| personas.devbam.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=2050724671 | 45.223.128.45 | 200 OK | 21 kB |
URL GET HTTP/2personas.devbam.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=2050724671 IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3cb498d43f50cab8a0cfffe4d96e7c9f 91399593375bb9489d70f41bd2b461ab5bdd5907 098f70feef6b9321b4ad37205bae15dae3d20882a813c028400fbcc78b4ebb4c
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=2050724671 HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/javascript
content-encoding: gzip
x-robots-tag: noindex
content-length: 20570
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-5279K6C3KH | 142.250.74.168 | 200 OK | 99 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-5279K6C3KH IP142.250.74.168:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hashd67fcf39f684a5f352b0001c4e27d8de 9ce14017c2b8728c3500f866c5054f4177e9b9c7 7816e01a8571e7016e89e38d8077de684d756f17f148716a2db6f5d1fbca5e0c
GET /gtag/js?id=G-5279K6C3KH HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:46:41 GMT
expires: Wed, 24 Apr 2024 16:46:41 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 99023
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-NPNC394&l=dataLayerGA4 | 142.250.74.168 | 200 OK | 58 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-NPNC394&l=dataLayerGA4 IP142.250.74.168:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (1951) Hash4d51bc12fdda657cb758a409e3dc3641 23af390dcd7a23407903db65b104eaa67b7ddfd1 dfbf7d0d08ea1fd30f191a46f47d54b11b734319a4c878d01c34759093930baa
GET /gtm.js?id=GTM-NPNC394&l=dataLayerGA4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:46:42 GMT
expires: Wed, 24 Apr 2024 16:46:42 GMT
cache-control: private, max-age=900
last-modified: Wed, 24 Apr 2024 16:05:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 58298
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6561692434781226 | 45.223.128.45 | 200 OK | 1 B |
URL GET HTTP/2personas.devbam.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6561692434781226 IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typevery short file (no magic) Hashc4ca4238a0b923820dcc509a6f75849b 356a192b7913b04c54574d18c28d46e6395428ab 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /_Incapsula_Resource?SWKMTFSR=1&e=0.6561692434781226 HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; ___utmvc=rFF1U/oMGIhaQoziPaaG0U0AIzVthfYYTu+WW75og9J3cXQsgmjZQwMemhP0xo84iU+rnEcOg2OSjYBSk0zFWilqGDfzgX2v34/it9uQ7gNkLA7YVEWqEl1fhxbsRe5g0o9OzLQpla0BNIw3cFAeFw2pRmt8VYLZxulV9tiaWMkIWSWUf2PucjUQOnYjlKnII3ohsSGpAbyCcyfCNKQ913mRMSO7+RE+GgiKt9JXum5dwKMbAlJ1eo38PW9Clwpm1tgqNtnJFopXrXZGi7r60WdQlmqwiArrLGLkK1vyP6xCN4tN7EDHvSpYPlefa3NeQijOvDaK62m8Gpl+6coDco3iBsIGTfTWeI2TyX7FR5QU/jQCV5m0pU6oYaWgQwUnhmCeqRbR0RZ0gf+yT1gS1cQh/TEjys/v1AXqggAPTNJxewy80Lm/5yV4wENV+luztKcoNwSgKSYFOaP3LUwRt8CROSw3QiifWw7MvWhmI9j1vtGWz318cfQHcgIvGG5o3ykxz0YRrIe/c9A0QEfvzjzuwRUZpTnY+ljRyli4hzrF2hsTt3k8Z0fUoBeRMbDpfyBg2R3Old44JJiZBrfE2tCLh/ob3uR0rLDDAMkZ4W8loWzvyXX/r+c4TmSwH1P8dUxT9QTKKT28dOl4leBFIkpkAjggBG6qRUb5nvSwsHc6Pan48W3/Y5AV6rQnsP2tTCPVu/fydCg8sib3xktLHLXvaez1W+rCPGEkVGoAf0acC4GUyBMABVpZlt/Nj/Hf2J3lwIWY0Ofl2swZvll+S8ErEj1l/SU4kdefZJHZG065+C0nb9CXPxncVqM5TwDqhuewCYAMVo/n9D1fZnj6jWEk9uImzsuqt3avuTpl/kagdT3NdjvCXW7YveghEIprTP5RVGhIItLQ+OoakcHRG/sqy49ovjeAIyGqeA4ahYizaQXH5QEDw76G9i4l/xZgIu7ZGN4PyKfMZRJaFJGv2y564Glm931WXcgMs/nWL0uuKBQ9Jt5dE6s7jL1WDK/9JmfU9iPv4KhFNHeK1jpcaimbNdgkIh+ByoaFt71KZeBZQZic1cnJZ6JLRyCnfCk66nvop42okZEeqCqijXCGiuQSofnvOzV9+JIcXyjZ5zKxI4K0m4ZIGe+aptJUN2TeXcZTMq5eUXje4mJ0YLSlZZoe3ndceB7UWG9MTRXZYgGNu4SbrSjIYNqwoYQax2LCIEziKwZhiq21n1dLs43Q2IBVwWITnfET3Qk4l8zY0SvGUbG2zqFW5Efd2qqXEwyx5+rfRojJduCL9FV4R0wD8s5fdTMh5rYrc/mzBff3ADmYu78cnm71VnkJC5G8XWwzsvsu95bZSL5vEmSfPbE0/hBhoU+ZoR1TmS/CT9AFbQaYp7qsv/Dp5SvjJgzMHfNl6JRMJPHRDZP/0VI16Zjm9Mqgsjo89h9CNdsMK4tW0k/b/escZq8icCdpnGJpU1R84DmXEZE9p+iNvFCiauUuzOuNgALJ/Mbz/+VpuUpOImPFAFsffc8M0jZ0E6lun97tENa8MGSR7PBkjVbVLC8+q8B2SVK70a69HNB7YVnNxL9R5hsnHs3iwvL1DOxpWjOYR9h+6C1B7a3BSH9MPXo/hMtYUzLnUdyiq8HLeKlhu89hq0UpRlGEQYo7YG50zxAuvrXiwh2erZQ1n5LVyQl/p6yl/ghZ3g1UJe6h0ftqj8Ns9gvIPKiVD4B4LCusu3jOXNKpaMWwbLBiNVZOrIyQMffbc/eYmnWSn2AQeV5nTLg5jnt20c77t4T86M46RuSWaleYEaO8pfGFs5bZiGm4jL8nCjJp6zOUKv/gBegC3JSf/6lX71FO3DncUpu8qj5CVJOJ81GAmCoAxGruPJQk1TuP0VI9hYIvOxXHo7+mYuVXjFpWGR4k+wBPaFAU660SoNhPocL6DICmQ5VhowHuCToylFOrz/nm8QhAjNxCdipZ1S292KoK9G+925f10guD7ui/ebnRMwr7rt51rBu5+0xfK1jo5xuy3c9lZXfC8+zx1PsTvNP67wbJRCBtYG0D6lT4TZG0HxAqPWDn/NHF5lm2GXierwubdrYSqfhto69OYnVyOt/2bju9ttWfhb9BTV/IDPsJbdv9WcB/7MpThwLXaycP2Auaz30RFmjKGjJR8eBeyGR1B/j1auHcBMNiJHnwkb10M+2u4iXnPdywAQAbZk4uls1UW8D7NvkEque5PPlDI4UktW3Ze0ZhjTPChyQRniANYAPo/FiRELtt8Y/P4Whel7SVTIOAhL2+Z2V1NtAfE189GRtqlrv/67m9WeJG40cDDc63TWUZ2n6EEgh0lTkbAWwolAhmMdSTzREsBaOmZE9vbYvJXuo7lYN+zUUSMuFfviOqOG7Mys3JSJhfRrbEG1VbGcA1NDoKtauCLA+KQ1ZX/XSiURuenYAG0Uu7mFDQMmdglSdVbdd0dxEs4m/g5C8AbVGJJwmI6ltx2VyR4umddHxDM62TQVxBV7o+EgH0j7v+aR7hy6ojCcfc8EE8yadJQVEIwIPU5oY9xHWfaWzwbUV5tLO/QMnku0BDCo/9cfhOLW4tHxek4M2OGbl9ehe6eoblv47MsQfWv1l9+pQ+29Ol4ipb+MDehBlL7PmpNNsEVfU53QOme00Q0TdH/nIQ391do8yUcsU/tUOS7wXaGW+qRRZbi3KTCr9tpuPCx9z0sd89DqPYU5DFrh4TcFGj2mnL9/16RetIR9I5HJcjLXCiPz2I/+qFD2x/wWx9WAp6Cwy3ci8U0/5Q9kS/oVJeBMEmJwLkSaCIlVMgBxeONBQOZW/WlogYaAQjqRpziqFxcg+mFOWo4ckdl6Iu1DDVDHFbzmBPNLSKDQrtzl8LSmTIg/Q5e4FoYclu+6+riagsZGlnZXN0PTE5NzY4MixzPTczYjM2YTlmNzk4YTc3YWRhMTlmYWFhNTgxNmU4YzdiODI3ZDgwOWU3YTY2YTE5ZDk0YTRhZTY2OWM4MDYwYTc4ODgxNmRhMzdhYjA3NDcz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: text/plain
x-robots-tag: noindex
content-length: 1
set-cookie: ___utmvc=a; Max-Age=0; path=/; expires=Mon, 15 Apr 2024 22:54:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-205366777-1&l=dataLayerGA4&cx=c | 142.250.74.168 | 200 OK | 73 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=UA-205366777-1&l=dataLayerGA4&cx=c IP142.250.74.168:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hash6b987b74c162301c0d9d0d3b570759cd 58f9afaa74523ece0df293213d5a7d748bc57ed3 521dcd4b14a693932c6e3af1f410dc29de7d878a9c32e9b54ae839bbb753be06
GET /gtag/js?id=UA-205366777-1&l=dataLayerGA4&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:46:42 GMT
expires: Wed, 24 Apr 2024 16:46:42 GMT
cache-control: private, max-age=900
last-modified: Wed, 24 Apr 2024 16:05:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73429
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=G-2YH1JYBLLG&l=dataLayerGA4&cx=c | 142.250.74.168 | 200 OK | 89 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-2YH1JYBLLG&l=dataLayerGA4&cx=c IP142.250.74.168:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Hash4b3ff79d98f36b3c9cc7f67681bce9aa e52fdc89d3778ca9d7bed9f727ff6bf02067e79a af1ed1c080a12b47f8f411fe5b486f7576c4619ab4b45a90482b1464f2031d0f
GET /gtag/js?id=G-2YH1JYBLLG&l=dataLayerGA4&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:46:42 GMT
expires: Wed, 24 Apr 2024 16:46:42 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88634
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| personas.devbam.com/assets/i18n/es.json | 45.223.128.45 | 200 OK | 53 kB |
URL GET HTTP/2personas.devbam.com/assets/i18n/es.json IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typegzip compressed data, from Unix Hash88f5ea44805ea7f6c9f5b96bd4dd0361 8e971950104fd57804c8bc7f15d0b61f1fc91556 53352e0bed608e0c4d71043d4558535038359b4f727ad79f1b35a1cdd9affeda
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /assets/i18n/es.json HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: */*
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; _ga_5279K6C3KH=GS1.1.1713977202.1.0.1713977202.0.0.0; _ga=GA1.1.757210505.1713977202; _ga_2YH1JYBLLG=GS1.1.1713977202.1.0.1713977202.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Wed, 24 Apr 2024 09:43:40 GMT
last-modified: Tue, 26 Mar 2024 22:10:12 GMT
etag: W/"ac3acfd87c0d8e329ea4b18f8ff88370"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 61fafbbf54e5560686b2d414df132838.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: 10plkOdHO3gbhLGaEYvB1jYLAEdzjqJ197QV-g4bL7SGoOCVG5ayPw==
age: 25383
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113725 PNNN RT(1713977200427 1885) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| commons.devbam.com/security/v1/auth/token/guest | 45.223.128.45 | 200 OK | 0 B |
URL POST HTTP/2commons.devbam.com/security/v1/auth/token/guest IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /security/v1/auth/token/guest HTTP/1.1
Host: commons.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://personas.devbam.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
content-length: 0
server: CloudFront
date: Wed, 24 Apr 2024 16:46:43 GMT
access-control-allow-credentials: false
access-control-allow-headers: content-type,authorization,otp,origin,referer,user-agent,channel,reason,identifier,branch
access-control-allow-methods: GET,HEAD,POST,PUT,DELETE,OPTIONS,PATCH
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 da5d88dbc4ee6cd5f6a430e9228644f8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: fBk9W88Nil6FlVHNrJeKTnfbgWmiJkzaMr4nu45AoMLyc_dOOKL3gg==
set-cookie: visid_incap_2617623=Cmk+uKLeQpCaPCDBycHsv3I3KWYAAAAAQUIPAAAAAAA5pHftLtrm92u6RB8PhPFu; expires=Wed, 23 Apr 2025 23:05:06 GMT; HttpOnly; path=/; Domain=.devbam.com; Secure; SameSite=None
nlbi_2617623_2650139=ZuFhXKSoeRc2svkKZFdxhgAAAADW9LD+OkMrOJPmpsa3dIP+; path=/; Domain=.devbam.com; Secure; SameSite=None
incap_ses_720_2617623=sTA6Ncj2GAIHru7AOPT9CXI3KWYAAAAAnrj4batufe/XpERQsRefYQ==; path=/; Domain=.devbam.com; Secure; SameSite=None
x-incap-sess-cookie-hdr: vuuXPYq8wSIHru7AOPT9CXI3KWYAAAAAcrx2ifrqyny4mgLljeWFFA==
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cdn: Imperva
access-control-allow-origin: *
x-iinfo: 6-13464922-13464884 PNNN RT(1713977202461 47) q(0 0 0 1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| commons.devbam.com/security/v1/auth/legacy/publicKey | 45.223.128.45 | 204 No Content | 0 B |
URL OPTIONS HTTP/2commons.devbam.com/security/v1/auth/legacy/publicKey IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /security/v1/auth/legacy/publicKey HTTP/1.1
Host: commons.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://personas.devbam.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
content-length: 0
server: CloudFront
date: Wed, 24 Apr 2024 16:46:43 GMT
access-control-allow-credentials: false
access-control-allow-headers: content-type,authorization,otp,origin,referer,user-agent,channel,reason,identifier,branch
access-control-allow-methods: GET,HEAD,POST,PUT,DELETE,OPTIONS,PATCH
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 ef955f95d080740af1e658b6929731ce.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: x71qCBRoTdPRCanQQKcq9UXLgfAaeXyz1qVVxHThdOXLhTYdGXrZqA==
set-cookie: visid_incap_2617623=Cmk+uKLeQpCaPCDBycHsv3I3KWYAAAAAQUIPAAAAAAA5pHftLtrm92u6RB8PhPFu; expires=Wed, 23 Apr 2025 23:05:06 GMT; HttpOnly; path=/; Domain=.devbam.com; Secure; SameSite=None
nlbi_2617623_2650139=lCqVHTdejBqMUQPiZFdxhgAAAABIcG+jPR0M/4lHzUG3NRwu; path=/; Domain=.devbam.com; Secure; SameSite=None
incap_ses_720_2617623=TvtsaCfWon0Hru7AOPT9CXI3KWYAAAAA9ycUNgd5PvvlRxmxM334og==; path=/; Domain=.devbam.com; Secure; SameSite=None
x-incap-sess-cookie-hdr: 2EHQDjjNbVEHru7AOPT9CXI3KWYAAAAAws8ofj3XHoXSI5pCQl8Lww==
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cdn: Imperva
access-control-allow-origin: *
x-iinfo: 6-13464922-13464933 NNNN CT(0 9 0) RT(1713977202461 49) q(0 0 0 1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/assets/img/login.gif | 45.223.128.45 | 200 OK | 9.1 MB |
URL GET HTTP/2personas.devbam.com/assets/img/login.gif IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typeGIF image data, version 89a, 846 x 594 Size9.1 MB (9103709 bytes) Hash84b954342433d781eb7f6fec2ac285a0 36132322be51630c6cfdc836208d6d8e28d8801a ca5c9069cc382bf34ebd8a6e4d77bf4263d8883693b6e8011f9889c4da90ca3f
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /assets/img/login.gif HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; _ga_5279K6C3KH=GS1.1.1713977202.1.0.1713977202.0.0.0; _ga=GA1.1.757210505.1713977202; _ga_2YH1JYBLLG=GS1.1.1713977202.1.0.1713977202.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 9103709
date: Wed, 24 Apr 2024 09:43:40 GMT
last-modified: Tue, 26 Mar 2024 22:10:12 GMT
etag: "8d682d11fbd73fdc551f1eed8680d8d3-2"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: general
x-cache: Hit from cloudfront
via: 1.1 7c387b19d61d1c91aac6ab5213be0f38.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: c_8D-uuAoDJNsi5tOD2GBNTAsvpluwXzavDnDuCexryA7bAFdWby0g==
age: 25383
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113722 PNNN RT(1713977200427 2008) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| commons.devbam.com/security/v1/auth/legacy/publicKey | 45.223.128.45 | 204 No Content | 2.3 kB |
URL OPTIONS HTTP/2commons.devbam.com/security/v1/auth/legacy/publicKey IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
Hash6c278f529448367780a0121ea6a64183 a639e6aaa568f3e890008536fd2a08169e293ada c10776b65c55e34e5523145bee1b41a985c5186016be1b924f7b7a842f002a3b
GET /security/v1/auth/legacy/publicKey HTTP/1.1
Host: commons.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: */*
Origin: https://personas.devbam.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:46:43 GMT
content-type: application/json
x-amzn-requestid: 18eacb48-8e46-4771-bb55-342107cb25c7
strict-transport-security: max-age=31536000; includeSubDomains;
x-frame-options: DENY
x-amz-apigw-id: WvWaFEyvIAMEQYQ=
x-requested-with: *
x-amzn-trace-id: Root=1-66293773-0cd7246146c81b524842f91c;Sampled=1;lineage=e56ff793:0
set-cookie: visid_incap_2617623=Cmk+uKLeQpCaPCDBycHsv3I3KWYAAAAAQUIPAAAAAAA5pHftLtrm92u6RB8PhPFu; expires=Wed, 23 Apr 2025 23:05:06 GMT; HttpOnly; path=/; Domain=.devbam.com; Secure; SameSite=None
nlbi_2617623=lWVIRTkm6UluDVbRZFdxhgAAAAAQvgmTB1W8rlAJZOM/LQL6; path=/; Domain=.devbam.com; Secure; SameSite=None
incap_ses_720_2617623=VTcwbLqEW3kHru7AOPT9CXI3KWYAAAAADGiNr0u3Tf0eAWF8TtwQEg==; path=/; Domain=.devbam.com; Secure; SameSite=None
x-incap-sess-cookie-hdr: 1z3TdF1M0TMHru7AOPT9CXI3KWYAAAAAUwEdJ7HuT+5u8yqf1hBYIg==
x-cdn: Imperva
access-control-allow-origin: *
content-encoding: gzip
x-iinfo: 6-13464922-13464943 NNYN CT(93 92 0) RT(1713977202461 129) q(0 0 2 3) r(3 4) U24
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.35 | 200 OK | 206 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.35:443
Requested byhttps://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://personas.devbam.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 05:54:48 GMT
expires: Wed, 23 Apr 2025 05:54:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 125516
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css | 142.250.74.35 | 200 OK | 25 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css IP142.250.74.35:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeASCII text, with very long lines (56412), with no line terminators Hash2c00b9f417b688224937053cd0c284a5 17b4c18ebc129055dd25f214c3f11e03e9df2d82 1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24617
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 15:50:55 GMT
expires: Wed, 23 Apr 2025 15:50:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/css
vary: Accept-Encoding
age: 89750
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.35 | 200 OK | 206 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.35:443
Requested byhttps://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 05:54:48 GMT
expires: Wed, 23 Apr 2025 05:54:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 125517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.35 | 200 OK | 206 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.35:443
Requested byhttps://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 05:54:48 GMT
expires: Wed, 23 Apr 2025 05:54:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 125518
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:43:03 GMT
expires: Fri, 18 Apr 2025 02:43:03 GMT
cache-control: public, max-age=31536000
age: 569023
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/assets/i18n/es.json | 45.223.128.45 | 200 OK | 62 kB |
URL GET HTTP/2personas.devbam.com/assets/i18n/es.json IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typegzip compressed data, from Unix Hashf013e1dd6a71511c2b65f7d0fc64b483 4992d6dd5e8a292c8b5572163547165e049e84e0 420cb452627b2ad08d5e534a7de0cb0ccb6e6ae9e292859be30434a30962106d
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /assets/i18n/es.json HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: */*
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; _ga_5279K6C3KH=GS1.1.1713977202.1.0.1713977202.0.0.0; _ga=GA1.1.757210505.1713977202; _ga_2YH1JYBLLG=GS1.1.1713977202.1.0.1713977202.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Wed, 24 Apr 2024 09:43:40 GMT
last-modified: Tue, 26 Mar 2024 22:10:12 GMT
etag: W/"ac3acfd87c0d8e329ea4b18f8ff88370"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 7c387b19d61d1c91aac6ab5213be0f38.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: dhZWBmAYoCw2UTZeLz6NTJ8c1vt3uQbQVzByLzNy92FxEFXtBgLNSQ==
age: 25384
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113722 PNNN RT(1713977200427 1991) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/api2/logo_48.png | 142.250.74.35 | 200 OK | 2.2 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/api2/logo_48.png IP142.250.74.35:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Hashef9941290c50cd3866e2ba6b793f010d 4736508c795667dcea21f8d864233031223b7832 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:54:07 GMT
expires: Thu, 25 Apr 2024 02:54:07 GMT
cache-control: public, max-age=604800
age: 568359
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.google.com/js/bg/Y9LiaqaJM7rIBAUMTg8Ck_H5fpJ61Keayeag6LMQ-3c.js | 142.250.74.164 | 200 OK | 7.4 kB |
URL GET HTTP/3www.google.com/js/bg/Y9LiaqaJM7rIBAUMTg8Ck_H5fpJ61Keayeag6LMQ-3c.js IP142.250.74.164:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint70:CC:1A:8A:58:6C:1F:6D:43:AE:66:75:89:F7:99:7B:BC:7A:74:2D ValidityMon, 18 Mar 2024 19:37:19 GMT - Mon, 10 Jun 2024 19:37:18 GMT
File typeJavaScript source, ASCII text, with very long lines (17602) Hasha881e4c268e13ad20405ae80fca4c36b dee477906e2c92b4c7747029a2409069b9b676ad 63d2e26aa68933bac804050c4e0f0293f1f97e927ad4a79ac9e6a0e8b310fb77
GET /js/bg/Y9LiaqaJM7rIBAUMTg8Ck_H5fpJ61Keayeag6LMQ-3c.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 7447
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Apr 2024 05:05:57 GMT
expires: Thu, 24 Apr 2025 05:05:57 GMT
cache-control: public, max-age=31536000
age: 42049
last-modified: Tue, 16 Apr 2024 13:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| personas.devbam.com/favicon.ico | 45.223.128.45 | 200 OK | 1.1 kB |
URL GET HTTP/2personas.devbam.com/favicon.ico IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash733aa87db5f7f1254ec4f3ad1bcebd9c c226a772e2fb4f44eb6b3e55b716afc4afc90412 c21c8bc42f3e8dd944a09c10e8fb8ae66aeece987bc341ebb2737861ec54744e
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /favicon.ico HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; _ga_5279K6C3KH=GS1.1.1713977202.1.0.1713977202.0.0.0; _ga=GA1.1.757210505.1713977202; _ga_2YH1JYBLLG=GS1.1.1713977202.1.0.1713977202.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 1077
date: Wed, 24 Apr 2024 11:10:27 GMT
last-modified: Tue, 26 Mar 2024 22:10:14 GMT
etag: "733aa87db5f7f1254ec4f3ad1bcebd9c"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: general
x-cache: Hit from cloudfront
via: 1.1 7c387b19d61d1c91aac6ab5213be0f38.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: -MRWermWh-z9ialYruD3e_9EW9kZwp33qqzdgzIT_n04Gh_sxxP45A==
age: 20178
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113722 PNNN RT(1713977200427 2986) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| assets.devbam.com/contenido_compartido/bam-icon.svg | 143.204.55.82 | 200 OK | 3.4 kB |
URL GET HTTP/2assets.devbam.com/contenido_compartido/bam-icon.svg IP143.204.55.82:443
Requested byhttps://personas.devbam.com/login CertificateIssuerAmazon Subject*.devbam.com Fingerprint0C:89:C9:F6:8F:DA:E9:E3:DD:CF:2B:B7:0E:8A:57:D9:6E:B5:92:90 ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash4d5e194dead3025faf424be34d9724b9 74aaac187172b6583d55478dfafc2eac51428812 8ae12960e036cb3c4ecedcd35e1da8b3549f1aed81b14a4973b41c815635015b
GET /contenido_compartido/bam-icon.svg HTTP/1.1
Host: assets.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; _ga_5279K6C3KH=GS1.1.1713977202.1.0.1713977202.0.0.0; _ga=GA1.1.757210505.1713977202; _ga_2YH1JYBLLG=GS1.1.1713977202.1.0.1713977202.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 24 Apr 2024 09:43:40 GMT
last-modified: Mon, 22 Apr 2024 18:30:29 GMT
etag: W/"20a4bed5803b4dc362dba9b0e7d38f99"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ov5lzynS5WCF-rGRK327yb4o0eioHukHVn_3M-P-Vnjk7cWZAtHuAQ==
age: 25383
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/micros/per-authConf/modules/main.js | 45.223.128.45 | 200 OK | 20 MB |
URL GET HTTP/2personas.devbam.com/micros/per-authConf/modules/main.js IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
Size20 MB (20287568 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /micros/per-authConf/modules/main.js HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; _ga_5279K6C3KH=GS1.1.1713977202.1.0.1713977202.0.0.0; _ga=GA1.1.757210505.1713977202; _ga_2YH1JYBLLG=GS1.1.1713977202.1.0.1713977202.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 24 Apr 2024 09:43:40 GMT
last-modified: Tue, 26 Mar 2024 20:53:49 GMT
etag: "0f0744249f5e4cef52d001304733b1c1-4"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: general
x-cache: Hit from cloudfront
via: 1.1 61fafbbf54e5560686b2d414df132838.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: tzPG5KTAhnrhRhCvhbIOAxSth0k11ciubZy1ADYOZfMKLvclVOW20A==
age: 25383
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Origin
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 14-21113675-21113725 PNYN RT(1713977200427 1972) q(0 1 1 -1) r(1 1) U24
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/reload?k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG | 142.250.74.164 | 200 OK | 12 kB |
URL POST HTTP/3www.google.com/recaptcha/api2/reload?k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG IP142.250.74.164:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint70:CC:1A:8A:58:6C:1F:6D:43:AE:66:75:89:F7:99:7B:BC:7A:74:2D ValidityMon, 18 Mar 2024 19:37:19 GMT - Mon, 10 Jun 2024 19:37:18 GMT
File typeASCII text, with very long lines (12198) Hashb654778d110af17fe1c773ccbdd0c503 0c98881043de0978f9f4a192743f8707c9c0cf51 8c3c0f4e75f0a309d23dfbf2c02b052800a0c832b202721690e387744d745e45
POST /recaptcha/api2/reload?k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 6851
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Wed, 24 Apr 2024 16:46:47 GMT
expires: Wed, 24 Apr 2024 16:46:47 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09AKPP-6euOjbAvFZSwNEu4-xga_bUF_IzXuW_qPAz0mt0eAWct-7qtgI-JdtjlSIUZftUyqVUsCo6-Skk_4L1Yl0;Path=/recaptcha;Expires=Mon, 21-Oct-2024 16:46:47 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| personas.devbam.com/runtime.js | 45.223.128.45 | 200 OK | 1.3 kB |
URL GET HTTP/2personas.devbam.com/runtime.js IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typeJavaScript source, ASCII text, with very long lines (1259), with no line terminators Hash92f543f2a83d30b71255097f288746bb 1ed86f63f59f8f66e8a3e1b38070281933250714 21bafb2ca2827afecc9dc5dfc48967da59f57f03e2e86b990ff56677c166e7e2
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /runtime.js HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 24 Apr 2024 10:00:22 GMT
last-modified: Tue, 26 Mar 2024 22:10:15 GMT
etag: W/"0f41888cc6770e16b046d6954fa31e61"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 42bac5f1aabdd1402109b9e5f2ab1414.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: CodnnmZpw_fkgqGrUhpuH4p4yMQKU1WodYVCBpiwo9fsxzXyOnrY2g==
age: 24380
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113677 PNNN RT(1713977200427 909) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/styles.css | 45.223.128.45 | 200 OK | 222 kB |
URL GET HTTP/2personas.devbam.com/styles.css IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size222 kB (222385 bytes) Hashc0741d8403072034fe833cce64021dea 76db57d03caa447ed309b703f5ff97df031eac62 48ba1ea0dbae8868c181b28144a90ed80bd422a23213725db35d00fd4dd7250a
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /styles.css HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
date: Wed, 24 Apr 2024 10:00:22 GMT
last-modified: Tue, 26 Mar 2024 22:10:15 GMT
etag: W/"c0741d8403072034fe833cce64021dea"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 7c387b19d61d1c91aac6ab5213be0f38.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: cpHUtpIVfwum_B37QrkDzxpOv4jgIoXug4PpQyy7ZrtVb8xGC76niw==
age: 24380
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113722 PNNN RT(1713977200427 944) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| assets.devbam.com/contenido_compartido/bancolombia-group-logo.svg | 143.204.55.82 | 200 OK | 9.4 kB |
URL GET HTTP/2assets.devbam.com/contenido_compartido/bancolombia-group-logo.svg IP143.204.55.82:443
Requested byhttps://personas.devbam.com/login CertificateIssuerAmazon Subject*.devbam.com Fingerprint0C:89:C9:F6:8F:DA:E9:E3:DD:CF:2B:B7:0E:8A:57:D9:6E:B5:92:90 ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash22d58a132f93366db184b79c89a292e7 b457c6b85fb16f14608c8748920b33280be572e2 01293292c104269394444c5045675413603dcaa7e5a4e07844c8d7a10167aedc
GET /contenido_compartido/bancolombia-group-logo.svg HTTP/1.1
Host: assets.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; _ga_5279K6C3KH=GS1.1.1713977202.1.0.1713977202.0.0.0; _ga=GA1.1.757210505.1713977202; _ga_2YH1JYBLLG=GS1.1.1713977202.1.0.1713977202.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 24 Apr 2024 09:43:40 GMT
last-modified: Mon, 22 Apr 2024 18:30:29 GMT
etag: W/"1b31c659357009d03a438aee077ad998"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6gsyRGJciUv1-bLFH81MwW_A8_OjYeEp5TX1S_BT-mcXGiFRaC1POA==
age: 25383
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/login | 45.223.128.45 | 200 OK | 7.5 kB |
URL User Request GET HTTP/2personas.devbam.com/login IP45.223.128.45:443
CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (7711), with no line terminators Hash59441fdad0ed6a7b7b844bfea8c41595 0c1223174459505f4098ef524a2432dbad9a8cc3 fa2d839312bfa7881bdef323442295be1e80560fb91be6ec9039d54b95296cda
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /login HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Wed, 24 Apr 2024 09:52:25 GMT
last-modified: Tue, 26 Mar 2024 22:10:14 GMT
etag: W/"0baa46222196c413b15667a208f6767e"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Error from cloudfront
via: 1.1 42bac5f1aabdd1402109b9e5f2ab1414.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: Qlev2hmRrgYxlW_VNE76s78rgi3ZQCY0AXZ_RK2-wHIV-gyeZ3VsIg==
age: 24857
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
set-cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; expires=Wed, 23 Apr 2025 23:05:06 GMT; HttpOnly; path=/; Domain=.devbam.com; Secure; SameSite=None
nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; path=/; Domain=.devbam.com; Secure; SameSite=None
incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==; path=/; Domain=.devbam.com; Secure; SameSite=None
x-incap-sess-cookie-hdr: tbaRdn3xMzRZre7AOPT9CXA3KWYAAAAAY9O7+T7WW/nItr+F726McQ==
x-cdn: Imperva
x-iinfo: 14-21113675-21113677 NNNN CT(1 10 0) RT(1713977200427 29) q(0 0 0 0) r(0 5) U24
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js?render=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&onload=ng2recaptchaloaded | 142.250.74.164 | 200 OK | 945 B |
URL GET HTTP/2www.google.com/recaptcha/api.js?render=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&onload=ng2recaptchaloaded IP142.250.74.164:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73 ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT
File typeJavaScript source, ASCII text, with very long lines (945), with no line terminators Hash067eb0a91ebd80247c5ca9c45faf7e07 74bbb4ebe9a2e8168f03b0b13be01eed0a0d7f9c 4e64099eefcaae8e67c9b78402d4ed7952dbb67d8ee1524a18c7548211a07e4b
GET /recaptcha/api.js?render=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&onload=ng2recaptchaloaded HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Wed, 24 Apr 2024 16:46:43 GMT
date: Wed, 24 Apr 2024 16:46:43 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/polyfills.js | 45.223.128.45 | 200 OK | 34 kB |
URL GET HTTP/2personas.devbam.com/polyfills.js IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typeJavaScript source, ASCII text, with very long lines (33857), with no line terminators Hashf9d7c64a7d613240a649e4b4359d7b18 da26af57140efb03fcb946c692f8aeb6979a7b9b 74dd7ad340d9ad6069e4efe36bddf76d537bd136a5b1a3b7fccd274ad250e1de
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /polyfills.js HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 24 Apr 2024 09:43:38 GMT
last-modified: Tue, 26 Mar 2024 22:10:14 GMT
etag: W/"f9d7c64a7d613240a649e4b4359d7b18"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 7c387b19d61d1c91aac6ab5213be0f38.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: 3tbaRU-2ThiWZ7zOEVj5VAgfJkHuvtXD3b6Y3TLYO0EVnyC-Hj1z0w==
age: 25384
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113722 NNNN CT(0 6 0) RT(1713977200427 910) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d | 142.250.74.164 | 200 OK | 45 kB |
URL GET HTTP/3www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d IP142.250.74.164:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint70:CC:1A:8A:58:6C:1F:6D:43:AE:66:75:89:F7:99:7B:BC:7A:74:2D ValidityMon, 18 Mar 2024 19:37:19 GMT - Mon, 10 Jun 2024 19:37:18 GMT
File typeHTML document, ASCII text, with very long lines (36156) Hash3e360b6d3eea9c18c98805cb199943fc 4b20dd33bd9c77778dbcd83f4d0fde613591d009 3dd1726d5b1c94607613f03e34eed90535cfef1e2707b7368e72f95695e8740e
GET /recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 24 Apr 2024 16:46:45 GMT
content-security-policy: script-src 'nonce-QyBWNUl49lhs7A1GhP5ktQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| personas.devbam.com/main.js | 45.223.128.45 | 200 OK | 7.1 MB |
URL GET HTTP/2personas.devbam.com/main.js IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
Size7.1 MB (7101947 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /main.js HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 24 Apr 2024 10:00:22 GMT
last-modified: Tue, 26 Mar 2024 22:10:14 GMT
etag: W/"b7ca896cf190c06c2a13ffc65a0acaa5-2"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 61fafbbf54e5560686b2d414df132838.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: HQYX2bLuGXa7ma3Cs1S_Hase10Q53-G-VUHCyyXKasoZWKGgiBoykg==
age: 24380
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113725 NNNN CT(0 5 0) RT(1713977200427 914) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| personas.devbam.com/scripts.js | 45.223.128.45 | 200 OK | 12 kB |
URL GET HTTP/2personas.devbam.com/scripts.js IP45.223.128.45:443
Requested byhttps://personas.devbam.com/login CertificateIssuerGlobalSign nv-sa Subjectimperva.com FingerprintF9:61:05:41:5B:ED:3E:B9:6A:52:18:5D:A4:DD:D6:D8:A3:8D:D3:7A ValidityMon, 04 Mar 2024 20:17:23 GMT - Sat, 31 Aug 2024 20:17:23 GMT
File typeJavaScript source, ASCII text, with very long lines (11971), with no line terminators Hash5f8d4180ca2918c11b4724968541faf2 e03bde1e93a15c6a0304208cebfecb41f1d82552 084196b6d2483915be198be058c6fa6c7a7c18a3f573123009c33e6184a45ca1
Analyzer | Verdict | Alert | OpenPhish | phishing | Banco Agromercantil |
GET /scripts.js HTTP/1.1
Host: personas.devbam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2586424=/VNHnWpMRhKvZPy6OeXBNW83KWYAAAAAQUIPAAAAAAAnJ6incicYeWrUicRrmoAp; nlbi_2586424=zb17A2NgfGmvPXDzLZpG9gAAAABS2LTK62NJ8g5XK+huuTJg; incap_ses_720_2586424=7bhrc2WtSlNZre7AOPT9CXA3KWYAAAAAX0JFD1gYK5ktFIno3EmGFw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 24 Apr 2024 10:00:22 GMT
last-modified: Tue, 26 Mar 2024 22:10:15 GMT
etag: W/"5f8d4180ca2918c11b4724968541faf2"
x-amz-server-side-encryption: AES256
server: general
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 42bac5f1aabdd1402109b9e5f2ab1414.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: _Lio7yn5pIxV4sjVRk4AOmnfkWgcgKQPTt2RHU8lfkeAVJV9N7cedg==
age: 24379
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer
content-security-policy: style-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com *.cloudfront.net *.google.com *.google-analytics.com *.appdynamics.com *.gstatic.com; img-src 'self' *.bam.com.gt assets.devbam.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
permissions-policy: fullscreen=()
pragma: no-cache
x-permitted-cross-domain-policies: none
vary: Accept-Encoding, Origin
x-cdn: Imperva
x-iinfo: 14-21113675-21113677 PNNN RT(1713977200427 913) q(0 0 0 -1) r(0 0) U24
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP216.58.207.227:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0 Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:25:07 GMT
expires: Fri, 18 Apr 2025 17:25:07 GMT
cache-control: public, max-age=31536000
age: 516099
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m | 142.250.74.164 | 200 OK | 102 B |
URL GET HTTP/3www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m IP142.250.74.164:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint70:CC:1A:8A:58:6C:1F:6D:43:AE:66:75:89:F7:99:7B:BC:7A:74:2D ValidityMon, 18 Mar 2024 19:37:19 GMT - Mon, 10 Jun 2024 19:37:18 GMT
File typeASCII text, with no line terminators Hash284b36421a1cf446f32cb8f7987b1091 eb14d6298c9da3fb26d75b54c087ea2df9f3f05f 94ab2be973685680d0be9c08d4e1a7465f3c09053cf631126bd33f49cc2f939b
GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeBv1IaAAAAAIC5z5HWAHK-mfP_i7QMd2LeNcUG&co=aHR0cHM6Ly9wZXJzb25hcy5kZXZiYW0uY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=mcgy8cbwh28d
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 24 Apr 2024 16:46:46 GMT
date: Wed, 24 Apr 2024 16:46:46 GMT
cache-control: private, max-age=300
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|