dhfdjh.otzo.com Open in urlscan Pro
129.213.95.36 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://okeefegroup.net/
Effective URL:
https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Submission: On May 26 via manual (May 26th 2023, 9:52:32 pm UTC) from US — Scanned from US

Summary HTTP 21 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 6 domains to perform 21 HTTP transactions. The main IP is 129.213.95.36, located in Ashburn, United States and belongs to ORACLE-BMC-31898, US. The main domain is dhfdjh.otzo.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 26th 2023. Valid for: 3 months.

This is the only time dhfdjh.otzo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: First Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.241.71.85 162.241.71.85	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1 18	129.213.95.36 129.213.95.36	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	108.139.29.30 108.139.29.30	16509 (AMAZON-02) (AMAZON-02)
1	192.0.54.4 192.0.54.4	62659 (Q2HOLDINGS) (Q2HOLDINGS)
1	99.83.173.21 99.83.173.21	16509 (AMAZON-02) (AMAZON-02)
1	13.248.176.92 13.248.176.92	16509 (AMAZON-02) (AMAZON-02)
21	5

1 162.241.71.85 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-71-85.webhostbox.net

okeefegroup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 129.213.95.36 (Ashburn, United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

dhfdjh.otzo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.29.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-30.jfk50.r.cloudfront.net

fpjscdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.54.4 (United States)

ASN62659 (Q2HOLDINGS, US)

cdn1.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.83.173.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: a64bed9ff5004f5b3.awsglobalaccelerator.com

use1.fptls.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.248.176.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: a46a250059e296ddb.awsglobalaccelerator.com

api.fpjs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	otzo.com 1 redirects dhfdjh.otzo.com	1 MB
1	fpjs.io api.fpjs.io — Cisco Umbrella Rank: 59865	1 KB
1	fptls.com use1.fptls.com — Cisco Umbrella Rank: 10334	331 B
1	onlineaccess1.com cdn1.onlineaccess1.com — Cisco Umbrella Rank: 18867	7 KB
1	fpjscdn.net fpjscdn.net — Cisco Umbrella Rank: 75048	43 KB
1	okeefegroup.net 1 redirects okeefegroup.net	259 B
21	6

	Domain	Requested by
18	dhfdjh.otzo.com	1 redirects dhfdjh.otzo.com
1	api.fpjs.io	fpjscdn.net
1	use1.fptls.com	fpjscdn.net
1	cdn1.onlineaccess1.com	dhfdjh.otzo.com
1	fpjscdn.net	dhfdjh.otzo.com
1	okeefegroup.net	1 redirects
21	6

This site contains links to these domains. Also see Links.

Domain
www.firstcitizens.com
digitalbanking.firstcitizens.com
digitalbanking.firstcitizens.com.yext-cdn.com
cdn1.onlineaccess1.com

Subject Issuer	Validity	Valid
dhfdjh.otzo.com cPanel, Inc. Certification Authority	`2023-05-26` - `2023-08-24`	3 months	crt.sh
fpcdn.io Amazon RSA 2048 M01	`2022-11-09` - `2023-12-08`	a year	crt.sh
onlineaccess1.com GTS CA 1P5	`2023-05-20` - `2023-08-18`	3 months	crt.sh
use1.fptls.com R3	`2023-04-27` - `2023-07-26`	3 months	crt.sh
api.fpjs.io Amazon RSA 2048 M01	`2023-02-21` - `2024-01-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Frame ID: 45166B1EE5EF0720D272078A71CEE2A0
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://okeefegroup.net/ HTTP 301
https://dhfdjh.otzo.com//FcbN/Fcb(lee) HTTP 301
https://dhfdjh.otzo.com/FcbN/Fcb(lee)/ Page URL

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

5
IPs

1
Countries

1286 kB
Transfer

1363 kB
Size

4
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.firstcitizens.com/privacy-security/
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: https://digitalbanking.firstcitizens.com/FCBTC_AutoEnroll/SignUp.html
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://digitalbanking.firstcitizens.com/FCBTC_ForgotLogin/ForgotUsername.html
Title: Forgot Login ID?

Search URL Search Domain Scan URL

URL: https://digitalbanking.firstcitizens.com.yext-cdn.com/search
Title: Locations

Search URL Search Domain Scan URL

URL: https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/8a2fd0783e9a75e59ab4b564c39adc36/assets/images/fdic_logo_large-101554d3eebb7c3c6fedb7d73549127b.png

Search URL Search Domain Scan URL

URL: https://digitalbanking.firstcitizens.com/fcbtconline/uux.aspx#/login
Title: Return to login

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://okeefegroup.net/ HTTP 301
https://dhfdjh.otzo.com//FcbN/Fcb(lee) HTTP 301
https://dhfdjh.otzo.com/FcbN/Fcb(lee)/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
dhfdjh.otzo.com/FcbN/Fcb(lee)/
Redirect Chain

http://okeefegroup.net/
https://dhfdjh.otzo.com//FcbN/Fcb(lee)
https://dhfdjh.otzo.com/FcbN/Fcb(lee)/

17 KB
17 KB

61ms
61ms

Document
text/html

129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 20af460972344b4045f8db4c6e564fa6051208a795e3ac30ef7f0cec9577148f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 16911
Content-Type: text/html
Date: Fri, 26 May 2023 21:52:27 GMT
Keep-Alive: timeout=5, max=99
Last-Modified: Mon, 22 May 2023 14:35:54 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 26 May 2023 21:52:26 GMT
Keep-Alive: timeout=5, max=100
Location: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Server: Apache

GET
H/1.1 200
OK app.css
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/ 93 KB
94 KB 114ms
61ms Stylesheet
text/css 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/app.css
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 83a18bf19e5e2e0fae7ac33e1c099c335c708966970b7fe7b5915bb6442ff9fd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Last-Modified: Mon, 22 May 2023 14:35:56 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 95568

GET
H/1.1 200
OK theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/ 934 KB
935 KB 182ms
61ms Stylesheet
text/css 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 5c46d39cdd77a88b4f48d3d69079099a57c23c92d57ccfaec74e01d1763159a3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Last-Modified: Mon, 22 May 2023 14:35:56 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 956834

GET
H/1.1 200
OK style.css
dhfdjh.otzo.com/FcbN/Fcb(lee)/ 184 KB
184 KB 183ms
61ms Stylesheet
text/css 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 1ad281bfb6c826b68c9d9c6f6d41d7194b22d76014f756b9b37410d8ce09f8f6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dhfdjh.otzo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Last-Modified: Mon, 22 May 2023 14:35:52 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 188682

GET
H/1.1 200
OK fdic_logo_small-067dddada1e927b9bfba5a52e8773b92.png
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/ 3 KB
3 KB 64ms
64ms Image
image/png 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fdic_logo_small-067dddada1e927b9bfba5a52e8773b92.png
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 3987b9d9d5d5a147de53cee322f0d3dfa701046cd0232386adcf1b5c835c391c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dhfdjh.otzo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Last-Modified: Mon, 22 May 2023 14:35:56 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2712

GET
H/1.1 200
OK main.js Show response
dhfdjh.otzo.com/FcbN/Fcb(lee)/ 2 KB
3 KB 61ms
60ms Script
application/javascript 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/main.js
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 9bd7a7ffceaa30b047ffa708bc590240eb3f9246a05822f4c457e70c9d052c22

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dhfdjh.otzo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Last-Modified: Tue, 23 May 2023 10:47:22 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2406

GET
H2 200 lo2HJ3gD8azQRIpz6fhK Show response
fpjscdn.net/v3/ 122 KB
43 KB 231ms
73ms Script
text/javascript 108.139.29.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fpjscdn.net/v3/lo2HJ3gD8azQRIpz6fhK

Requested by

Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-139-29-30.jfk50.r.cloudfront.net

Software

CloudFront /

Resource Hash

6266ff77c735263a3bcfa7497cd441c690844e88c8c0de579aea48cc410b5635

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://dhfdjh.otzo.com/
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 11:22:14 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
via: 1.1 62c7f4f128c40af6818c2f8f919f1c18.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P2
age: 124213
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
server: CloudFront
etag: W/"nLQoWA0mIOXNuM3q53X4JAouspg"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3529, s-maxage=623551
x-amz-cf-id: uyztITtKBv0cKhEJ06X8tdoh8-6QN6L49QWPprKHvJhyLvRzEqqpnw==

GET
H2 200 logo_large-5741abb9675d37b6178ac83becc79b17.png
cdn1.onlineaccess1.com/cdn/depot/3397/1069/8a2fd0783e9a75e59ab4b564c39adc36/assets/images/logos/ 7 KB
7 KB 196ms
106ms Image
image/png 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/3397/1069/8a2fd0783e9a75e59ab4b564c39adc36/assets/images/logos/logo_large-5741abb9675d37b6178ac83becc79b17.png

Requested by

Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3133f88ff2d288957e9708cab68a2dd2f25f46177603d9accb70b22bc7601888

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dhfdjh.otzo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 21:52:27 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Feb 2023 03:29:42 GMT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
etag: W/"63eda326-1a27"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 7cd93ecd8b87336a-MIA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 404
Not Found OpenSans-Regular.woff
dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/ 0
0 61ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Regular.woff
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found fontello.woff2
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/ 0
0 61ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/fontello.woff2?29134652
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found OpenSans-Semibold.woff
dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/ 0
0 60ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Semibold.woff
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found OpenSans-Regular.ttf
dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/ 0
0 61ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Regular.ttf
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found OpenSans-Semibold.ttf
dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/ 0
0 62ms
61ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Semibold.ttf
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/style.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found fontello.woff
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/ 0
0 60ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/fontello.woff?29134652
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found fontello.ttf
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/ 0
0 61ms
61ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/fontello.ttf?29134652
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found OpenSans-Semibold.woff
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/ 0
0 61ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Semibold.woff
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found OpenSans-Regular.woff
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/ 0
0 61ms
61ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Regular.woff
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found OpenSans-Semibold.ttf
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/ 0
0 63ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Semibold.ttf
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found OpenSans-Regular.ttf
dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/ 0
0 61ms
60ms Font
text/html 129.213.95.36
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Regular.ttf
Requested by: Host: dhfdjh.otzo.com
URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 129.213.95.36 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/theme-q2-a0ada1b235c299308276feec2c5d3c0e.css
Origin: https://dhfdjh.otzo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 21:52:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=94
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 / Show response
use1.fptls.com/ 204 B
331 B 261ms
60ms XHR
text/plain 99.83.173.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://use1.fptls.com/

Requested by

Host: fpjscdn.net
URL: https://fpjscdn.net/v3/lo2HJ3gD8azQRIpz6fhK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.83.173.21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a64bed9ff5004f5b3.awsglobalaccelerator.com

Software

Resource Hash

68699702505bf39484848204193b01b2c5ee3bf7843bac1befa251364e66ce3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dhfdjh.otzo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: max-age=2592000, immutable, private
date: Fri, 26 May 2023 21:52:28 GMT
content-length: 204
content-type: text/plain; charset=utf-8

POST
H2 200 / Show response
api.fpjs.io/ 502 B
1 KB 234ms
122ms XHR
text/plain 13.248.176.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.fpjs.io/?ci=js/3.8.13

Requested by

Host: fpjscdn.net
URL: https://fpjscdn.net/v3/lo2HJ3gD8azQRIpz6fhK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.248.176.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a46a250059e296ddb.awsglobalaccelerator.com

Software

nginx/1.22.1 /

Resource Hash

4b4d1bfdfcb2b3d5d7e8897f282511960e9c47f17bdfcba944f952dafa83d02b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; frame-ancestors 'none'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://dhfdjh.otzo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 May 2023 21:52:28 GMT
content-security-policy: default-src 'none'; frame-ancestors 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=63072000
server: nginx/1.22.1
x-content-type-options: nosniff
vary: Origin
x-frame-options: DENY
content-type: text/plain
access-control-allow-origin: https://dhfdjh.otzo.com
access-control-expose-headers: Retry-After
access-control-allow-credentials: true
content-length: 502

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: First Citizens Bank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cdn1.onlineaccess1.com/	1970-01-20 12:06:06	Name: __cflb Value: 02DiuDJZwTATiSnybBeVDKjTCUZYfphxFqvnanmCDenyN
.onlineaccess1.com/	1969-12-31 23:59:59	Name: __cfruid Value: 52baf88bc05e934ccc433f274652424a18b9cc9b-1685137947
.fpjs.io/	1970-01-20 20:51:13	Name: _iidt Value: K9DCC2ghtq/M3yaOwoLX8Wu9iCzHsTgEXUQifr7D/FdEsiJ2W8dwXqN/am5GGT3DNqp+qIXJoQ+7+Z3pG63uVFcUyGNtaG9yqcVhhdxywwMWdFoZkg==
.otzo.com/	1970-01-20 20:51:13	Name: _vid_t Value: /NfZfSGybhWwKrW2bfv7TvxqXpsmoYu+NhuqJZBIeWXlk5QeSvrf9WUdINrosfn00+eO0mjcKTFxAi0Ze5AnsZJOUHDkAJgFpKH+BiRx92FeO7laPg==

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Regular.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Semibold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/fontello.woff2?29134652 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/fontello.woff?29134652 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/fonts/OpenSans/OpenSans-Semibold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/fontello.ttf?29134652 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Semibold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Regular.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Semibold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://dhfdjh.otzo.com/FcbN/Fcb(lee)/index_files/fonts/OpenSans/OpenSans-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.fpjs.io
cdn1.onlineaccess1.com
dhfdjh.otzo.com
fpjscdn.net
okeefegroup.net
use1.fptls.com
108.139.29.30
129.213.95.36
13.248.176.92
162.241.71.85
192.0.54.4
99.83.173.21
1ad281bfb6c826b68c9d9c6f6d41d7194b22d76014f756b9b37410d8ce09f8f6
20af460972344b4045f8db4c6e564fa6051208a795e3ac30ef7f0cec9577148f
3133f88ff2d288957e9708cab68a2dd2f25f46177603d9accb70b22bc7601888
3987b9d9d5d5a147de53cee322f0d3dfa701046cd0232386adcf1b5c835c391c
4b4d1bfdfcb2b3d5d7e8897f282511960e9c47f17bdfcba944f952dafa83d02b
5c46d39cdd77a88b4f48d3d69079099a57c23c92d57ccfaec74e01d1763159a3
6266ff77c735263a3bcfa7497cd441c690844e88c8c0de579aea48cc410b5635
68699702505bf39484848204193b01b2c5ee3bf7843bac1befa251364e66ce3e
83a18bf19e5e2e0fae7ac33e1c099c335c708966970b7fe7b5915bb6442ff9fd
9bd7a7ffceaa30b047ffa708bc590240eb3f9246a05822f4c457e70c9d052c22

dhfdjh.otzo.com Open in urlscan Pro 129.213.95.36 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

21 Requests

100 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

5 IPs

1 Countries

1286 kBTransfer

1363 kBSize

4 Cookies

6 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

4 Cookies

11 Console Messages

Indicators

dhfdjh.otzo.com Open in urlscan Pro
129.213.95.36 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

5
IPs

1
Countries

1286 kB
Transfer

1363 kB
Size

4
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!