Report - py.cxsupport.org/

Report Overview

Visitedpublic

2025-01-13 11:24:32

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-01-08	1.4 kB	15 kB	142.250.74.138
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-01-08	1.6 kB	26 kB	142.250.178.67
leostop.com	513163	2014-05-22	2014-12-29	2025-01-06	425 B	162 B	69.16.230.165
py.cxsupport.org	unknown	2024-10-15	2025-01-13	2025-01-13	26 kB	3.6 MB	162.241.123.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.
2025-01-12	medium	py.cxsupport.org/	PayPal Inc.

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	py.cxsupport.org/assets/js/owl.carousel.min.js	ScriptElement	44 kB	2023-03-07	2025-08-02
URL py.cxsupport.org/assets/js/owl.carousel.min.js IP / ASN 162.241.123.137 #46606 UNIFIEDLAYER-AS-1 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 19328 Size 44 kB (44342 bytes) MD5 f416f9031fef25ae25ba9756e3eb6978 SHA1 e2a600e433df72b4cfde93d7880e3114917a3cbe SHA256 a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d Format Code Loading...

	py.cxsupport.org/assets/js/bootstrap-datepicker.min.js	ScriptElement	34 kB	2023-03-07	2025-07-31
URL py.cxsupport.org/assets/js/bootstrap-datepicker.min.js IP / ASN 162.241.123.137 #46606 UNIFIEDLAYER-AS-1 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-07-31 Times Seen 111 Size 34 kB (33529 bytes) MD5 cb5149a29918d671c1ef502c9061d9a0 SHA1 1a240bc052ac6a746355b952d7212e50a2144d6e SHA256 4ee796a98bb41be95822299e21c308f31d66d78407fc3415b78b3d9bfbae84fc Format Code Loading...

	py.cxsupport.org/assets/js/custom.js	ScriptElement	5.6 kB	2025-01-13	2025-01-13
URL py.cxsupport.org/assets/js/custom.js IP / ASN 162.241.123.137 #46606 UNIFIEDLAYER-AS-1 Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-13 Last Seen 2025-01-13 Times Seen 1 Size 5.6 kB (5630 bytes) MD5 76101570ebab150d3fb3a456948d2930 SHA1 9e73e5c8b8f2d01d68b6f854da75236f577786cf SHA256 4405f5eea051e226de63cc2fc83223bbbaea3cc3594171b25d89f59e5ee42c38 Format Code Loading...

	py.cxsupport.org/sandbox%20eval%20code		148 B	2023-04-11	2025-08-02
URL py.cxsupport.org/sandbox%20eval%20code IP / ASN 0.0.0.0 #0 Introduced by Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 29215 Size 148 B (148 bytes) MD5 64fe6fe97a487c82c5be70158b71aa87 SHA1 b93ba17d1796e404b0ca1ef6f262bbbb0c427366 SHA256 3ec8a12103cf9c2e91b9be1329d1e9f1c53043e38a641070650d1b8d07dbbcd2 Format Code Loading...

	ssl.google-analytics.com/ga.js	ScriptElement	3.4 kB	0001-01-01	2025-08-02
URL ssl.google-analytics.com/ga.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 29072 Size 3.4 kB (3362 bytes) MD5 b6f6d7efd99960ab916ee096e061f2e7 SHA1 e21f1b5b99444ed4e4f62308cf616edd93ee852e SHA256 bbb1ca9c206e0ed72478ea72f3ca038cf739fd540d5d1c2da19620c942e4c4f4 Format Code Loading...

	py.cxsupport.org/assets/js/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-07-31
URL py.cxsupport.org/assets/js/jquery.min.js IP / ASN 162.241.123.137 #46606 UNIFIEDLAYER-AS-1 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-07-31 Times Seen 215 Size 87 kB (87088 bytes) MD5 cbde2a48700724f03cee8c63d5911fbb SHA1 c867c50e43b7f62a4238b84e9f7fd2fffc0c6da5 SHA256 c90c190b73facc126891f2f132ec481e9d65f0eb550e34610e244adfaec23492 Format Code Loading...

	py.cxsupport.org/assets/js/bootstrap.bundle.min.js	ScriptElement	71 kB	2023-03-07	2025-08-01
URL py.cxsupport.org/assets/js/bootstrap.bundle.min.js IP / ASN 162.241.123.137 #46606 UNIFIEDLAYER-AS-1 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 238 Size 71 kB (70808 bytes) MD5 62e633210885066c625c46081cc2b339 SHA1 8709e629eeefeb122c09d1d5f902854845a0b496 SHA256 efcad26419c1257989e551ae58bf2692e9ef872f7883df51c39ddbb2c8c74949 Format Code Loading...

	py.cxsupport.org/assets/js/jquery-3.0.0.min.js	ScriptElement	11 kB	2023-03-07	2025-07-29
URL py.cxsupport.org/assets/js/jquery-3.0.0.min.js IP / ASN 162.241.123.137 #46606 UNIFIEDLAYER-AS-1 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-07-29 Times Seen 150 Size 11 kB (11324 bytes) MD5 68c83ed206a2b972d61a89dfb6d250d0 SHA1 1d310c0931fd748d904facfead4deaf7ad5739d1 SHA256 263eb1915970b23889768338a7e7c82a23908b944100e50443183905636de4ff Format Code Loading...

HTTP Transactions (30)

URL IP Response Size

GET py.cxsupport.org/

162.241.123.137

200 OK

988 B

URL

py.cxsupport.org/

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size988 B (988 bytes)

MD5b2dcef2feb5988ff04866df212635e33

SHA16df327390d4e80097efe16774afbff45aa8ba67c

SHA25683087fce5bb174d39ffc3162dc3c3409b919be5d119090f7b87b1c9953660f7b

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET / HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-cache, private
date: Mon, 13 Jan 2025 11:24:06 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; expires=Mon, 13 Jan 2025 13:24:08 GMT; Max-Age=7200; path=/; secure; samesite=lax
cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D; expires=Mon, 13 Jan 2025 13:24:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
content-encoding: gzip
content-length: 988
content-type: text/html; charset=UTF-8
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/img/py3.PNG

162.241.123.137

200 OK

992 kB

URL

py.cxsupport.org/assets/img/py3.PNG

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typePNG image data, 1821 x 804, 8-bit/color RGBA, non-interlaced

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size992 kB (991997 bytes)

MD5f73554ec1993e3986c451bf6b060be3f

SHA12b313dc68d4c0d717c8427b3b9a04f4d13411efe

SHA256f4af9bb9d0c32a0bcdbf0df438fe813cfff6d966c2e77fd4d4c7f7014d6ccbc0

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/img/py3.PNG HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
content-length: 991997
content-type: image/png
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/images/loading.gif

162.241.123.137

200 OK

36 kB

URL

py.cxsupport.org/assets/images/loading.gif

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeGIF image data, version 89a, 498 x 498

First Seen2023-05-04

Last Seen2025-07-31

Times Seen63

Size36 kB (35499 bytes)

MD5556e9ff845b7dd0c62dcdbbb00babb4b

SHA1c7359ebc8f832b145abe7b62edb9f0d7bc6dd7ed

SHA256f5e268852fdbbafbf00b7135099e5e6ec041be4be023f864aebf6c291176e91b

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/images/loading.gif HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
content-length: 35499
content-type: image/gif
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/img/py2.PNG

162.241.123.137

200 OK

1.6 MB

URL

py.cxsupport.org/assets/img/py2.PNG

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typePNG image data, 1794 x 835, 8-bit/color RGBA, non-interlaced

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size1.6 MB (1571376 bytes)

MD51607b6406e1815467030fddbc3a9b273

SHA1e8cd951813f7563602b27d93dd989d3b8262f7bd

SHA2561f8caec0eb4356b3aa519be4243b4225606272b06c0e02d20866c3845b7e4b34

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/img/py2.PNG HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
content-length: 1571376
content-type: image/png
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/responsive.css

162.241.123.137

200 OK

1.6 kB

URL

py.cxsupport.org/assets/css/responsive.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size1.6 kB (1591 bytes)

MD5741f5706dd729d3d5c7a9338bec3789d

SHA165786ce85541971234af357f4261e00a33522aa0

SHA256ad8de2a08f473665b658f4dc97041e7d99a1806d11ea8ab4ac4071c0cbc50ac1

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/responsive.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1591
content-type: text/css
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/owl.carousel.min.css

162.241.123.137

200 OK

1.1 kB

URL

py.cxsupport.org/assets/css/owl.carousel.min.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeASCII text, with very long lines (3082)

First Seen2023-06-09

Last Seen2025-06-27

Times Seen3

Size1.1 kB (1106 bytes)

MD5ade9e6008392db7858b64ecf582d8b38

SHA1173d618720501bc8606e644ac589adce32b67c77

SHA2561d22a430e265f0b6ac8f915524cb838f8740bf76e76f4450a473d91f804f47d1

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/owl.carousel.min.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1106
content-type: text/css
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/bootstrap-datepicker.min.css

162.241.123.137

200 OK

3.1 kB

URL

py.cxsupport.org/assets/css/bootstrap-datepicker.min.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeASCII text, with very long lines (15543)

First Seen2023-04-19

Last Seen2025-07-20

Times Seen67

Size3.1 kB (3116 bytes)

MD52804146ada487aff5cab63ac645d9296

SHA12d054da395b8bd3da9db05f5f833b948bc33e68a

SHA25623882f69bbef462bee3c0605a9ebd585997cf3ebcd7f6364b2ea680713108b4e

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/bootstrap-datepicker.min.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3116
content-type: text/css
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/style.css

162.241.123.137

200 OK

5.7 kB

URL

py.cxsupport.org/assets/css/style.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeassembler source, ASCII text, with CRLF line terminators

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size5.7 kB (5656 bytes)

MD58b846c3600d00c48d770e0c3e3f17a53

SHA165f273176bf6e5f28016d5e117cb14584cbb2afd

SHA256a691cbab1b3f439ae43e220c73d93ee6377f10105475f64ea8267abe738e208b

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/style.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5656
content-type: text/css
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

142.250.74.138

200 OK

2.3 kB

URL

fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

IP / ASN

142.250.74.138

#15169 GOOGLE

Requested byhttps://py.cxsupport.org/

Resource Info

File typegzip compressed data, max compression

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size2.3 kB (2289 bytes)

MD54f6f6c89dcbd4be2283a231b1ab76aca

SHA18c80f59c1a708e4e48ded5bc74c0885559f6364c

SHA2569280f457b4469a3cfe6a4afe1085b0edd884dca5c1052510cb32d116a6d796cd

Certificate Info

IssuerGoogle Trust Services

Subjectupload.video.google.com

Fingerprint40:E7:4C:FA:6D:23:B6:A9:19:0C:67:77:3A:43:22:D0:A4:CE:49:24

ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

HTTP Headers

GET /css?family=Roboto:300,400,500,700,900&amp;display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 13 Jan 2025 11:24:11 GMT
date: Mon, 13 Jan 2025 11:24:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/img/py1.PNG

162.241.123.137

200 OK

797 kB

URL

py.cxsupport.org/assets/img/py1.PNG

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typePNG image data, 1777 x 793, 8-bit/color RGBA, non-interlaced

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size797 kB (797317 bytes)

MD519423620b400cef5e8525da77a8c05d1

SHA15ad5956b159f5e5e08a3700fed506976ba348424

SHA2560b6917238d2b765ad3ae86b7ba436cca2b070644d79c248367328537f977a0c0

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/img/py1.PNG HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
content-length: 797317
content-type: image/png
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/js/owl.carousel.min.js

162.241.123.137

200 OK

16 kB

URL

py.cxsupport.org/assets/js/owl.carousel.min.js

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (31997)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen19328

Size16 kB (15883 bytes)

MD5f416f9031fef25ae25ba9756e3eb6978

SHA1e2a600e433df72b4cfde93d7880e3114917a3cbe

SHA256a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/js/owl.carousel.min.js HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15883
content-type: application/javascript
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/js/jquery-3.0.0.min.js

162.241.123.137

200 OK

3.8 kB

URL

py.cxsupport.org/assets/js/jquery-3.0.0.min.js

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-03-07

Last Seen2025-07-29

Times Seen150

Size3.8 kB (3831 bytes)

MD568c83ed206a2b972d61a89dfb6d250d0

SHA11d310c0931fd748d904facfead4deaf7ad5739d1

SHA256263eb1915970b23889768338a7e7c82a23908b944100e50443183905636de4ff

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/js/jquery-3.0.0.min.js HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3831
content-type: application/javascript
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/js/bootstrap-datepicker.min.js

162.241.123.137

200 OK

13 kB

URL

py.cxsupport.org/assets/js/bootstrap-datepicker.min.js

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32014)

First Seen2023-03-07

Last Seen2025-07-31

Times Seen111

Size13 kB (12787 bytes)

MD5cb5149a29918d671c1ef502c9061d9a0

SHA11a240bc052ac6a746355b952d7212e50a2144d6e

SHA2564ee796a98bb41be95822299e21c308f31d66d78407fc3415b78b3d9bfbae84fc

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/js/bootstrap-datepicker.min.js HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12787
content-type: application/javascript
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/js/custom.js

162.241.123.137

200 OK

2.0 kB

URL

py.cxsupport.org/assets/js/custom.js

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeJavaScript source, ASCII text, with CRLF line terminators

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size2.0 kB (1994 bytes)

MD576101570ebab150d3fb3a456948d2930

SHA19e73e5c8b8f2d01d68b6f854da75236f577786cf

SHA2564405f5eea051e226de63cc2fc83223bbbaea3cc3594171b25d89f59e5ee42c38

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/js/custom.js HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1994
content-type: application/javascript
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/icomoon.css

162.241.123.137

200 OK

4.3 kB

URL

py.cxsupport.org/assets/css/icomoon.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeASCII text

First Seen2023-04-27

Last Seen2025-07-29

Times Seen80

Size4.3 kB (4334 bytes)

MD5e841f7cdec90ebf92272192c8e8bc027

SHA1adb98f477baaa9e703034dbb04e374f65800124a

SHA256c009b6d8414d258f737d128b4519be3f3a13fcd81b7b3682753ff06de3b54d13

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/icomoon.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/assets/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4334
content-type: text/css
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/nice-select.css

162.241.123.137

200 OK

1.1 kB

URL

py.cxsupport.org/assets/css/nice-select.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeASCII text

First Seen2023-04-18

Last Seen2025-07-29

Times Seen64

Size1.1 kB (1134 bytes)

MD57641aec4b8c405f570860925f7f64580

SHA184460de5f6746a823d71cd2df0328ffa21f8431a

SHA256685f9eca266a49de2eaa2f052eee413ecef3ec2bca80b6d7e04c70dc02d0906a

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/nice-select.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/assets/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1134
content-type: text/css
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/normalize.html

162.241.123.137

200 OK

1.2 kB

URL

py.cxsupport.org/assets/css/normalize.html

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeHTML document, ASCII text

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size1.2 kB (1232 bytes)

MD50dae9e233566148e2b5de0e2b5e31052

SHA15b05281545b04ad085ee6b8aabfb38e7db9252fe

SHA256fc6d990eec69138f508007089de2ce194b6fd5d018cb0fa7e3e7d053c296f0c2

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/normalize.html HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/assets/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1232
content-type: text/html
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/js/jquery.min.js

162.241.123.137

200 OK

45 kB

URL

py.cxsupport.org/assets/js/jquery.min.js

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65290)

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size45 kB (45206 bytes)

MD5514b42792f1b227959eb369b4e51df15

SHA1304dede8f71f39333b0ee0a283606002146c5bd1

SHA2569254077b9e7216c3fd55c55040bc6c55698e6a04c7cc9b4b46bdb3d1f50f7e97

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Raleway:400,500,600,700,800,900&display=swap

142.250.74.138

200 OK

8.7 kB

URL

fonts.googleapis.com/css?family=Raleway:400,500,600,700,800,900&display=swap

IP / ASN

142.250.74.138

#15169 GOOGLE

Requested byhttps://py.cxsupport.org/

Resource Info

File typegzip compressed data, max compression

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size8.7 kB (8672 bytes)

MD5ff65e6ce8fb46639a491c898b3e64db7

SHA1bdef75a203d327c08de4acf9eea897cc62595dc9

SHA2565b4c5f322699903ee4998e82801b5441962a972a52e0a967ff2b1b3ce7e2b94c

Certificate Info

IssuerGoogle Trust Services

Subjectupload.video.google.com

Fingerprint40:E7:4C:FA:6D:23:B6:A9:19:0C:67:77:3A:43:22:D0:A4:CE:49:24

ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

HTTP Headers

GET /css?family=Raleway:400,500,600,700,800,900&amp;display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 13 Jan 2025 11:24:11 GMT
date: Mon, 13 Jan 2025 11:24:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.178.67

200 OK

7.8 kB

URL

fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

IP / ASN

142.250.178.67

#15169 GOOGLE

Requested byhttps://py.cxsupport.org/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 7816, version 1.0

First Seen2023-04-05

Last Seen2025-08-02

Times Seen72149

Size7.8 kB (7816 bytes)

MD525b0e113ca7cce3770d542736db26368

SHA1cb726212d5d525021752a1d8470a0fb593e0c49e

SHA2569338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint0A:7E:C7:68:03:0C:7D:D9:EA:D1:64:B5:09:F0:73:23:7E:07:0A:F2

ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

HTTP Headers

GET /s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://py.cxsupport.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Jan 2025 18:15:51 GMT
expires: Fri, 09 Jan 2026 18:15:51 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 04 Dec 2024 06:53:03 GMT
content-type: font/woff2
age: 320901
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.178.67

200 OK

7.9 kB

URL

fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

IP / ASN

142.250.178.67

#15169 GOOGLE

Requested byhttps://py.cxsupport.org/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 7884, version 1.0

First Seen2023-04-05

Last Seen2025-08-02

Times Seen103957

Size7.9 kB (7884 bytes)

MD59212f6f9860f9fc6c69b02fedf6db8c3

SHA1ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b

SHA2567d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint0A:7E:C7:68:03:0C:7D:D9:EA:D1:64:B5:09:F0:73:23:7E:07:0A:F2

ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

HTTP Headers

GET /s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://py.cxsupport.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Jan 2025 18:15:43 GMT
expires: Fri, 09 Jan 2026 18:15:43 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 04 Dec 2024 06:53:08 GMT
content-type: font/woff2
age: 320909
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

142.250.74.138

200 OK

1.9 kB

URL

fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

IP / ASN

142.250.74.138

#15169 GOOGLE

Requested byhttps://py.cxsupport.org/

Resource Info

File typeASCII text

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size1.9 kB (1942 bytes)

MD5d6ac8fd766d2f94fb10ea1ec0e7a8ae4

SHA1255b9feb6ee486dbc89b4e65102d560c70e1aeef

SHA2560ac16a2b964e1ffb875e5223ce39a3c4e9d9862e2a7f6999b13d43efe7b1e138

Certificate Info

IssuerGoogle Trust Services

Subjectupload.video.google.com

Fingerprint40:E7:4C:FA:6D:23:B6:A9:19:0C:67:77:3A:43:22:D0:A4:CE:49:24

ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

HTTP Headers

GET /css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 13 Jan 2025 11:24:11 GMT
date: Mon, 13 Jan 2025 11:24:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET py.cxsupport.org/

162.241.123.137

200 OK

988 B

URL

py.cxsupport.org/

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size988 B (988 bytes)

MD5b2dcef2feb5988ff04866df212635e33

SHA16df327390d4e80097efe16774afbff45aa8ba67c

SHA25683087fce5bb174d39ffc3162dc3c3409b919be5d119090f7b87b1c9953660f7b

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET / HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, private
date: Mon, 13 Jan 2025 11:24:12 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6IlV0L0R5OEp2cGRYTmk4NW52ZDYyUVE9PSIsInZhbHVlIjoiZVFuczJEK2RaUzB0dHhwZDFMRlBoeDQrM0FlQXRBdGdyeVA1dHpVRkwxVmJ0Q3pDdzVNYitmUFFJUEptQnNHSlBnV1BRUGZGVG5iLzlKak92clFqWk5iRGFkWmRJaUFSWlhkWFAvR215Tk91YlpNb2tLaWl3ZGVlbmdpZTNkVzUiLCJtYWMiOiJhODU2YjI1ZmZlZDkzNWY5MzU5NjUyNjk5YWM0ZjgyMzViNGQ5YTUwMzg4MTM5YzJhZTNkYmIxZDg0NTc4YjdmIiwidGFnIjoiIn0%3D; expires=Mon, 13 Jan 2025 13:24:12 GMT; Max-Age=7200; path=/; secure; samesite=lax
cxsupport_session=eyJpdiI6IkVtcHh4UisxQU5iaHpNalArSGd6ckE9PSIsInZhbHVlIjoiSzg1ajYva045NDNVZGl0VDI1cklGbU4wMndxeDdhOThQbUYwUWpvTzFGWnM2aEgvMTI0YnJIRldmbFhIajAzWVZqTDVOZm4wN1pRWllmaEdQcCtFNkdHa0FVU3BuZlR1UDN5UVR3STZQUjFYVzM3OUZUSHl5MEFNT0FJSlVlODQiLCJtYWMiOiI1ZWYzNjg1ZWMzNTRjZDBmNTEyYzdhZmM4OWIxNzIxMWQ5ODlkYmQzNTY3YzM1OTdmZDA2MWNmYTQ5N2M2ZDdhIiwidGFnIjoiIn0%3D; expires=Mon, 13 Jan 2025 13:24:12 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
content-encoding: gzip
content-length: 988
content-type: text/html; charset=UTF-8
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/favicon.ico

162.241.123.137

200 OK

0 B

URL

py.cxsupport.org/favicon.ico

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606263

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
content-length: 0
cache-control: max-age=604800
expires: Mon, 20 Jan 2025 11:24:12 GMT
content-type: image/x-icon
date: Mon, 13 Jan 2025 11:24:12 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/bootstrap.min.css

162.241.123.137

200 OK

38 kB

URL

py.cxsupport.org/assets/css/bootstrap.min.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typegzip compressed data, from Unix

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size38 kB (37795 bytes)

MD5aabb6fc7a2ce2806ac3f6ffa5786a64d

SHA1c22b13c458d040fb74650cf858594db89d9bca05

SHA2563c8aa6bd1c51204e0c7e93aa796eff999185777b947872a03f5c4ac1ffa6e4f7

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Mon, 13 Jan 2025 11:24:08 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/js/bootstrap.bundle.min.js

162.241.123.137

200 OK

71 kB

URL

py.cxsupport.org/assets/js/bootstrap.bundle.min.js

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65297)

First Seen2023-03-07

Last Seen2025-08-01

Times Seen238

Size71 kB (70808 bytes)

MD562e633210885066c625c46081cc2b339

SHA18709e629eeefeb122c09d1d5f902854845a0b496

SHA256efcad26419c1257989e551ae58bf2692e9ef872f7883df51c39ddbb2c8c74949

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/js/bootstrap.bundle.min.js HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.178.67

200 OK

8.0 kB

URL

fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

IP / ASN

142.250.178.67

#15169 GOOGLE

Requested byhttps://py.cxsupport.org/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 8000, version 1.0

First Seen2023-04-05

Last Seen2025-08-02

Times Seen57654

Size8.0 kB (8000 bytes)

MD572993dddf88a63e8f226656f7de88e57

SHA1179f97ec0275f09603a8db94d4380eb584d81cd5

SHA256f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint0A:7E:C7:68:03:0C:7D:D9:EA:D1:64:B5:09:F0:73:23:7E:07:0A:F2

ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

HTTP Headers

GET /s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://py.cxsupport.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Jan 2025 17:59:14 GMT
expires: Fri, 09 Jan 2026 17:59:14 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 04 Dec 2024 06:53:31 GMT
content-type: font/woff2
age: 321898
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET leostop.com/tracking/tracking.js?_=1736767452044

69.16.230.165

404 Not Found

0 B

URL

leostop.com/tracking/tracking.js?_=1736767452044

IP / ASN

69.16.230.165

#32244 LIQUIDWEB

Requested byhttps://py.cxsupport.org/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606263

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectleostop.com

Fingerprint5E:4C:8E:BB:33:42:F5:9C:FD:F5:33:85:46:45:BB:E0:37:D3:35:8B

ValidityMon, 02 Dec 2024 01:06:17 GMT - Sun, 02 Mar 2025 01:06:16 GMT

HTTP Headers

GET /tracking/tracking.js?_=1736767452044 HTTP/1.1
Host: leostop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Mon, 13 Jan 2025 11:24:12 GMT
content-type: text/html
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/css/font-awesome.min.css

162.241.123.137

200 OK

31 kB

URL

py.cxsupport.org/assets/css/font-awesome.min.css

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeASCII text, with very long lines (30957)

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size31 kB (31120 bytes)

MD5dd255a1af60a21aafa8f69ffcedaabb4

SHA141bcb0ec7ab76ea0dba4a7b4985a66398b947b9d

SHA256abea3e39c51a77636123c9ff8b67597a25f00bb308af256c3afeafdacf8d9e88

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/css/font-awesome.min.css HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/assets/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7127
content-type: text/css
date: Mon, 13 Jan 2025 11:24:11 GMT
server: Apache
X-Firefox-Spdy: h2

GET py.cxsupport.org/assets/images/banner.html

162.241.123.137

200 OK

3.3 kB

URL

py.cxsupport.org/assets/images/banner.html

IP / ASN

162.241.123.137

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://py.cxsupport.org/

Resource Info

File typeHTML document, ASCII text, with very long lines (3381), with no line terminators

First Seen2025-01-13

Last Seen2025-01-13

Times Seen1

Size3.3 kB (3302 bytes)

MD575d48199986a146ea0881713e2edba8e

SHA18959f54312cd1ff3b8db532dd46b3e0dc5e41de7

SHA256de4ea83ba5041d7b82f4dd24a802ea1706a84ebd5a171e494da724f6318a387c

Certificate Info

IssuerLet's Encrypt

Subjectxi.cxsupport.org

FingerprintF4:DA:C5:A4:E6:C1:C2:0D:A8:61:8D:77:09:9A:6C:AA:19:4D:DA:8C

ValidityThu, 21 Nov 2024 12:14:29 GMT - Wed, 19 Feb 2025 12:14:28 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /assets/images/banner.html HTTP/1.1
Host: py.cxsupport.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://py.cxsupport.org/assets/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IndVb09ySFd0VU1XOStlVGtQY1VBSnc9PSIsInZhbHVlIjoicHZRcCtzTzVwMU9zZ29CbFliUXhGc3RKMmxzK0w4a1h0YzlIYmJTbTdoZFNNbHdZV3hMS3E5cElXR2R5TGRBM3ZqYVFNb3o1Y1NwSlFHVTZpMlFjOFVNdHgvTW1iSG1DM2N6Skd3WDYxTnNiS3NDMGVZWXRvWEFWcjVhT2ZRNGEiLCJtYWMiOiIxMWMwNmIyMzVlOGE0OGY0N2U5M2JlZDFlMjg1YWQ0MjE5ZDYwMWVhNjQ0NzlkMTNmYjMxZTljNTc2OTU5YzExIiwidGFnIjoiIn0%3D; cxsupport_session=eyJpdiI6IkxXbmJ6TnNncWxqQmVOM0FDcGtmbkE9PSIsInZhbHVlIjoiL3Q3UWV3TGp4cmYwQ3dYTUdoaGIrZ1lCNjhOYkdoZjI5UTg2MEoxcWROdTRTdWZSM1lvVUlLWXFtOU5yak5yNUZHMVBZdC8rVExMV01lNnZqYmgwSWZ2dUorOVlqZ1Y3REdScENJOXQ4M01RaFRpT0k3WFJPd00zaVFsTGNZcEciLCJtYWMiOiJiMTUwYTRmNWE0M2Q5MjU0OTRhNDM5NGRjZjZjMzQ5MWIyZGE5MGEwMzRmNThkYTBlYWNmY2YyZDg3OGQ3Mjc3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 18 Dec 2024 22:56:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1230
content-type: text/html
date: Mon, 13 Jan 2025 11:24:12 GMT
server: Apache
X-Firefox-Spdy: h2