5:DB:97:54:0B:34:F4:0D:79:7D:CC:82:E9:B0:17:A2:FB:DB
ValidityFri, 08 Sep 2023 00:00:00 GMT - Sat, 07 Sep 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
238 kB (237736 bytes)
Hash
16e2fb503e68cc5e13ba6eb363df15f0
ba570d0a91b3b05e19736f8ef1b1fb50931ab570
e37be74f95e5efd4ac1c5e4ef03617026cd1f4eb8f277dae297c8eaea1a463ae

HTTP Headers

GET /p/boot/?page=https%3A%2F%2Fams-shared-1.masterns.com%2F~rlsfswem%2Fload%2Fverif%2Fverif%2Fppl%2Fverification%2Fapp%2Fsignin.php&w=f5cf8956-7b85-4887-ae11-dc505c24e809 HTTP/1.1
Host: core.service.elfsight.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ams-shared-1.masterns.com
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:20:53 GMT
content-type: application/json; charset=utf-8
cf-ray: 8756e0ea4dd58f57-CPH
cf-cache-status: DYNAMIC
access-control-allow-origin: https://ams-shared-1.masterns.com
content-encoding: gzip
etag: W/"1e93-L24Rt6X1IAHcdGWeAZJBZI+uTh8"
set-cookie: elfsight_viewed_recently=1; Max-Age=15; Path=/; Expires=Tue, 16 Apr 2024 20:21:08 GMT; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=0
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
cf-apo-via: origin,host
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
x-content-type-options: nosniff
x-dns-prefetch-control: on
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0, 1; mode=block
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

files.elfsightcdn.com/eafe4a4d-3436-495d-b748-5bdce62d911d/58b04a75-015c-48a7-9234-22392affe746/ppp.jpg

104.26.4.247

200 OK

81 kB

URL GET HTTP/2
files.elfsightcdn.com/eafe4a4d-3436-495d-b748-5bdce62d911d/58b04a75-015c-48a7-9234-22392affe746/ppp.jpg
IP
104.26.4.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectfiles.elfsightcdn.com
FingerprintDD:42:86:3D:42:33:CF:DE:40:4D:DA:04:A7:0A:A5:0C:00:86:F7:DD
ValidityWed, 27 Mar 2024 08:52:44 GMT - Tue, 25 Jun 2024 08:52:43 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3
Size
81 kB (81309 bytes)
Hash
617de44cfebc80eddcca2ae4f8218f9d
7e3194f05ff9957d024bd75b034d6906ae174f5c
4653a3c27240c3e2d5d47fd13eeacbfe18069acb4f4f690537f7cf54f94e3f9f

HTTP Headers

GET /eafe4a4d-3436-495d-b748-5bdce62d911d/58b04a75-015c-48a7-9234-22392affe746/ppp.jpg HTTP/1.1
Host: files.elfsightcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:20:54 GMT
content-type: image/jpeg
content-length: 81309
cache-control: max-age=604800
cf-bgj: h2pri
etag: "617de44cfebc80eddcca2ae4f8218f9d"
last-modified: Sun, 16 Apr 2023 01:28:49 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: tx000000000000031386202-00661bf776-41e2d025-nyc3a
x-do-cdn-uuid: 09fc71af-b58f-4172-b955-d9e3a4bdd076
x-envoy-upstream-healthchecked-cluster: 
x-rgw-object-type: Normal
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjhKOTLFGZATOI2fxPths0H2DmDA0Dqq1SmjmGnGxPTHN3BikBRAFihXUm6ISd1pWwHYUG06N7CXpJh8YMVx1VMuBqLYiTxoLbOFN86gEwlqiF2qhlDUeqGyvMZbvDbab16HO1c1Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756e0ee2a2156be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=SN_rJ7njwrd2gp1TQEkDE2d4HQroQ8xPh312yGFDwTTZetiU2_rBMOhxwEKAMimrHIgWRUUgaL2vqw3J35fjH3p5wMQqMsNhDZ6MI8bBg2BzmDRFjriCtMkZDtUYdRIT
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 16 Apr 2024 20:18:51 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 140
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

static.elfsight.com/apps/popup/stable/5d8deeec4e477df8f206ae4fbe9cea7d7e0dca67/app/popup.js

172.67.22.83

200 OK

770 kB

URL GET HTTP/2
static.elfsight.com/apps/popup/stable/5d8deeec4e477df8f206ae4fbe9cea7d7e0dca67/app/popup.js
IP
172.67.22.83:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ams-shared-1.masterns.com/~rlsfswem/load/verif/verif/ppl/verification/app/signin.php
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.elfsight.com
Fingerprint60:0D:53:C1:E5:36:E2:3C:EB:15:DD:CA:58:66:6A:DD:C4:F1:DA:F9
ValidityWed, 27 Mar 2024 11:53:50 GMT - Tue, 25 Jun 2024 11:53:49 GMT

File type

Size
770 kB (769717 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apps/popup/stable/5d8deeec4e477df8f206ae4fbe9cea7d7e0dca67/app/popup.js HTTP/1.1
Host: static.elfsight.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ams-shared-1.masterns.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:20:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 11 Apr 2024 13:05:31 GMT
x-rgw-object-type: Normal
etag: W/"84582415215de6b6798196faafb6c633"
x-amz-request-id: tx00000804e55e2ac9a0a1f-006617e279-56dd58a7-sfo2a
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=0
x-do-cdn-uuid: e32c40dc-02c3-4408-a6ec-51bfedff6dd9
cache-control: max-age=3600
x-envoy-upstream-healthchecked-cluster: 
content-encoding: gzip
cf-cache-status: HIT
age: 2768
server: cloudflare
cf-ray: 8756e0ebcb04b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash