Report - pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65

Report Overview

Visited public
2025-04-27 20:05:52
Tags
URL
pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Finishing URL
pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
IP / ASN
84.32.84.66
#47583 Hostinger International Limited
Title
This Page Does Not Exist

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pillsa.com	unknown	2019-05-03	2019-05-05	2025-04-27	7.5 kB	1.4 MB	89.116.109.248
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-23	961 B	64 kB	142.250.178.106
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-04-23	458 B	122 kB	104.18.10.207
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-23	443 B	342 kB	142.250.178.40
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-23	554 B	38 kB	142.250.178.67

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-27 20:05:20	high	Client IP	89.116.109.248	ET PHISHING Generic Phishkit Activity (GET)
2025-04-27 20:05:24	high	Client IP	89.116.109.248	ET PHISHING Generic Phishkit Activity (GET)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-13
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-13 19:46 Times Seen352935 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65	ScriptElement	523 B	2025-04-24	2025-06-12
Pretty URL pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 IP 89.116.109.248 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-24 13:29 Last Seen2025-06-12 08:06 Times Seen43 Hash 8c819feec6f0949d46b480103519d1e2 af87637abad0432264ad6c83404f29c83f2c0e66 a705043af6f3effd36fc1e600aef395c7af72a8553d918eeef1c12c16f98a23c Loading...

	pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/sandbox%20eval%20code		147 B	2023-04-11	2025-06-13
Pretty URL pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-13 19:46 Times Seen353668 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-13
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-13 19:46 Times Seen352935 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-9Q6H0QETRF&cx=c&_slc=1	ScriptElement	341 kB	2025-04-27	2025-04-27
Pretty URL www.googletagmanager.com/gtag/js?id=G-9Q6H0QETRF&cx=c&_slc=1 IP 142.250.178.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 20:05 Last Seen2025-04-27 20:05 Times Seen1 Hash 697b8e39e59e15f3dab14f00e16e895d 098b17f6c3f3cb203cbc2a85a52cf0f5b6adc4c2 9e64be3e9f316e006ba9b8e7352fa97fea68f654bcf3ae656b2fd7e1a6996166 Loading...

	pillsa.com/hcdn-cgi/jschallenge	ScriptElement	346 B	2025-04-27	2025-04-27
Pretty URL pillsa.com/hcdn-cgi/jschallenge IP 89.116.109.248 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 20:05 Last Seen2025-04-27 20:05 Times Seen1 Hash a7f0a7ca8deafdbc1f1492de0c5a30a6 326dd2ab9387bd4099fffdd0335094426cd7dc49 c97f82ae96c73037ada73c3f397048c208594463d5732fe02adb366e6dc23591 Loading...

	pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65	Function	79 B	2023-04-11	2025-06-13
Pretty URL pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 IP 89.116.109.248 ASN #47583 Hostinger International Limited Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-06-13 19:49 Times Seen114789 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65	Function	37 B	2023-04-11	2025-06-13
Pretty URL pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 IP 89.116.109.248 ASN #47583 Hostinger International Limited Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-06-13 19:52 Times Seen271795 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/sandbox%20eval%20code		147 B	2023-04-11	2025-06-13
Pretty URL pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-13 19:46 Times Seen353668 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (15)

URL IP Response Size

pillsa.com/favicon.ico

89.116.109.248

403 Forbidden

4.8 kB

URL GET
pillsa.com/favicon.ico
IP
89.116.109.248:80
ASN
#47583 Hostinger International Limited

Requested by
http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
4.8 kB (4792 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 27 Apr 2025 20:05:20 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7d3e6124762ec41a5979f104fbec0125-fast-edge6

pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65

89.116.109.248

301 Moved Permanently

4.5 kB

URL User Request GET
pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
IP
89.116.109.248:80
ASN
#47583 Hostinger International Limited

File type

Size
4.5 kB (4511 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAauK3N4qYqKLG5W_NopJpJ6-DW4Lt4282Pzi7h88rrLEDjg5oAAAAAADeAADlVGDmdc7Jt1dSg95IAYRfAAAAf8a52X4evfiOi7jmZectKA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Apr 2025 20:05:24 GMT
Content-Type: text/html
Content-Length: 795
Connection: keep-alive
location: https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
platform: hostinger
panel: hpanel
content-security-policy: upgrade-insecure-requests
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 54c49d7abb7e42cbd61192d05155a7e1-fast-edge6
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.354

89.116.109.248

404 Not Found

4.5 kB

URL User Request GET
pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
IP
89.116.109.248:443
ASN
#47583 Hostinger International Limited

Certificate
IssuerGoogle Trust Services
Subjectpillsa.com
Fingerprint66:E3:FF:21:63:1D:B4:D4:A7:A7:25:13:21:14:60:1C:15:86:05:C6
ValidityTue, 18 Mar 2025 09:59:19 GMT - Mon, 16 Jun 2025 09:59:18 GMT

File type
HTML document, ASCII text, with very long lines (371)
Size
4.5 kB (4511 bytes)
Hash
b16e9097fc7d3af8ebfcfce7aba0a42d
2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5
e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAauK3N4qYqKLG5W_NopJpJ6-DW4Lt4282Pzi7h88rrLEDjg5oAAAAAADeAADlVGDmdc7Jt1dSg95IAYRfAAAAf8a52X4evfiOi7jmZectKA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 27 Apr 2025 20:05:24 GMT
content-type: text/html
content-length: 1626
last-modified: Tue, 22 Apr 2025 07:57:10 GMT
etag: "119f-68074bd6-771bbb80d14858ba;br"
content-encoding: br
platform: hostinger
panel: hpanel
age: 18
server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f70b1feb2dc70eea42248bbd062328de-fast-edge6
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=DM+Sans:300,300i,400,400i,600,600i,700,700i,800,800i

142.250.178.106

200 OK

8.5 kB

URL GET
fonts.googleapis.com/css?family=DM+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00
ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT

File type
ASCII text
Size
8.5 kB (8455 bytes)
Hash
604d9d0840fecf574733e3aee9dfd585
f1f3f399620114bac02c953531faec0efd0b7503
4428937d5f6e8a317a0c2d35b374a00ee7fc02d21913802de4b6f405b8cfa628

HTTP Headers

GET /css?family=DM+Sans:300,300i,400,400i,600,600i,700,700i,800,800i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pillsa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Apr 2025 20:05:24 GMT
date: Sun, 27 Apr 2025 20:05:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

89.116.109.248

403 Forbidden

4.8 kB

URL User Request GET
pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
IP
89.116.109.248:80
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
4.8 kB (4792 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 27 Apr 2025 20:05:20 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: afb3e85246f730c27e273cfb8151062c-fast-edge6

pillsa.com/hcdn-cgi/jschallenge

89.116.109.248

200 OK

346 B

URL GET
pillsa.com/hcdn-cgi/jschallenge
IP
89.116.109.248:80
ASN
#47583 Hostinger International Limited

Requested by
http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65

File type
ASCII text
Size
346 B (346 bytes)
Hash
a7f0a7ca8deafdbc1f1492de0c5a30a6
326dd2ab9387bd4099fffdd0335094426cd7dc49
c97f82ae96c73037ada73c3f397048c208594463d5732fe02adb366e6dc23591

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Apr 2025 20:05:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f90f21eb9105636002ec58751b70693d-fast-edge6
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

pillsa.com/htdocs_error/page_not_found.svg

89.116.109.248

200 OK

1.4 MB

URL GET
pillsa.com/htdocs_error/page_not_found.svg
IP
89.116.109.248:443
ASN
#47583 Hostinger International Limited

Requested by
https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Certificate
IssuerGoogle Trust Services
Subjectpillsa.com
Fingerprint66:E3:FF:21:63:1D:B4:D4:A7:A7:25:13:21:14:60:1C:15:86:05:C6
ValidityTue, 18 Mar 2025 09:59:19 GMT - Mon, 16 Jun 2025 09:59:18 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 MB (1373144 bytes)
Hash
c4831cf78ef9127d78e5a0498ee6dfe2
b13d3cb484d6a2130cd14cfcbd8dc4286f81707a
af5daaa2ec030427c17911e9b123961a3c0ab38cd6a19c1798538a86e15ba757

HTTP Headers

GET /htdocs_error/page_not_found.svg HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Cookie: hcdn=AQEAauK3N4qYqKLG5W_NopJpJ6-DW4Lt4282Pzi7h88rrLEDjg5oAAAAAADeAADlVGDmdc7Jt1dSg95IAYRfAAAAf8a52X4evfiOi7jmZectKA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 20:05:24 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Sat, 03 May 2025 22:00:59 GMT
last-modified: Tue, 22 Apr 2025 07:57:10 GMT
etag: "14f3d8-68074bd6-4f21283aa0c23876;br"
content-encoding: br
platform: hostinger
panel: hpanel
x-turbo-charged-by: LiteSpeed
age: 79465
server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8f7d25edbcc137d9a5fdf21a724a4fdd-fast-edge6
x-hcdn-cache-status: HIT
X-Firefox-Spdy: h2

pillsa.com/favicon.ico

89.116.109.248

404 Not Found

4.5 kB

URL GET
pillsa.com/favicon.ico
IP
89.116.109.248:443
ASN
#47583 Hostinger International Limited

Requested by
https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Certificate
IssuerGoogle Trust Services
Subjectpillsa.com
Fingerprint66:E3:FF:21:63:1D:B4:D4:A7:A7:25:13:21:14:60:1C:15:86:05:C6
ValidityTue, 18 Mar 2025 09:59:19 GMT - Mon, 16 Jun 2025 09:59:18 GMT

File type
HTML document, ASCII text, with very long lines (371)
Size
4.5 kB (4511 bytes)
Hash
b16e9097fc7d3af8ebfcfce7aba0a42d
2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5
e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Cookie: hcdn=AQEAauK3N4qYqKLG5W_NopJpJ6-DW4Lt4282Pzi7h88rrLEDjg5oAAAAAADeAADlVGDmdc7Jt1dSg95IAYRfAAAAf8a52X4evfiOi7jmZectKA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 27 Apr 2025 20:05:25 GMT
content-type: text/html
content-length: 1626
last-modified: Tue, 22 Apr 2025 07:57:10 GMT
etag: "119f-68074bd6-771bbb80d14858ba;br"
content-encoding: br
platform: hostinger
panel: hpanel
x-turbo-charged-by: LiteSpeed
server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 2ee38f426131d9ed0b6c1268623694fa-fast-edge6
X-Firefox-Spdy: h2

89.116.109.248

404 Not Found

4.5 kB

URL User Request GET
pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
IP
89.116.109.248:443
ASN
#47583 Hostinger International Limited

Certificate
IssuerGoogle Trust Services
Subjectpillsa.com
Fingerprint66:E3:FF:21:63:1D:B4:D4:A7:A7:25:13:21:14:60:1C:15:86:05:C6
ValidityTue, 18 Mar 2025 09:59:19 GMT - Mon, 16 Jun 2025 09:59:18 GMT

File type
HTML document, ASCII text, with very long lines (371)
Size
4.5 kB (4511 bytes)
Hash
b16e9097fc7d3af8ebfcfce7aba0a42d
2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5
e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAauK3N4qYqKLG5W_NopJpJ6-DW4Lt4282Pzi7h88rrLEDjg5oAAAAAADeAADlVGDmdc7Jt1dSg95IAYRfAAAAf8a52X4evfiOi7jmZectKA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 27 Apr 2025 20:05:24 GMT
content-type: text/html
content-length: 1626
last-modified: Tue, 22 Apr 2025 07:57:10 GMT
etag: "119f-68074bd6-771bbb80d14858ba;br"
content-encoding: br
platform: hostinger
panel: hpanel
server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 378e61e8e70fda65d603d860407bbbb9-fast-edge6
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.10.207

200 OK

121 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE
ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT

File type
ASCII text, with very long lines (65371)
Size
121 kB (121200 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pillsa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 20:05:24 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "ec3bb52a00e176a7181d454dffaea219"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 11/07/2024 07:30:56
cdn-proxyver: 1.06
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1108
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 1
cdn-requestid: 8663f3fe3c3fbc1cabad4998c117d08f
cdn-cache: HIT
cf-cache-status: HIT
age: 1434136
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9370ef3dcbb556b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,600,600i,700,700i,800,800i

142.250.178.106

200 OK

54 kB

URL GET
fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,600,600i,700,700i,800,800i
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00
ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT

File type
ASCII text, with very long lines (1572)
Size
54 kB (54000 bytes)
Hash
fa08a6d7f14a2693064b229cba5fc25e
fe065482cc682468481964c40640670697180e4c
36a31f5dc333fa6af3e7e283326f5bc45a1d1ab0d802eb6b62247c070d0804c1

HTTP Headers

GET /css?family=Roboto:300,300i,400,400i,600,600i,700,700i,800,800i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pillsa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Apr 2025 20:05:24 GMT
date: Sun, 27 Apr 2025 20:05:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-9Q6H0QETRF&cx=c&_slc=1

142.250.178.40

200 OK

341 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-9Q6H0QETRF&cx=c&_slc=1
IP
142.250.178.40:443
ASN
#15169 GOOGLE

Requested by
https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintE4:97:12:2A:2B:30:84:66:33:9D:D6:09:14:D3:8F:CE:3E:20:73:24
ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
341 kB (340777 bytes)
Hash
697b8e39e59e15f3dab14f00e16e895d
098b17f6c3f3cb203cbc2a85a52cf0f5b6adc4c2
9e64be3e9f316e006ba9b8e7352fa97fea68f654bcf3ae656b2fd7e1a6996166

HTTP Headers

GET /gtag/js?id=G-9Q6H0QETRF&cx=c&_slc=1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pillsa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Apr 2025 20:05:24 GMT
expires: Sun, 27 Apr 2025 20:05:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1068:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1068:0
report-to: {"group":"ascgcycc:1068:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1068:0"}],}
server: Google Tag Manager
content-length: 118268
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2

142.250.178.67

200 OK

37 kB

URL GET
fonts.gstatic.com/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2
IP
142.250.178.67:443
ASN
#15169 GOOGLE

Requested by
https://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1
ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT

File type
Web Open Font Format (Version 2), TrueType, length 36848, version 1.0
Size
37 kB (36848 bytes)
Hash
3ccd9ab2050b2f26898b77af9148b8e2
7f9f46b2fb3f121f3c0600e1182d725b1be6c176
258f9f1b553bb57419619f41d3b1445226c7bc63d2a3409efef4a68426709e94

HTTP Headers

GET /s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pillsa.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 36848
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Apr 2025 16:14:56 GMT
expires: Sat, 25 Apr 2026 16:14:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Mar 2024 23:58:46 GMT
content-type: font/woff2
age: 186629
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

89.116.109.248

403 Forbidden

4.8 kB

URL User Request GET
pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
IP
89.116.109.248:443
ASN
#47583 Hostinger International Limited

Certificate
IssuerGoogle Trust Services
Subjectpillsa.com
Fingerprint66:E3:FF:21:63:1D:B4:D4:A7:A7:25:13:21:14:60:1C:15:86:05:C6
ValidityTue, 18 Mar 2025 09:59:19 GMT - Mon, 16 Jun 2025 09:59:18 GMT

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
4.8 kB (4792 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65 HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 27 Apr 2025 20:05:19 GMT
content-type: text/html
content-length: 2193
vary: Accept-Encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: bf051058b7ca9e6f7d67be97ec8e6cb4-fast-edge6
X-Firefox-Spdy: h2

pillsa.com/hcdn-cgi/jschallenge-validate

89.116.109.248

200 OK

0 B

URL POST
pillsa.com/hcdn-cgi/jschallenge-validate
IP
89.116.109.248:80
ASN
#47583 Hostinger International Limited

Requested by
http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: pillsa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pillsa.com/bofa/bofa/bofa/c02253513bce9f3d3215221564eed538/login.php?cmd=login_submit&id=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65&session=d3bf936e229479ffedbb41a03848fd65d3bf936e229479ffedbb41a03848fd65
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://pillsa.com
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Apr 2025 20:05:23 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAauK3N4qYqKLG5W_NopJpJ6-DW4Lt4282Pzi7h88rrLEDjg5oAAAAAADeAADlVGDmdc7Jt1dSg95IAYRfAAAAf8a52X4evfiOi7jmZectKA; Path=/; SameSite=Lax; HttpOnly
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 2ede489609e3a2a947cc42494ff93b42-fast-edge6
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET

IP

ASN

Requested by