Report - r0-fcu.linkpc.net/ccss/login/ses/session

Report Overview

Visited public
2024-04-03 05:53:04
Tags
rbfcu financial phishing dyndns
URL
r0-fcu.linkpc.net/ccss/login/ses/session_index
Finishing URL
r0-fcu.linkpc.net/ccss/login/ses/session_index
IP / ASN
20.243.33.161
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Title
RBFCU - Sign In
Phishing - RBFCU
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r0-fcu.linkpc.net	unknown	unknown	No data	No data	5.3 kB	408 kB	20.243.33.161
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-04-02 18:12:08	1.0 kB	33 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-02	medium	r0-fcu.linkpc.net/ccss/login/ses/session_index	RBFCU

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (13)

URL IP Response Size

r0-fcu.linkpc.net/ccss/login/ses/files/icon.css

20.243.33.161

200 OK

569 B

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/icon.css
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
ASCII text
Size
569 B (569 bytes)
Hash
42a4337088a88e340671561eae1c9c4e
89abed319680036e8d78e5df8510d7b4e9f89ff9
e0c254788ad36f95d44c1786c590263e89ea3976fcbc9ae7c82c52493b254391

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/icon.css HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:42 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:04 GMT
Accept-Ranges: bytes
Content-Length: 569
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

r0-fcu.linkpc.net/ccss/login/ses/session_index

20.243.33.161

200 OK

70 kB

URL User Request GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/session_index
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
HTML document, ASCII text, with very long lines (473), with CRLF line terminators
Size
70 kB (69805 bytes)
Hash
3025dfaab7c3600ab78202a1cde0d074
fd14e8859e68148f712203648877d7ab1fbfc5b6
5285aa88926b26b4cd5b36d50b4a96cdc984b0533afe651eb8e66f2f3f4c43f0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	RBFCU

HTTP Headers

GET /ccss/login/ses/session_index HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:40 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r0-fcu.linkpc.net/ccss/login/ses/files/cssR.css

20.243.33.161

200 OK

6.0 kB

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/cssR.css
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
ASCII text
Size
6.0 kB (6014 bytes)
Hash
e6bdbfdfe12442a741118cb035e60456
81f328676006f4f053756d58bda0f728cca5126e
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/cssR.css HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:43 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:02 GMT
Accept-Ranges: bytes
Content-Length: 6014
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

r0-fcu.linkpc.net/ccss/login/ses/files/cssO.css

20.243.33.161

200 OK

10 kB

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/cssO.css
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
ASCII text
Size
10 kB (10544 bytes)
Hash
fbda5f82f285fb5d7b56b0d92b238f3c
c9ca2d0b8e30aae58c251779ccd8c6508d9a6c07
d69c01432ebe21bfd72cba936738c1ab831ce461de00e229dea799e6f932d510

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/cssO.css HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:42 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:02 GMT
Accept-Ranges: bytes
Content-Length: 10544
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

r0-fcu.linkpc.net/ccss/login/ses/files/icon

20.243.33.161

404 Not Found

16 B

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/icon
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
ASCII text
Size
16 B (16 bytes)
Hash
4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/icon HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 03 Apr 2024 05:52:43 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r0-fcu.linkpc.net/ccss/login/ses/files/styles.f461454e21421afe7503.css

20.243.33.161

200 OK

194 kB

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/styles.f461454e21421afe7503.css
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
Unicode text, UTF-8 text, with very long lines (63351)
Size
194 kB (193629 bytes)
Hash
b4d6943eacbe78c7f592360cade180b6
a668fd6d7322dee69962c7503d89812f7c2d4883
f4cf0333d9acf7960e3d2a31a49428dc63626458ba024a98b71d57685c471dc9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/styles.f461454e21421afe7503.css HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:43 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:04 GMT
Accept-Ranges: bytes
Content-Length: 193629
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://r0-fcu.linkpc.net
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 02:43:03 GMT
expires: Fri, 28 Mar 2025 02:43:03 GMT
cache-control: public, max-age=31536000
age: 529781
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r0-fcu.linkpc.net/online/white-phone-header.4a066fd87a48426d8cf5.svg

20.243.33.161

404 Not Found

315 B

URL GET HTTP/1.1
r0-fcu.linkpc.net/online/white-phone-header.4a066fd87a48426d8cf5.svg
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /online/white-phone-header.4a066fd87a48426d8cf5.svg HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 03 Apr 2024 05:52:44 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
f00e7e4432f7c70d8c97efbe2c50d43b
d836c7d4bc52bcd67626b8960ae030ad315c2507
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

HTTP Headers

GET /s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://r0-fcu.linkpc.net
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:35:25 GMT
expires: Fri, 28 Mar 2025 17:35:25 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
content-type: font/woff2
age: 476239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r0-fcu.linkpc.net/ccss/login/ses/files/EHL-logo-gray.svg

20.243.33.161

200 OK

1.6 kB

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/EHL-logo-gray.svg
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1613 bytes)
Hash
4c3e76f3539f8138ce127058adda3f16
3d24cf4b8ac04557b1cb49ba5200e06513bc5136
8113eb956366da6d18ed13faa5cc8e9a459c09cdcf41c2619c80828d4ac2b152

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/EHL-logo-gray.svg HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:44 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:02 GMT
Accept-Ranges: bytes
Content-Length: 1613
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

r0-fcu.linkpc.net/ccss/login/ses/files/rbfcu-logo.svg

20.243.33.161

200 OK

5.4 kB

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/rbfcu-logo.svg
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
SVG Scalable Vector Graphics image
Size
5.4 kB (5383 bytes)
Hash
2d436455d162d3e00f0ca92055cef754
5b64a30fd987d469bd818fc8ed6a4ed89b873d02
09092e11153b90955b14c6dcad28c3e2902b035f6b12ac85e24a693e5c97c884

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/rbfcu-logo.svg HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:44 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:04 GMT
Accept-Ranges: bytes
Content-Length: 5383
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

r0-fcu.linkpc.net/ccss/login/ses/files/favicon.ico

20.243.33.161

200 OK

12 kB

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/favicon.ico
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 24 bits/pixel, 32x32, 24 bits/pixel
Size
12 kB (12014 bytes)
Hash
01533d87a3fa4ab325ac78763070dbfc
abbc6bea4bdcbf24d14690703ef3559f14140f25
b63cd18dad99d364bc0c69937734208fd5a12c7f83f8609b237baafde52c44d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/favicon.ico HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:44 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:04 GMT
Accept-Ranges: bytes
Content-Length: 12014
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/x-icon

r0-fcu.linkpc.net/ccss/login/ses/files/NCUA-logo-gray.svg

20.243.33.161

200 OK

105 kB

URL GET HTTP/1.1
r0-fcu.linkpc.net/ccss/login/ses/files/NCUA-logo-gray.svg
IP
20.243.33.161:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Certificate
IssuerLet's Encrypt
Subjectwww.r0-fcu.linkpc.net
FingerprintD8:CF:DC:C3:62:17:7F:73:24:01:A1:FA:B4:24:F0:B5:17:80:AA:C0
ValiditySun, 31 Mar 2024 08:49:06 GMT - Sat, 29 Jun 2024 08:49:05 GMT

File type
SVG Scalable Vector Graphics image
Size
105 kB (104580 bytes)
Hash
0cea5f835834b0242132d38350ccba3b
15b2b81ab5910276eeec3a96b2089b67110666b4
3dff3ca4b7e7bdeb6a9ee2c92c7141a270ab5f2373304299a99339ef96454759

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBFCU
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /ccss/login/ses/files/NCUA-logo-gray.svg HTTP/1.1
Host: r0-fcu.linkpc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r0-fcu.linkpc.net/ccss/login/ses/session_index
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 03 Apr 2024 05:52:44 GMT
Server: Apache
Last-Modified: Fri, 01 Apr 2022 10:18:04 GMT
Accept-Ranges: bytes
Content-Length: 104580
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (13)

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size