Report - hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b

Report Overview

Visitedpublic

2025-07-21 15:53:32

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
hoseinnejad.sa.com	unknown	2025-07-14	2025-07-21	2025-07-21	5.2 kB	443 kB	185.221.216.125
static.chasecdn.com	8638	2014-08-07	2017-02-01	2025-07-21	2.0 kB	890 kB	23.36.79.154

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-21	medium	hoseinnejad.sa.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	hoseinnejad.sa.com/Chase/js/mask.js	ScriptElement	149 kB	2023-03-07	2025-08-06
URL hoseinnejad.sa.com/Chase/js/mask.js IP / ASN 185.221.216.125 #393960 HOST4GEEKS-LLC Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-06 Times Seen 202 Size 149 kB (149061 bytes) MD5 b28c4e8b73d73eb52c812ee9e4757460 SHA1 513be6d33316e1ba686515457c0280c8f02d3ffa SHA256 3c149e754af1a297e924c97c84aa5a1fafebc7c2b377e825738b8cb452fb3237 Format Code Loading...

	hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b	ScriptElement	487 B	2023-08-10	2025-07-23
URL hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b IP / ASN 185.221.216.125 #393960 HOST4GEEKS-LLC Introduced by ScriptElement Embedded true Resource Info First Seen 2023-08-10 Last Seen 2025-07-23 Times Seen 40 Size 487 B (487 bytes) MD5 78947dc5fb2b29fd6fbc2f28412105d1 SHA1 545e8ba37b6b2ce272b79e61e3130a006c317d01 SHA256 b96613f73abcfbde4bf27dd65c3b08cb07a108cc3a9d87fca8a4d09425b3ff0d Format Code Loading...

HTTP Transactions (12)

URL IP Response Size

GET hoseinnejad.sa.com/Chase/css/logon.css

185.221.216.125

200 OK

167 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/css/logon.css

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Requested byhttps://hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b

Resource Info

File typeASCII text, with very long lines (65536), with no line terminators

First Seen2023-08-10

Last Seen2025-07-23

Times Seen571

Size167 kB (166991 bytes)

MD51b3fd26942fc839367ceccda8882fb88

SHA181225debecd3c4d000bf2f4d623143b87bbd1aed

SHA256a608ecb06c7cff9cf38279edc51f3c9abf6051eb52447775fa2077b8157d2077

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/css/logon.css HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:55 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:26:24 GMT
Accept-Ranges: bytes
Content-Length: 166991
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

GET static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg

23.36.79.154

200 OK

306 kB

URL GET HTTPS

static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg

IP / ASN

23.36.79.154

#20940 Akamai International B.V.

Resource Info

File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3

First Seen2023-05-13

Last Seen2025-08-06

Times Seen1338

Size306 kB (306152 bytes)

MD5ff4ccdb7a4428ead513943583665aa4e

SHA107bec642d24ae6fbc965251e147992df17bb71f0

SHA25601978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /content/geo-images/images/background.desktop.day.1.jpeg HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 306152
x-dispatcher: dispatcher8useast1-28575362
x-vhost: private-publish
last-modified: Thu, 25 Apr 2024 15:46:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
x-ams-migration: TRUE
date: Mon, 21 Jul 2025 15:52:56 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1753113176224_388255638_308048113_56_5105_0_0_12";dur=1
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.964f2417.1753113176.125c70f1
X-Firefox-Spdy: h2

GET static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/dcefont.woff

23.36.79.154

200 OK

70 kB

URL GET HTTPS

static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/dcefont.woff

IP / ASN

23.36.79.154

#20940 Akamai International B.V.

Resource Info

File typeWeb Open Font Format, TrueType, length 70296, version 0.0

First Seen2023-04-11

Last Seen2025-07-23

Times Seen1050

Size70 kB (70296 bytes)

MD52ec43bffa4424b28d0cc96b37cca33a4

SHA11cde2661fb95ece87155c7931d5da6911331ef43

SHA2566ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/dcefont.woff HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hoseinnejad.sa.com
DNT: 1
Connection: keep-alive
Referer: https://static.chasecdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 70296
x-amz-id-2: VhyG15HGUe1CBHFr0tKR/uhD82ww8QwGK7eOf7/3P8GsKR2y7TYWKxNEdPRb88EtGXbA4K+NT5M=
x-amz-request-id: PP2VKTC3JAZRAJPG
x-amz-replication-status: COMPLETED
last-modified: Tue, 11 Jun 2024 21:44:55 GMT
etag: "f9f1c76c7df9a12ba2397bb380acde8c"
x-amz-version-id: GdUmjn_Nx516lIUdSaG0WbH7ervU1GQn
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-content-type_options: nosniff
x-xss-protection: 1; mode-block
x-envoy-upstream-service-time: 63
cache-control: max-age=6222224
expires: Wed, 01 Oct 2025 16:16:40 GMT
date: Mon, 21 Jul 2025 15:52:56 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1753113176373_388255638_308048203_43_5984_6_0_31";dur=1
content-security-policy: frame-ancestors *.chase.com 'self'
access-control-allow-origin: *
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.964f2417.1753113176.125c714b
X-Firefox-Spdy: h2

GET hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b

185.221.216.125

200 OK

17 kB

URL User Request GET HTTPS

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (1865)

First Seen2024-08-12

Last Seen2025-07-23

Times Seen29

Size17 kB (16815 bytes)

MD569b4d6eee1bddf9baeffae0b509e7a06

SHA10cc9c649a1123ccca1e88af75104dd1efb1a0ea7

SHA256c8c0c1e6307fbf17342dc57bec12c5c5c5fc26116395c29060f032b201b13fd1

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:55 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css

23.36.79.154

200 OK

510 kB

URL GET HTTPS

static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css

IP / ASN

23.36.79.154

#20940 Akamai International B.V.

Resource Info

File typeASCII text, with very long lines (65536), with no line terminators

First Seen2023-04-07

Last Seen2025-07-23

Times Seen825

Size510 kB (510195 bytes)

MD5da956e1b9164548d5127f341d7895ab9

SHA19ea06c5175c2492fda40e90028b29dbea4830855

SHA2563303fd8e3e10ea99269b96fcffa1370d6e40a21f02a712920f875b04a91e3205

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
x-amz-id-2: VTlUXPn5aJMt2qdAFIkNRiF0iMZHnRXvzuLZs1nmBL57n57PwrLbqza4Ck1le7vRcSDtWr/+cEc=
x-amz-request-id: CTHFJKXAQ6N496SH
x-amz-replication-status: COMPLETED
last-modified: Fri, 06 Sep 2024 17:59:50 GMT
etag: W/"1344b1c3015c169971104c687ac16b18"
x-amz-version-id: kBZap8c4261rAZgyhPpPsppGsm3VFIrw
x-frame-options: SAMEORIGIN
x-content-type_options: nosniff
x-xss-protection: 1; mode-block
x-envoy-upstream-service-time: 47
content-encoding: br
content-length: 51785
cache-control: max-age=7223565
expires: Mon, 13 Oct 2025 06:25:40 GMT
date: Mon, 21 Jul 2025 15:52:55 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1753113175784_388255638_308047798_559_7044_0_0_21";dur=1
content-security-policy: frame-ancestors *.chase.com 'self'
access-control-allow-origin: *
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.964f2417.1753113175.125c6fb6
X-Firefox-Spdy: h2

GET static.chasecdn.com/web/2022.11.13-214/logon/extra/js/main.js

23.36.79.154

404 Not Found

0 B

URL GET HTTPS

static.chasecdn.com/web/2022.11.13-214/logon/extra/js/main.js

IP / ASN

23.36.79.154

#20940 Akamai International B.V.

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706981

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /web/2022.11.13-214/logon/extra/js/main.js HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: application/xml
x-amz-request-id: B03NKNTP4J3ZWDZK
x-amz-id-2: i6LVdyca1bBcnhg7VM8tf22X96uwoa2jdR4uBOfJxX6YWwU0+fnZzotOhDhlSqAizPiNPiRmKdI=
x-envoy-upstream-service-time: 14
content-length: 312
cache-control: max-age=31535989
expires: Tue, 21 Jul 2026 15:52:44 GMT
date: Mon, 21 Jul 2025 15:52:55 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1753113175743_388255638_308047795_44_7887_0_33_21";dur=1
content-security-policy: frame-ancestors *.chase.com 'self'
access-control-allow-origin: *
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.964f2417.1753113175.125c6fb3
X-Firefox-Spdy: h2

GET hoseinnejad.sa.com/Chase/fonts/opensans-semibold.woff

185.221.216.125

200 OK

25 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/fonts/opensans-semibold.woff

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeWeb Open Font Format, TrueType, length 25108, version 1.0

First Seen2023-04-26

Last Seen2025-08-02

Times Seen1750

Size25 kB (25108 bytes)

MD533b58dcbc5aa1ae12fa76473c21ffe44

SHA182a3345756101d0f95fe1dab285e9f9c4e79871f

SHA256d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/fonts/opensans-semibold.woff HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:56 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:24:06 GMT
Accept-Ranges: bytes
Content-Length: 25108
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff

GET hoseinnejad.sa.com/Chase/fonts/opensans-regular.woff

185.221.216.125

200 OK

25 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/fonts/opensans-regular.woff

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeWeb Open Font Format, TrueType, length 24876, version 1.0

First Seen2023-04-16

Last Seen2025-08-02

Times Seen1677

Size25 kB (24876 bytes)

MD54eeedb4bc24c1cae309e117eea3f102f

SHA1ad5a141ef39ad1ada22a464fcd3678fcf72ac22b

SHA256b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/fonts/opensans-regular.woff HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:56 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:24:02 GMT
Accept-Ranges: bytes
Content-Length: 24876
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

GET hoseinnejad.sa.com/Chase/chasefavicon.ico

185.221.216.125

200 OK

32 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/chasefavicon.ico

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeMS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

First Seen2023-04-07

Last Seen2025-07-29

Times Seen2703

Size32 kB (32038 bytes)

MD55744986eb3dc6f2da92157a651889902

SHA15a558b58498fab2aeb742acdab51e0c2fbc78385

SHA256625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/chasefavicon.ico HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:56 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 14:04:52 GMT
Accept-Ranges: bytes
Content-Length: 32038
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon

GET hoseinnejad.sa.com/Chase/css/mds-chase-icons.css

185.221.216.125

200 OK

25 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/css/mds-chase-icons.css

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeASCII text, with very long lines (25161), with no line terminators

First Seen2023-04-05

Last Seen2025-07-23

Times Seen740

Size25 kB (25161 bytes)

MD5337f1a7cfd0c9050f48dc215c8ab3622

SHA1d58dca46c724ba17603c2ea1f12b6b09483ea6d8

SHA256d5dc1e864e5ef335e96dee19fba2c93a8e9fcdbe06f97229e1cdbdbaffc93f33

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/css/mds-chase-icons.css HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:55 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:21:18 GMT
Accept-Ranges: bytes
Content-Length: 25161
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

GET hoseinnejad.sa.com/Chase/js/mask.js

185.221.216.125

200 OK

149 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/js/mask.js

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (4222), with CRLF line terminators

First Seen2023-03-07

Last Seen2025-08-06

Times Seen202

Size149 kB (149061 bytes)

MD5b28c4e8b73d73eb52c812ee9e4757460

SHA1513be6d33316e1ba686515457c0280c8f02d3ffa

SHA2563c149e754af1a297e924c97c84aa5a1fafebc7c2b377e825738b8cb452fb3237

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/js/mask.js HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/otp.php?online_id=1785bc0499db9f17404a065dalogin_id=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b&session=c30eb21ed6fd0ca8ac6bd6a4f8a7194bc30eb21ed6fd0ca8ac6bd6a4f8a7194b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:55 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2022 03:50:54 GMT
Accept-Ranges: bytes
Content-Length: 149061
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript

GET hoseinnejad.sa.com/Chase/images/wordmark-white.svg

185.221.216.125

200 OK

1.4 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/images/wordmark-white.svg

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-30

Last Seen2025-08-06

Times Seen1983

Size1.4 kB (1409 bytes)

MD5b55b042f907bc7108f5dca2103a8476b

SHA19fcdcc86bfe1f3c7d4f774775670fbd08fe7556c

SHA256d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/images/wordmark-white.svg HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/css/logon.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 21 Jul 2025 15:52:56 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:22:40 GMT
Accept-Ranges: bytes
Content-Length: 1409
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml