Report - hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9

Report Overview

Visitedpublic

2025-07-22 05:53:23

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
hoseinnejad.sa.com	unknown	2025-07-14	2025-07-21	2025-07-21	4.6 kB	296 kB	185.221.216.125
static.chasecdn.com	8638	2014-08-07	2017-02-01	2025-07-21	2.0 kB	890 kB	95.101.10.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-22	medium	hoseinnejad.sa.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

GET hoseinnejad.sa.com/Chase/css/mds-chase-icons.css

185.221.216.125

200 OK

25 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/css/mds-chase-icons.css

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Requested byhttps://hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9

Resource Info

File typeASCII text, with very long lines (25161), with no line terminators

First Seen2023-04-05

Last Seen2025-07-23

Times Seen740

Size25 kB (25161 bytes)

MD5337f1a7cfd0c9050f48dc215c8ab3622

SHA1d58dca46c724ba17603c2ea1f12b6b09483ea6d8

SHA256d5dc1e864e5ef335e96dee19fba2c93a8e9fcdbe06f97229e1cdbdbaffc93f33

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/css/mds-chase-icons.css HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 05:52:46 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:21:18 GMT
Accept-Ranges: bytes
Content-Length: 25161
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

GET hoseinnejad.sa.com/Chase/css/logon.css

185.221.216.125

200 OK

167 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/css/logon.css

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeASCII text, with very long lines (65536), with no line terminators

First Seen2023-08-10

Last Seen2025-07-23

Times Seen571

Size167 kB (166991 bytes)

MD51b3fd26942fc839367ceccda8882fb88

SHA181225debecd3c4d000bf2f4d623143b87bbd1aed

SHA256a608ecb06c7cff9cf38279edc51f3c9abf6051eb52447775fa2077b8157d2077

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/css/logon.css HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 05:52:46 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:26:24 GMT
Accept-Ranges: bytes
Content-Length: 166991
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

GET hoseinnejad.sa.com/Chase/images/wordmark-white.svg

185.221.216.125

200 OK

1.4 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/images/wordmark-white.svg

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-30

Last Seen2025-08-06

Times Seen1983

Size1.4 kB (1409 bytes)

MD5b55b042f907bc7108f5dca2103a8476b

SHA19fcdcc86bfe1f3c7d4f774775670fbd08fe7556c

SHA256d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/images/wordmark-white.svg HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/css/logon.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 05:52:46 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:22:40 GMT
Accept-Ranges: bytes
Content-Length: 1409
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

GET static.chasecdn.com/web/2022.11.13-214/logon/extra/js/main.js

95.101.10.98

404 Not Found

0 B

URL GET HTTPS

static.chasecdn.com/web/2022.11.13-214/logon/extra/js/main.js

IP / ASN

95.101.10.98

#20940 Akamai International B.V.

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706968

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /web/2022.11.13-214/logon/extra/js/main.js HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: application/xml
x-amz-request-id: P5RQMSQ23CFMCBB0
x-amz-id-2: hL7j06Ow85m99ZnFEAFhkTGdqTk8B40+2lGxs7UACiu9qBJY5pPTmUl97fmJRUkPK+rkrKusYYo=
x-envoy-upstream-service-time: 48
content-length: 312
cache-control: max-age=31535996
expires: Wed, 22 Jul 2026 05:52:42 GMT
date: Tue, 22 Jul 2025 05:52:46 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=37, origin; dur=0, ak_p; desc="1753163566624_1600457310_578881380_3740_5270_0_22_21";dur=1
content-security-policy: frame-ancestors *.chase.com 'self'
access-control-allow-origin: *
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.5e0a655f.1753163566.22810764
X-Firefox-Spdy: h2

GET static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css

95.101.10.98

200 OK

510 kB

URL GET HTTPS

static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css

IP / ASN

95.101.10.98

#20940 Akamai International B.V.

Resource Info

File typeASCII text, with very long lines (65536), with no line terminators

First Seen2023-04-07

Last Seen2025-07-23

Times Seen825

Size510 kB (510195 bytes)

MD5da956e1b9164548d5127f341d7895ab9

SHA19ea06c5175c2492fda40e90028b29dbea4830855

SHA2563303fd8e3e10ea99269b96fcffa1370d6e40a21f02a712920f875b04a91e3205

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
x-amz-id-2: 4NAiph/ffFH3040o6mZ5sXXqzJOygqEnLS0inNvVYKgbJCzF07VfcGk7MY6jp5Q1tuIR3Zgo1FH9IbyG/3FHFg==
x-amz-request-id: RJ3NX3P81P4WBZZP
x-amz-replication-status: REPLICA
last-modified: Fri, 06 Sep 2024 17:59:50 GMT
etag: W/"1344b1c3015c169971104c687ac16b18"
x-amz-version-id: kBZap8c4261rAZgyhPpPsppGsm3VFIrw
x-frame-options: SAMEORIGIN
x-content-type_options: nosniff
x-xss-protection: 1; mode-block
x-envoy-upstream-service-time: 169
content-encoding: br
content-length: 51785
cache-control: max-age=27949596
expires: Wed, 10 Jun 2026 17:39:22 GMT
date: Tue, 22 Jul 2025 05:52:46 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1753163566602_1600457310_578881379_136_5159_0_0_21";dur=1
content-security-policy: frame-ancestors *.chase.com 'self'
access-control-allow-origin: *
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.5e0a655f.1753163566.22810763
X-Firefox-Spdy: h2

GET hoseinnejad.sa.com/Chase/chasefavicon.ico

185.221.216.125

200 OK

32 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/chasefavicon.ico

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeMS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

First Seen2023-04-07

Last Seen2025-07-29

Times Seen2703

Size32 kB (32038 bytes)

MD55744986eb3dc6f2da92157a651889902

SHA15a558b58498fab2aeb742acdab51e0c2fbc78385

SHA256625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/chasefavicon.ico HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 05:52:46 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 14:04:52 GMT
Accept-Ranges: bytes
Content-Length: 32038
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/x-icon

GET hoseinnejad.sa.com/Chase/fonts/opensans-regular.woff

185.221.216.125

200 OK

25 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/fonts/opensans-regular.woff

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeWeb Open Font Format, TrueType, length 24876, version 1.0

First Seen2023-04-16

Last Seen2025-08-02

Times Seen1677

Size25 kB (24876 bytes)

MD54eeedb4bc24c1cae309e117eea3f102f

SHA1ad5a141ef39ad1ada22a464fcd3678fcf72ac22b

SHA256b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/fonts/opensans-regular.woff HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 05:52:46 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:24:02 GMT
Accept-Ranges: bytes
Content-Length: 24876
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

GET static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg

95.101.10.98

200 OK

306 kB

URL GET HTTPS

static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg

IP / ASN

95.101.10.98

#20940 Akamai International B.V.

Resource Info

File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3

First Seen2023-05-13

Last Seen2025-08-06

Times Seen1338

Size306 kB (306152 bytes)

MD5ff4ccdb7a4428ead513943583665aa4e

SHA107bec642d24ae6fbc965251e147992df17bb71f0

SHA25601978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /content/geo-images/images/background.desktop.day.1.jpeg HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 306152
x-dispatcher: dispatcher8useast1-28575362
x-vhost: private-publish
last-modified: Thu, 25 Apr 2024 15:46:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
x-ams-migration: TRUE
date: Tue, 22 Jul 2025 05:52:46 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1753163566833_1600457310_578881515_162_5513_0_0_12";dur=1
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.5e0a655f.1753163566.228107eb
X-Firefox-Spdy: h2

GET static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/dcefont.woff

95.101.10.98

200 OK

70 kB

URL GET HTTPS

static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/dcefont.woff

IP / ASN

95.101.10.98

#20940 Akamai International B.V.

Resource Info

File typeWeb Open Font Format, TrueType, length 70296, version 0.0

First Seen2023-04-11

Last Seen2025-07-23

Times Seen1050

Size70 kB (70296 bytes)

MD52ec43bffa4424b28d0cc96b37cca33a4

SHA11cde2661fb95ece87155c7931d5da6911331ef43

SHA2566ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1

Certificate Info

IssuerDigiCert Inc

Subjectstatic2.chasecdn.com

Fingerprint51:AC:D2:32:2C:A4:3C:EE:DE:53:EF:99:6C:57:D1:ED:C1:44:4D:56

ValidityThu, 13 Mar 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT

HTTP Headers

GET /web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/dcefont.woff HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hoseinnejad.sa.com
DNT: 1
Connection: keep-alive
Referer: https://static.chasecdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 70296
x-amz-id-2: VhyG15HGUe1CBHFr0tKR/uhD82ww8QwGK7eOf7/3P8GsKR2y7TYWKxNEdPRb88EtGXbA4K+NT5M=
x-amz-request-id: PP2VKTC3JAZRAJPG
x-amz-replication-status: COMPLETED
last-modified: Tue, 11 Jun 2024 21:44:55 GMT
etag: "f9f1c76c7df9a12ba2397bb380acde8c"
x-amz-version-id: GdUmjn_Nx516lIUdSaG0WbH7ervU1GQn
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-content-type_options: nosniff
x-xss-protection: 1; mode-block
x-envoy-upstream-service-time: 63
cache-control: max-age=26441206
expires: Sun, 24 May 2026 06:39:32 GMT
date: Tue, 22 Jul 2025 05:52:46 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1753163566861_1600457310_578881538_147_5943_0_0_31";dur=1
content-security-policy: frame-ancestors *.chase.com 'self'
access-control-allow-origin: *
strict-transport-security: max-age=86400 ; preload
x-amzn-trace-id: 0.5e0a655f.1753163566.22810802
X-Firefox-Spdy: h2

GET hoseinnejad.sa.com/Chase/fonts/opensans-semibold.woff

185.221.216.125

200 OK

25 kB

URL GET HTTPS

hoseinnejad.sa.com/Chase/fonts/opensans-semibold.woff

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Resource Info

File typeWeb Open Font Format, TrueType, length 25108, version 1.0

First Seen2023-04-26

Last Seen2025-08-02

Times Seen1750

Size25 kB (25108 bytes)

MD533b58dcbc5aa1ae12fa76473c21ffe44

SHA182a3345756101d0f95fe1dab285e9f9c4e79871f

SHA256d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/fonts/opensans-semibold.woff HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 05:52:46 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 13:24:06 GMT
Accept-Ranges: bytes
Content-Length: 25108
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

GET hoseinnejad.sa.com/Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9

185.221.216.125

200 OK

19 kB

URL User Request GET HTTPS

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (1865)

First Seen2023-11-13

Last Seen2025-07-23

Times Seen546

Size19 kB (19295 bytes)

MD518dda3687311d5b3096d2cfe4c965188

SHA102a45d998fe44cd79723df7c9a8c08b32a3214bf

SHA25649bd6fa48d1af4f4c627df4d3c1a640eff7a9721b22fbb70bddea163fbb36c9e

Certificate Info

IssuerLet's Encrypt

Subjecthoseinnejad.sa.com

FingerprintCA:BF:A4:82:66:D0:78:C1:00:26:73:9D:57:DC:FB:88:DB:0A:D9:89

ValidityTue, 15 Jul 2025 04:39:46 GMT - Mon, 13 Oct 2025 04:39:45 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Chase

HTTP Headers

GET /Chase/login.php?online_id=9951ce50f4de3e76dcc32e69blogin_id=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9&session=307d59e9cb5033e1603f6bee48ed7ad9307d59e9cb5033e1603f6bee48ed7ad9 HTTP/1.1
Host: hoseinnejad.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 05:52:46 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8