Report - tubancaonlineitau.herokuapp.com/

Report Overview

Submitted URL
tubancaonlineitau.herokuapp.com/
IP
52.5.82.174
ASN
#14618 AMAZON-AES
Submitted
2023-03-30 01:22:05
Access
public
Website Title
Final URL
Tags
suspicious
urlquery detections
Suspicious - Suspicious JS code

Detections

urlquery
3
Network Intrusion Detection
1
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-31T18:14:44Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-31T18:12:03Z	686 B	1.4 kB	142.250.74.131
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-31T07:51:33Z	3.2 kB	46 kB	34.120.237.76
ipinfo.io	8136	2013-12-16T08:25:53Z	2023-03-31T06:53:14Z	449 B	1.2 kB	34.117.59.81
api.ipify.org	3267	2014-10-06T14:38:43Z	2023-04-01T05:40:50Z	465 B	229 B	104.237.62.211
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-31T18:12:04Z	3.0 kB	8.0 kB	23.36.76.226
ocsp.r2m02.amazontrust.com	unknown	2022-10-12T16:01:39Z	2023-03-31T21:26:20Z	350 B	1.0 kB	54.230.80.227
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-31T18:18:04Z	413 B	5.9 kB	34.160.144.191
tubancaonlineitau.herokuapp.com	unknown	2023-03-29T23:32:40Z	2023-03-29T23:32:40Z	6.8 kB	820 kB	54.165.58.209
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-31T18:12:09Z	333 B	391 B	34.117.237.239
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-31T21:23:20Z	407 B	32 kB	142.250.74.42
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-31T18:13:52Z	606 B	127 B	35.161.26.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-30 01:22:21	medium	Client IP	34.117.59.81	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A
2023-03-29	medium	tubancaonlineitau.herokuapp.com/	Itau Unibanco S.A

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-30	medium	tubancaonlineitau.herokuapp.com/	Phishing
2023-03-30	medium	tubancaonlineitau.herokuapp.com/js/sax.js	Phishing
2023-03-30	medium	tubancaonlineitau.herokuapp.com/css/MaterialIcons-Regular.woff2	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-19 09:19:45 Times Seen138263 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	tubancaonlineitau.herokuapp.com/	237 B	2023-03-07	2024-03-23
Pretty URL tubancaonlineitau.herokuapp.com/ IP 54.165.58.209 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:48 Last Seen2024-03-23 05:05:31 Times Seen201 Hash 7785316f6352a0e08b0f360c47cc9517 3b1fd03d12263e5efe8e6cf660078eb525ca6d34 73533299d781797b91492e539cbf2b708fd88ea62d42d53b8538474aa5644bec Loading...

	tubancaonlineitau.herokuapp.com/	194 B	2023-03-07	2024-03-01
Pretty URL tubancaonlineitau.herokuapp.com/ IP 54.165.58.209 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:27 Last Seen2024-03-01 06:43:10 Times Seen108 Hash 664dd317b50023824a98321a856bd5e5 4cefbb8e0b89d7a3c45db84190aa981cc21839c3 1e80deb28d17231627d8f96c0909cddde635cc6be10faad309e78c2db61ba064 Loading...

	tubancaonlineitau.herokuapp.com/js/sax.js	1.3 kB	2023-04-01	2023-04-01
Pretty URL tubancaonlineitau.herokuapp.com/js/sax.js IP 54.165.58.209 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:32:47 Last Seen2023-04-01 10:32:47 Times Seen1 Hash 392c493ab4e9320b1426cb0c91003fbf 7258664643e761dfed69af6432073b53fbed7348 0e74106ceeef0a7226989bd289e1850b0d6dfe5c8d1718ab48b49abdf42ac3f6 Loading...

HTTP Transactions (42)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5555
Expires: Thu, 30 Mar 2023 02:54:30 GMT
Date: Thu, 30 Mar 2023 01:21:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10600
Expires: Thu, 30 Mar 2023 04:18:35 GMT
Date: Thu, 30 Mar 2023 01:21:55 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Alert, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 30 Mar 2023 01:16:02 GMT
content-type: application/json
age: 353
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10593
Expires: Thu, 30 Mar 2023 04:18:28 GMT
Date: Thu, 30 Mar 2023 01:21:55 GMT
Connection: keep-alive

ocsp.r2m02.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
3dfbbaa51fd2368a090183fb628a20fd
f8592fbc33cc5c89b95effa1cc2aa56450d4a15a
ae5e71593a98f3a5d500fb6c867ba350252e23d651619da2b9f6a184cdd14432

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131875
Date: Thu, 30 Mar 2023 01:21:55 GMT
Etag: "6424396c-1d7"
Expires: Fri, 31 Mar 2023 13:59:50 GMT
Last-Modified: Wed, 29 Mar 2023 13:13:16 GMT
Server: ECAcc (nya/7970)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: n9pU2yyPfqxxj8v4yDIivMcTKwLrwMHALVcrGVsD-sBoZH9Wbplu5Q==
Age: 2794

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: YlwKWqju8wAvlPsQ/+G6OfEvx6GRwY4bejwO4GfsgL404oyvi3EutBrcFBTluq1JpZ9z75as0NY=
x-amz-request-id: XJKSDT593E1GZ7JM
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 30 Mar 2023 01:02:43 GMT
age: 1152
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

tubancaonlineitau.herokuapp.com/

54.165.58.209

200 OK

14 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1114)
Size
14 kB (13918 bytes)
Hash
8bc07c76db56eead94649d91f9a778d2
d80faf181425ed89cd98bfca208003dbabf1ea04
84620f8f31ed62225af4ae450e154e71ab870e00189645ea9c87a652e7e49fff

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:55 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Via: 1.1 vegur

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 30 Mar 2023 01:21:55 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d4fd78e1925a923742815feb55c9dab0
1b9fb6bb01a275ea7a74aa4185f39e4640a2c5eb
88bc292164002e5b8c4ea4dd317ff1116051a581997bd74b06d0fb231ea15b0c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 30 Mar 2023 01:21:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.42

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Mar 2023 11:24:26 GMT
expires: Fri, 22 Mar 2024 11:24:26 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 568649
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

tubancaonlineitau.herokuapp.com/css/material-icons.css

54.165.58.209

200 OK

977 B

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/css/material-icons.css
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
ASCII text
Size
977 B (977 bytes)
Hash
9427e43ab04f3a351438cf326959cecb
ab8ec0285d77cb7674ae4cb65093d309848923a0
332d13757e1ca67e6cd8aa8b8b4e0f360f8916813515b918413e6dc67d9c97fa

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /css/material-icons.css HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:55 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "3d1-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 977
Content-Type: text/css
Via: 1.1 vegur

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d4fd78e1925a923742815feb55c9dab0
1b9fb6bb01a275ea7a74aa4185f39e4640a2c5eb
88bc292164002e5b8c4ea4dd317ff1116051a581997bd74b06d0fb231ea15b0c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 30 Mar 2023 01:21:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tubancaonlineitau.herokuapp.com/css/teclado-1.5.css

54.165.58.209

200 OK

1.3 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/css/teclado-1.5.css
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
ASCII text
Size
1.3 kB (1293 bytes)
Hash
edfb7ac1783b6c4a0b8ef9b4869277e3
890c2b42bb189ab48aae1ba607795425dc8b45fc
1424f05b8c235f9fb505f2c037fb2a07f22251e931b283be8bf667731ff65bfa

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /css/teclado-1.5.css HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:55 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "50d-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 1293
Content-Type: text/css
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/js/sax.js

54.165.58.209

200 OK

1.3 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/js/sax.js
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 text
Size
1.3 kB (1251 bytes)
Hash
392c493ab4e9320b1426cb0c91003fbf
7258664643e761dfed69af6432073b53fbed7348
0e74106ceeef0a7226989bd289e1850b0d6dfe5c8d1718ab48b49abdf42ac3f6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious JS code
openphish	Itau Unibanco S.A
fortinet	Phishing

HTTP Headers

GET /js/sax.js HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:55 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "4e3-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 1251
Content-Type: application/javascript
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/css/acceso_rapido.css

54.165.58.209

200 OK

8.5 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/css/acceso_rapido.css
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 (with BOM) text
Size
8.5 kB (8546 bytes)
Hash
860036207fb290e05c397e3cf938da1e
10755e7c11a5439bf9d0474e7b88f906b35554f9
a99127c9c96ae09b67ea33769fbc5c0d61e16860dca85396a8077ac9a730bd11

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /css/acceso_rapido.css HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:55 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "2162-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 8546
Content-Type: text/css
Via: 1.1 vegur

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Backoff, Last-Modified, Alert, Content-Length, Pragma, Cache-Control, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 30 Mar 2023 01:17:26 GMT
age: 269
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

tubancaonlineitau.herokuapp.com/css/font_style.css

54.165.58.209

200 OK

31 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/css/font_style.css
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
ASCII text
Size
31 kB (30599 bytes)
Hash
455ffcc0097933549b1587ae855fba4e
41754fded8010c541f8b2d1e9aa2ba62172f5cf0
5ac93dc299833d0afcfd0216f3c1c504cf7da0bd5c11e6f615957514abde0a57

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /css/font_style.css HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:55 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "7787-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 30599
Content-Type: text/css
Via: 1.1 vegur

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b3df8c73360b4239af64e11f9d2388be
dc5463ff26615b40e4eab388052790d6c30ea5e6
877b23d16abf2e0e9f649f53747e82af0b75e8595abd71728254e612847cfdb6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "877B23D16ABF2E0E9F649F53747E82AF0B75E8595ABD71728254E612847CFDB6"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2370
Expires: Thu, 30 Mar 2023 02:01:26 GMT
Date: Thu, 30 Mar 2023 01:21:56 GMT
Connection: keep-alive

push.services.mozilla.com/

35.161.26.194

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.26.194:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NcoTejN7BLrF3ufVMBOYBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xpFro8CnyGZ5+XctJ97abZzpOPg=

tubancaonlineitau.herokuapp.com/css/-style18.css

54.165.58.209

200 OK

386 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/css/-style18.css
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (356)
Size
386 kB (385696 bytes)
Hash
1acf32acf7825fc66422e51dfe160573
607502aa5923de17a225b2f90002e76c0d941d88
dbc269757a31d4c74eb3395802a4a1b79e2a1e2a64cec1159b815ccdae2a359e

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /css/-style18.css HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:55 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "5e2a0-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 385696
Content-Type: text/css
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/img/icon-24hs.png

54.165.58.209

200 OK

1.0 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/icon-24hs.png
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 24 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1004 bytes)
Hash
98eb6ee8d5c1e6cfa298f3697ad67e01
d3202f5dd9d5bf7453ce965e7b0c4343319bcae5
d484e247878a4c7619e5701a6275c403f697f71b454a1456f3d3884b9c9a544e

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/icon-24hs.png HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "3ec-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 1004
Content-Type: image/png
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/img/flagFooterParaguai.png

54.165.58.209

200 OK

2.2 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/flagFooterParaguai.png
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 58 x 37, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2223 bytes)
Hash
b193df1d87d1af9e80374915a9243633
ec7296b5d1f56e2d4b4699221623d7249af9ab17
5785c509a2717ba8917e07bc47f6fd3081f07ebdeba1aab2560b79aadaec31d8

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/flagFooterParaguai.png HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "8af-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 2223
Content-Type: image/png
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/img/icon-lock.png

54.165.58.209

200 OK

486 B

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/icon-lock.png
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 12 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
486 B (486 bytes)
Hash
9e01ee4a7549a50ee4fd650fd11ba44d
2916d039c99ed9f7cc2d5f5ebe6af17b75d890fd
ed95140a8d5d700cde505b942e3ddb05b0670cee3cf7b6747d8af99bfc8b1fdb

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/icon-lock.png HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "1e6-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 486
Content-Type: image/png
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/img/logo.png

54.165.58.209

200 OK

4.4 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/logo.png
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4390 bytes)
Hash
2301ca352ebbe7a8abefe9d80abbb24c
6c502758282c1bd82a3f646f755c7de08ddf9c4e
f947d9a990cae972a26578ab12d4a0404e23c278b91522ea8697f1f9c7c36c2f

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "1126-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 4390
Content-Type: image/png
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/img/ico-arrow1.png

54.165.58.209

404 Not Found

196 B

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/ico-arrow1.png
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/ico-arrow1.png HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/css/-style18.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/css/MaterialIcons-Regular.woff2

54.165.58.209

200 OK

44 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/css/MaterialIcons-Regular.woff2
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
Web Open Font Format (Version 2), TrueType, length 44300, version 1.720\012- data
Size
44 kB (44300 bytes)
Hash
570eb83859dc23dd0eec423a49e147fe
09963592e8c953cc7e14e3fb0a5b05d5042e8435
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A
fortinet	Phishing

HTTP Headers

GET /css/MaterialIcons-Regular.woff2 HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/css/material-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "ad0c-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 44300
Content-Type: font/woff2
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/img/popup-truncamiento-usd.jpg

54.165.58.209

200 OK

88 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/popup-truncamiento-usd.jpg
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 600x400, components 3\012- data
Size
88 kB (87602 bytes)
Hash
086831910ab5b664e2fadb8aeda0f468
7d070732be65137370e8bce00641b1c2fcd950c0
263348aa15a816d2e2efb959951695ae07177d1b95d58a3970a665376a5bb5a6

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/popup-truncamiento-usd.jpg HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "15632-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 87602
Content-Type: image/jpeg
Via: 1.1 vegur

tubancaonlineitau.herokuapp.com/img/banner.jpg

54.165.58.209

200 OK

229 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/banner.jpg
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1440x900, components 3\012- data
Size
229 kB (229276 bytes)
Hash
0d974eb818177dd2a55ee3df816e4ac1
8c5401275dbe43f2cd78c1de5b439d38ae4eedd7
345c1b30bfb1dacb178b5a86ca805f57d0a54f802192b58f6eaeb70fc6214127

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/banner.jpg HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:56 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "37f9c-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 229276
Content-Type: image/jpeg
Via: 1.1 vegur

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71d8f7c73746c14f00901ac80b49f736
cf1e23697db78cda212ebe10b211d082bdab0a21
a2a3d1f439e80f252ea3f14f529b1292cbb61849330e2b49792c59fc92341833

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2A3D1F439E80F252EA3F14F529B1292CBB61849330E2B49792C59FC92341833"
Last-Modified: Mon, 27 Mar 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15227
Expires: Thu, 30 Mar 2023 05:35:43 GMT
Date: Thu, 30 Mar 2023 01:21:56 GMT
Connection: keep-alive

tubancaonlineitau.herokuapp.com/img/favicon.ico

54.165.58.209

200 OK

4.3 kB

URL HTTP/1.1
tubancaonlineitau.herokuapp.com/img/favicon.ico
IP
54.165.58.209:0
ASN
#14618 AMAZON-AES

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
6ed7e5a020c416caa317236e26e6f5c6
85d070f99ae299f809b8d654944cabb6675f6da9
737e1fac38e8c861a49107d8c4e7d9853df2d70f1273b04623b00193e68e1f5e

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: tubancaonlineitau.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 30 Mar 2023 01:21:57 GMT
Server: Apache
Last-Modified: Wed, 29 Mar 2023 13:46:38 GMT
Etag: "10be-5f80a34844b80"
Accept-Ranges: bytes
Content-Length: 4286
Content-Type: image/x-icon
Via: 1.1 vegur

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71d8f7c73746c14f00901ac80b49f736
cf1e23697db78cda212ebe10b211d082bdab0a21
a2a3d1f439e80f252ea3f14f529b1292cbb61849330e2b49792c59fc92341833

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2A3D1F439E80F252EA3F14F529B1292CBB61849330E2B49792C59FC92341833"
Last-Modified: Mon, 27 Mar 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15226
Expires: Thu, 30 Mar 2023 05:35:43 GMT
Date: Thu, 30 Mar 2023 01:21:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12021
Expires: Thu, 30 Mar 2023 04:42:18 GMT
Date: Thu, 30 Mar 2023 01:21:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12021
Expires: Thu, 30 Mar 2023 04:42:18 GMT
Date: Thu, 30 Mar 2023 01:21:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12021
Expires: Thu, 30 Mar 2023 04:42:18 GMT
Date: Thu, 30 Mar 2023 01:21:57 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ede7667-0c62-431d-bf52-4d8ccdc0a386.jpeg

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ede7667-0c62-431d-bf52-4d8ccdc0a386.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4692 bytes)
Hash
93bb4ff5acd22b48f1712f72df4df6b8
7d7843c3395b2206b25de1a2ecf1d52e8008b7e1
612a9d27ab9770e67bc57e7f08318a221927154f60224f48da8cccdd6c978e3b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ede7667-0c62-431d-bf52-4d8ccdc0a386.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4692
x-amzn-requestid: 0de8cf95-12c7-4525-acc8-976d03ae205e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CewbkExoIAMFTQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64229449-56bda0e31c0771da427ce9b9;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 07:16:25 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: U7tLDFft82AChDcWO5zUAQJzGUNTM6h4on7E5y2uPS_VdvrIF7RAQw==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 08:08:16 GMT
age: 62021
etag: "7d7843c3395b2206b25de1a2ecf1d52e8008b7e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28245e40-16bd-42a4-8bce-13d3a5e205a7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5664 bytes)
Hash
93a665dd6e5dd69c8772d29764834cb3
c5a65e7d2b648ab55c758ff43ae62ed03ea1cef6
c160269453f66b71981c065b0de8c3b88935dc9f678ef47d2d7ad2afb1dc5df7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28245e40-16bd-42a4-8bce-13d3a5e205a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5664
x-amzn-requestid: de6df023-a8ee-4f43-843e-567fe1492c17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CewdBHOGoAMF1og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64229453-061fdcb64703d00d020ac124;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 07:16:35 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 2g-LYr-b-IJim3w09VnMfdGbG0gH_Tywg5Q836IMdWb93R9Y6sjNUA==
via: 1.1 17d76c2aee343249585a570f2d36d2ee.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 07:32:17 GMT
age: 64180
etag: "c5a65e7d2b648ab55c758ff43ae62ed03ea1cef6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3697d60-af19-4bfb-9d00-0a88b42c7092.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9030 bytes)
Hash
6119f1997cb5d1f4e61ddeeedae7a35f
13e9881bc79a5c361211430b0ba20eab32b3dbef
f38d53a870575f53855e00b6cb5422ffbf7a2210ccff25fc837c6a71b0d528b9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3697d60-af19-4bfb-9d00-0a88b42c7092.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9030
x-amzn-requestid: 5e98c214-3229-484f-911f-ca61e9a6ada3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cew9OHDgoAMFqxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64229521-0014bec92bd97c080a5015fd;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 07:20:01 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: iKE8kCq1U3EIAGIg4aerYZ6j0MeCjGzp9G_7aExDq23hzJtxZVg05A==
via: 1.1 5502255f9557c1e2c098b94110b6151c.cloudfront.net (CloudFront), 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 07:28:58 GMT
age: 64379
etag: "13e9881bc79a5c361211430b0ba20eab32b3dbef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ed4a5c5-fe11-4f30-864e-2116aae51642.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5395 bytes)
Hash
76c71571a378e261334e5acb723634ab
f1234c280364b6fe1dcf9c6c64edadc235108c4b
97544d600ab1ae204b169c3b7ba2a74df689b6c711a003d72f0934165d8a3e25

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ed4a5c5-fe11-4f30-864e-2116aae51642.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5395
x-amzn-requestid: ff3218dc-8754-4568-8e42-0885cb7e5d06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkA0BFYNoAMF80w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424ae7f-127129cf3776a60c333d205c;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:32:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: ayBzSVUrRznKMPzI1JYvj1ikLo-arbVQUxdEZDM7KYHWyL2cwT10tA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:45:03 GMT
etag: "f1234c280364b6fe1dcf9c6c64edadc235108c4b"
content-type: image/jpeg
age: 13014
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10271 bytes)
Hash
424b55535e5fd622b2fc96aac1246324
cf7cf08aa8969a86bf03695af2129686fd62fe86
c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 6lKfWQ4mVZdKDpPhp9KzllP2eyH03CsFufQxXVTUZ1s1t1gQs1OUFA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 0cf6c59c77f0fff670ae085179adc458.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:44:50 GMT
age: 13027
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2075fc9-4e24-4d01-853a-8aa29cb2b832.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4549 bytes)
Hash
2021c271f9290204bd14cd2a3a1680fc
39b68cbcaba381d63dc67bc289fb67c849adb9ff
a84c5dd1e52d7cd535e04cb455891a1442000eb0e4381031c976b4cf3be96f2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2075fc9-4e24-4d01-853a-8aa29cb2b832.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4549
x-amzn-requestid: 70e07309-5fc5-4307-b455-29a187eae0d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoBHFFoAMFx5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afcc-298f18fd0cf0b37465a74c13;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: kbG1Llnn0Elhz5ItoJyufkUgoB5FhmvLpk2oQox2HPnSHeBfCOuXXw==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:44:50 GMT
age: 13027
etag: "39b68cbcaba381d63dc67bc289fb67c849adb9ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ipinfo.io/

34.117.59.81

200 OK

684 B

URL HTTP/2
ipinfo.io/
IP
34.117.59.81:0
ASN
#15169 GOOGLE

File type
data
Size
684 B (684 bytes)
Hash
ad1e9b0a7505e5b7c837f75140947c91
dd32521791d25af40a19938411e21a3eadaa7283
6fdb9bfad7aee86fdf0c3c06fde380f890ec91af34e122c30c65add7fbe6297f

HTTP Headers

GET / HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tubancaonlineitau.herokuapp.com
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: application/json; charset=utf-8
date: Thu, 30 Mar 2023 01:21:57 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.ipify.org/?format=json

104.237.62.211

200 OK

21 B

URL HTTP/2
api.ipify.org/?format=json
IP
104.237.62.211:0
ASN
#18450 WEBNX

File type
JSON data\012- , ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tubancaonlineitau.herokuapp.com
Connection: keep-alive
Referer: https://tubancaonlineitau.herokuapp.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://tubancaonlineitau.herokuapp.com
content-type: application/json
date: Thu, 30 Mar 2023 01:21:58 GMT
vary: Origin
content-length: 21
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type