r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Wed, 08 Feb 2023 17:43:29 GMT
Date: Wed, 08 Feb 2023 15:23:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5232
Expires: Wed, 08 Feb 2023 16:50:39 GMT
Date: Wed, 08 Feb 2023 15:23:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 14:34:13 GMT
content-type: application/json
age: 2954
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7580
Expires: Wed, 08 Feb 2023 17:29:47 GMT
Date: Wed, 08 Feb 2023 15:23:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: j5LnOo2NtwA4O/fUEPq38e5BiGXsSVeVgMBFTBvQ+/Gl4X+Ncp3Y4cHcARMMKtQCAHvc0/Ik2Gg=
x-amz-request-id: CS3CDFW715T02WZA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 14:46:00 GMT
age: 2247
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
c1711957.ferozo.com/
200.58.111.40200 OK 11 kB IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6802), with CRLF line terminators
Hash 9ccc76a1e2ad3665f534a4b4773c147b
0a68c97b40b4f02a53ae73c5e90ec3d9e48d3d63
e3472b138665f7d4167fd6ff99ed62d46113aca73c73fb37b02b871dbd472141
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
NIDS Severity Alert suricata medium ET PHISHING Possible Phish - Saved Website Comment Observed
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET / HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Feb 2023 05:07:58 GMT
ETag: "be52-5f4293f656780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11106
Keep-Alive: timeout=10, max=200
Content-Type: text/html
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 15:23:27 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
c1711957.ferozo.com/index_files/keyboard.css
200.58.111.40200 OK 278 B URL HTTP/1.1 c1711957.ferozo.com/index_files/keyboard.css
IP 200.58.111.40:0
File type ASCII text, with CRLF line terminators
Hash a5d2d0a1837623406d0cb2e560323ee7
911a453441ae4f3ad5153f6d8e9ab4e0db972049
f55c9f92dbd10dd9195fa810aba195c3e724148b21e119a58b52dd668ff9e536
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/keyboard.css HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "1f7-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 278
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: text/css
c1711957.ferozo.com/index_files/all.css
200.58.111.40200 OK 11 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/all.css
IP 200.58.111.40:0
File type ASCII text, with very long lines (51030)
Hash 68b76d3a53a337d3a2e3c73b165f4fc3
58160e794940edd69d9df52e90b70f624352747e
861ae5e8f8624432a29bdccc4e2900dd76d5656ab757214047c42e2b5a184337
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/all.css HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "c80f-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11207
Keep-Alive: timeout=10, max=200
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 15:14:52 GMT
age: 515
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
c1711957.ferozo.com/index_files/simple-keyboard.css
200.58.111.40200 OK 878 B URL HTTP/1.1 c1711957.ferozo.com/index_files/simple-keyboard.css
IP 200.58.111.40:0
File type ASCII text, with CRLF line terminators
Hash b9653dc26ab622a16483c7a3c499fe4e
0b7337d83c9b41fdc2d30a3848c9b58a2ad7ba05
0cc884bc89024505fd4864bb71bb40f29ac2eaa79982b08b0b2c0de5be333553
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
GET /index_files/simple-keyboard.css HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "b54-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 878
Keep-Alive: timeout=10, max=200
Content-Type: text/css
c1711957.ferozo.com/index_files/jquery-ui-1.10.3.custom.css
200.58.111.40200 OK 6.2 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/jquery-ui-1.10.3.custom.css
IP 200.58.111.40:0
File type ASCII text, with very long lines (1339), with CRLF line terminators
Hash 70e29ae1851aacf50b4703bf51692649
863b4619094a2206f0303d580847ccd09d1a44f6
d1bee634285e968a42b82cc29944584f929498ed692e48357d30da93ffd392cb
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/jquery-ui-1.10.3.custom.css HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "8227-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6180
Keep-Alive: timeout=10, max=200
Content-Type: text/css
c1711957.ferozo.com/index_files/SiderBar.css
200.58.111.40200 OK 939 B URL HTTP/1.1 c1711957.ferozo.com/index_files/SiderBar.css
IP 200.58.111.40:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (359), with CRLF line terminators
Hash ba867275dafaf639d48159a23ab74297
e4a6003e3c0ff87d344b545b109a3790fbcabe39
a5003291d44ca37f3c99f08dbaebbfaa1523cf1b305edc3bc2a4e6b4a37db176
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/SiderBar.css HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "db0-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 939
Keep-Alive: timeout=10, max=200
Content-Type: text/css
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2355
Expires: Wed, 08 Feb 2023 16:02:42 GMT
Date: Wed, 08 Feb 2023 15:23:27 GMT
Connection: keep-alive
c1711957.ferozo.com/index_files/optimize.js.descarga
200.58.111.40200 OK 43 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/optimize.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (1759)
Hash 0e7e15b912d0a59764e29a8adff6ae6c
818cf42e8334b9c2ee8250d6459b6b872cc70ae5
de538437212d2289fb73a04ddc53d4bcda0539aa62430c5f422bc181782e5eac
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/optimize.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "1ba8e-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 43361
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/styles.css
200.58.111.40200 OK 43 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/styles.css
IP 200.58.111.40:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (418), with CRLF line terminators
Hash d2be34c9394c5f41dc3d4e357c1212bd
aaa69bd1cc6391cdf92a0db8426ed03713fdee05
65769f5b5da38534474cac0073bbb541597cf75dd4981525ad950e0b5f39e7b8
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/styles.css HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "40e02-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 42745
Keep-Alive: timeout=10, max=200
Content-Type: text/css
push.services.mozilla.com/
35.81.158.34101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.158.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: i3+/4WLhevZ98b0P0LQq3g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dxxDrWf1PngvcTelv/9GU+tSvHQ=
c1711957.ferozo.com/index_files/sessvars.js.descarga
200.58.111.40200 OK 2.7 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/sessvars.js.descarga
IP 200.58.111.40:0
File type C source, ASCII text, with very long lines (365), with CRLF line terminators
Hash 44d417ff97d55e2deff4e299b5e69871
90c525abac1ef2459bcfcf7c7ff21bd75cbeeb10
d29fbd2e0c40d05ec1985f1537195ac40df0812256f61ef8b075011d56c0176d
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/sessvars.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "1b0f-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2653
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/gtm.js.descarga
200.58.111.40200 OK 76 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/gtm.js.descarga
IP 200.58.111.40:0
File type Unicode text, UTF-8 text, with very long lines (46394)
Hash eb0c8f1cef5075d65ca3efabe8a227cb
f04e553f8df7fd405cc371a19af8d3f2332a5805
8ea7c868cb592c39039d06ac285edad173145a8a759373546e0cd325cb5c4d0b
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/gtm.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:27 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "3be59-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
c1711957.ferozo.com/index_files/GOPrototypes.js.descarga
200.58.111.40200 OK 9.6 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/GOPrototypes.js.descarga
IP 200.58.111.40:0
File type Non-ISO extended-ASCII text, with CRLF line terminators
Hash de8848ca43377cf8c2098a56537e2b84
0cd94a79d5dec88a90931d90844c1db58d90a746
8ee59841b70346326c9ca0b44c34c83bb14610b581b33dc06f266710cac698a3
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/GOPrototypes.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "ca26-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9607
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/Core.js.descarga
200.58.111.40200 OK 22 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/Core.js.descarga
IP 200.58.111.40:0
File type ISO-8859 text, with very long lines (312), with CRLF line terminators
Hash 6920dfb6ed5e5028263201accbc5e34e
b9c42ab6eb59f6800082c38a48ae7bcd95f00b5d
6a45438dd3e51926f3814db0b5540dc84668705066200ca9fe72f028b7d0063c
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/Core.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "15ee8-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21808
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: application/javascript
www.googletagmanager.com/gtag/js?id=G-23D1JFWMP9&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-23D1JFWMP9&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ab451cc11f0b86c1f60597d018513664
cccbec1f5a800d1e6c7821b07f8171299ff06a41
3c21115ba14d4a36357acc23451e800a450721b53b859f600c37c4b39c14fd83
GET /gtag/js?id=G-23D1JFWMP9&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-23D1JFWMP9&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 08 Feb 2023 15:23:28 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c1711957.ferozo.com/index_files/SideBar.js.descarga
200.58.111.40200 OK 410 B URL HTTP/1.1 c1711957.ferozo.com/index_files/SideBar.js.descarga
IP 200.58.111.40:0
File type ASCII text, with CRLF line terminators
Hash 8aae32600e405bc4f2f405dc6b1c8467
8dda4037e39943d5ba3b6e96073d02042bd1e48c
394c2aa582aeed251e4e27d7dff48d12af1e1aca850a3ff4163b7d98aba02757
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/SideBar.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "403-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 410
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: application/javascript
www.googletagmanager.com/gtag/js?id=G-23D1JFWMP9&l=dataLayer&cx=c
142.250.74.40200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-23D1JFWMP9&l=dataLayer&cx=c
IP 142.250.74.40:0
File type ASCII text, with very long lines (21849)
Hash 6408574651ed301505cd83d4d4ae9492
f477455b2b373667a5294f7568c35c68dbc11a9e
5ccf0271d945ea7fa044b374137f1d5c6446c4c407c621e211aabf6458dcb342
GET /gtag/js?id=G-23D1JFWMP9&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c1711957.ferozo.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 15:23:28 GMT
expires: Wed, 08 Feb 2023 15:23:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77834
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1711957.ferozo.com/index_files/BigInt.js.descarga
200.58.111.40200 OK 4.6 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/BigInt.js.descarga
IP 200.58.111.40:0
File type ASCII text, with CRLF line terminators
Hash 2ecd9a71be82df1de49e92d04f723776
3af2805c8b174db1f4d5112234ca74fe69a401b1
80a363489dbb736fa2940b5812dffbc752c399c2bd551b0b1b7a6f8fe582e7fe
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/BigInt.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "3d70-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4605
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/RsaWPadding.js.descarga
200.58.111.40200 OK 1.7 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/RsaWPadding.js.descarga
IP 200.58.111.40:0
File type ASCII text, with CRLF line terminators
Hash da943d277fd20f2fe6e5aa65991ea937
ef4623784627b678bee32ba3b0a57093345ba47a
75681021e615314b236dc693d5c0edcd1df81ff7679917daf2bc9b62e33d210b
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/RsaWPadding.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "fb4-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1650
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/hashtable.js.descarga
200.58.111.40200 OK 3.3 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/hashtable.js.descarga
IP 200.58.111.40:0
File type ASCII text, with CRLF line terminators
Hash 49c6df65e9380d7d9f30c90b709c7935
514042294e86d7a5330aef3103f182c0c0c493da
dff7f9a67af6b7d463c90b5f149abfa980e6efec9100a5637735dc1b46c4a50f
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/hashtable.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "3701-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3342
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c1711957.ferozo.com/index_files/rsa.js.descarga
200.58.111.40200 OK 11 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/rsa.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (1738), with CRLF line terminators
Hash 18c2a97a9e1d198335c50c29ea0e7825
c013c829007f6980f93f79211adc983a14a2d6db
4c00fd8c5abe0683e20a47578155554a89c607694b69988e04ee7010ea550e2f
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/rsa.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "9230-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10589
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/saved_resource
200.58.111.40200 OK 959 B URL HTTP/1.1 c1711957.ferozo.com/index_files/saved_resource
IP 200.58.111.40:0
File type ASCII text, with very long lines (959), with no line terminators
Hash e839bf471a5c6d390d59f37d139722ef
b76fd31a1a820997e39399dbbe71448047f4ae43
c93153ac3f59a9b53b5ae04c99bded904698ebed8ee2c9303b9503eabfc73631
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
GET /index_files/saved_resource HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "3bf-5f42936b19f00"
Accept-Ranges: bytes
Content-Length: 959
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
c1711957.ferozo.com/index_files/RCf1e0a1e2dc864a73bae93dbc0ef8e6bd-source.min.js.descarga
200.58.111.40200 OK 542 B URL HTTP/1.1 c1711957.ferozo.com/index_files/RCf1e0a1e2dc864a73bae93dbc0ef8e6bd-source.min.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (864)
Hash bfb6a37c22abe20562f0c2da05797e17
1b502baec31288e6f5463e9a82850b724124e1c5
00b912da01f31f8061bf56f59fc324f70c49a7b77a40ccce34a286577f8d41aa
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/RCf1e0a1e2dc864a73bae93dbc0ef8e6bd-source.min.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "3f3-5f42936b19f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 542
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/jquery-ui-1.10.3.custom.min.js.descarga
200.58.111.40200 OK 108 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/jquery-ui-1.10.3.custom.min.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (840), with CRLF line terminators
Size 108 kB (107600 bytes)
Hash f87f00c48359fa89108eb506ea19bc57
76abcaa1ca0a49507f5997df486fb62066692bbe
7e2ddaf53cd476b10803cdfb9d16d85c117faf9b82f85888ecdc1d980892c548
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/jquery-ui-1.10.3.custom.min.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "6e0de-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
c1711957.ferozo.com/index_files/RC4fcb7b75ff1649d09b7cec276cfecfa6-source.min.js.descarga
200.58.111.40200 OK 356 B URL HTTP/1.1 c1711957.ferozo.com/index_files/RC4fcb7b75ff1649d09b7cec276cfecfa6-source.min.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (433)
Hash 97fa1cf2abc99128f4c1f0f9923d0d26
6160dce30b46044b32d9b5fa53b03dcdf479ef2b
f963619763863c9f20434025bb450e48fad150477216d6877a81cf0c6920314a
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/RC4fcb7b75ff1649d09b7cec276cfecfa6-source.min.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "244-5f42936b19f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 356
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/RC47e5f53caa2d40bfb9684e62ffe188fe-source.min.js.descarga
200.58.111.40200 OK 222 B URL HTTP/1.1 c1711957.ferozo.com/index_files/RC47e5f53caa2d40bfb9684e62ffe188fe-source.min.js.descarga
IP 200.58.111.40:0
Hash 4a1908f8722ff2d4c0cbfaeb513e62eb
3f27626758f645cb74c300470ad8e5c565a81aad
5618af743ce5ae54d1e7b26c0d2b23da09457d5df9a7836857b59517a91bba41
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/RC47e5f53caa2d40bfb9684e62ffe188fe-source.min.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "15e-5f42936b19f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 222
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/borders.js.descarga
200.58.111.40200 OK 431 B URL HTTP/1.1 c1711957.ferozo.com/index_files/borders.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (1304), with no line terminators
Hash c6724bec72043bca28ce148c79ee5e84
67ff4cc3203a436b84b50faeef898743ee1a04d8
716eff9f4bfdf92cab14178eb90054e3b19753468e956a4cb85f11f6bdee8edf
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/borders.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "518-5f42936b19f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 431
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1547db7324cf54206acda1d817de4f91
ac6c17151351881988d41f175fb3fb5e7a190333
492f122e04484b54fa9ba3351271dea6537b45d2d653847b21c8324ac0f817a1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:29 GMT
Etag: "63e1f8a3-118"
Server: ECS (amb/6B7E)
Content-Length: 279
c1711957.ferozo.com/index_files/simple-keyboard.min.js.descarga
200.58.111.40200 OK 5.4 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/simple-keyboard.min.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (19664), with CRLF line terminators
Hash fa2ae80071e1ef732b9589f1ff31cb13
cee26cbd904e2a74b5d7e5f76d51ecbf78bc5826
93155dc3675e0282bf1d3b66975faa9fb5a6f4a3e2a7116d3ecdbe53cbb5983e
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
GET /index_files/simple-keyboard.min.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "4eff-5f42936b19f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5411
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/polyfill.js.descarga
200.58.111.40200 OK 672 B URL HTTP/1.1 c1711957.ferozo.com/index_files/polyfill.js.descarga
IP 200.58.111.40:0
File type ASCII text, with CRLF line terminators
Hash 5dc5a228625422e92c9b5beb8c7b417d
67569836113125adbee2b90730d04ec5322e38dc
34feda018175e4ef4f4f13fdf594f49fe226a1f3f168b62b69c4d88adc493ccc
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
GET /index_files/polyfill.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "6f6-5f42936b19f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 672
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/index_files/keyboard.js.descarga
200.58.111.40200 OK 1.6 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/keyboard.js.descarga
IP 200.58.111.40:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 0b1a03f7966c1dd9b94ed386716502b4
e6a727ccc6b360ffaa0f338002cb02e46f9b423e
ab4283b48b1c697f05df24519dff4ddb4034d9346821554b428930a20d0b658f
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/keyboard.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "1201-5f42936b19f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1643
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/images/commons/icon-commons.png
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/images/commons/icon-commons.png
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
GET /images/commons/icon-commons.png HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/index_files/styles.css
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/images/commons/l-accesos.png
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/images/commons/l-accesos.png
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
GET /images/commons/l-accesos.png HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/index_files/styles.css
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/images/commons/icon-buttons.png
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/images/commons/icon-buttons.png
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
GET /images/commons/icon-buttons.png HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/index_files/styles.css
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Wed, 08 Feb 2023 17:14:55 GMT
Date: Wed, 08 Feb 2023 15:23:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Wed, 08 Feb 2023 17:14:55 GMT
Date: Wed, 08 Feb 2023 15:23:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Wed, 08 Feb 2023 17:14:55 GMT
Date: Wed, 08 Feb 2023 15:23:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Wed, 08 Feb 2023 17:14:55 GMT
Date: Wed, 08 Feb 2023 15:23:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Wed, 08 Feb 2023 17:14:55 GMT
Date: Wed, 08 Feb 2023 15:23:29 GMT
Connection: keep-alive
gal.bgsensors.co/api/wb/b3f76076-f760-49d8-ab30-437b9b182ac7/60a375cb-568d-41f6-a2d9-0e5d6c6ad549/1244/?rfr=&hash=&dom=c1711957.ferozo.com&href=http://c1711957.ferozo.com/
188.114.97.1200 OK 67 B URL HTTP/2 gal.bgsensors.co/api/wb/b3f76076-f760-49d8-ab30-437b9b182ac7/60a375cb-568d-41f6-a2d9-0e5d6c6ad549/1244/?rfr=&hash=&dom=c1711957.ferozo.com&href=http://c1711957.ferozo.com/
IP 188.114.97.1:0
File type PNG image data, 1 x 1, 1-bit grayscale, non-interlaced\012- data
Hash 06707af2ef27f407df4958d3abf2a9f7
874a600942cc18a6c71a96ee2e19fecd42886bfb
089ad5bf4831b6758e9907db43bc5ebba2e9248a9929dad6132c49932e538278
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
GET /api/wb/b3f76076-f760-49d8-ab30-437b9b182ac7/60a375cb-568d-41f6-a2d9-0e5d6c6ad549/1244/?rfr=&hash=&dom=c1711957.ferozo.com&href=http://c1711957.ferozo.com/ HTTP/1.1
Host: gal.bgsensors.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 15:23:29 GMT
content-type: image/png
content-length: 67
x-frame-options: SAMEORIGIN
vary: Origin
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWtCslOGrMTHcynZlgsMoxZiCJrDarr6wBlSlIQK8KsEj1L6N%2BwHT6bM%2BK%2F5lztHPbpUdzEvO3%2BvVPDPNo9IW%2B%2BCU6zq2I4Ze%2B%2B3TTsIL0S%2F%2ByLaT3wgYI5fTyqR5X97toHM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79655de39a45b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7543be9bef0afb8f61344286b7136dd7
e1537aa408cde39d2a314cc2a14f7f7a04a84eb1
162f0898f88d84c8d06542e48e8ff6a903e638f2a837f32681ae1f5e28ae40d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7303
x-amzn-requestid: 081c79e9-2b23-47ad-8b7d-7197c5515c0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f58kdHMvIAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a7b5-66fca524070e374310920915;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:09:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SU23ljJF5eIu0L9YNQOtZlwuMHs9Ri91iu2-YS9v2pNBA-pkJYU2SA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 05:01:33 GMT
age: 37316
etag: "e1537aa408cde39d2a314cc2a14f7f7a04a84eb1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c1711957.ferozo.com/index_files/launch-de55e9a10fa1.min.js.descarga
200.58.111.40200 OK 88 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/launch-de55e9a10fa1.min.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (32761)
Hash f8922e822932d1819f98f0643306dc46
5644c235d6fe2f14dcd057d5336d39e868e220ba
685a048d6a08fa791c9231fb5d6e702ed9f03414152782310c9e4114430a3a2b
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/launch-de55e9a10fa1.min.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "44045-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 845e4e4051f1162b20d3df5f208e8d3e
076462f67531c60b31ec768a275c96317292306d
40996d8929ab92f342328fc018518d6131c6222b0ec23051775eda276a602026
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4168
x-amzn-requestid: 24814225-0063-49fb-86ff-e78869538b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjQFS_IAMFtLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-67307c42182089b3096e98b5;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qLuHdYthPTS7qoVjS783M1Q-RtOluQpKozCi-zABez133FyvgBsBog==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:37 GMT
age: 63592
etag: "076462f67531c60b31ec768a275c96317292306d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c1711957.ferozo.com/Users/LogClientSideError
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Users/LogClientSideError
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
POST /Users/LogClientSideError HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 244
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=194
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 07:53:36 GMT
age: 26993
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 726928e5de19ef978faebbe933c34008
bdaba3ed0c7efb65de88af96063d830683c8499b
c6d208fcee052da80de1bf2dcccbbc48853511b8888c4777799ee676abba51b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8644
x-amzn-requestid: d6d71f42-f887-4ad0-a2b7-9073d3857b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjRHBFoAMF4_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-57490f255d8d30a561fdcd3a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qfHMhMAdnYcOa0Xm23enTGXj4CQC-QFHV50Pq6QQdvM5YcIgUZVPRQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:54:36 GMT
etag: "bdaba3ed0c7efb65de88af96063d830683c8499b"
content-type: image/jpeg
age: 62933
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
region1.analytics.google.com/g/collect?v=2&tid=G-23D1JFWMP9>m=45je3260&_p=505303386&_gaz=1&cid=981734126.1675869864&ul=en-us&sr=1280x1024&uaW=1&_s=1&dt=Office%20Banking&dl=http%3A%2F%2Fc1711957.ferozo.com%2F&sid=1675869863&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_path=%2F
216.239.32.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-23D1JFWMP9>m=45je3260&_p=505303386&_gaz=1&cid=981734126.1675869864&ul=en-us&sr=1280x1024&uaW=1&_s=1&dt=Office%20Banking&dl=http%3A%2F%2Fc1711957.ferozo.com%2F&sid=1675869863&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_path=%2F
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-23D1JFWMP9>m=45je3260&_p=505303386&_gaz=1&cid=981734126.1675869864&ul=en-us&sr=1280x1024&uaW=1&_s=1&dt=Office%20Banking&dl=http%3A%2F%2Fc1711957.ferozo.com%2F&sid=1675869863&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_path=%2F HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://c1711957.ferozo.com
date: Wed, 08 Feb 2023 15:23:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: ef7a879d-25be-42b0-a5c5-df6ad8f1482c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_R2FFv5IAMFZ7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c9c0-2f8fa7ef41b70de04cfb5ac6;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:59:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JxJrYYY7fMm_DCBcuC4OEdR62HL5VMvJbt_a6TWp4QfqN0qxgFgj-A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:50 GMT
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
age: 62199
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1547db7324cf54206acda1d817de4f91
ac6c17151351881988d41f175fb3fb5e7a190333
492f122e04484b54fa9ba3351271dea6537b45d2d653847b21c8324ac0f817a1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:29 GMT
Etag: "63e1f8a3-118"
Last-Modified: Wed, 08 Feb 2023 15:23:29 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
stats.g.doubleclick.net/g/collect?v=2&tid=G-23D1JFWMP9&cid=981734126.1675869864>m=45je3260&aip=1
64.233.162.157204 No Content 0 B URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-23D1JFWMP9&cid=981734126.1675869864>m=45je3260&aip=1
IP 64.233.162.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-23D1JFWMP9&cid=981734126.1675869864>m=45je3260&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://c1711957.ferozo.com
date: Wed, 08 Feb 2023 15:23:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1711957.ferozo.com/index_files/analytics.js.descarga
200.58.111.40200 OK 20 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/analytics.js.descarga
IP 200.58.111.40:0
File type ASCII text, with very long lines (1490)
Hash 7caab9fd825ff88749f87e61c7b96164
3c4f99f23b9ec54f53ce48fd08b25719a4f10cb2
38628c16b6ad175dd9aae418a4533207d8aad61c64faeb088d095adea13b42eb
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/analytics.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "c43a-5f42936749600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20119
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: application/javascript
c1711957.ferozo.com/Users/LogClientSideError
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Users/LogClientSideError
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
POST /Users/LogClientSideError HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 158
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/Users/LogClientSideError
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Users/LogClientSideError
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
POST /Users/LogClientSideError HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 158
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/Users/LogClientSideError
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Users/LogClientSideError
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
POST /Users/LogClientSideError HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 158
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
assets.adobedtm.com/87fc8b53a8b1/29b0bfbb2495/4bc883170962/RCf1e0a1e2dc864a73bae93dbc0ef8e6bd-source.min.js
23.38.200.237200 OK 542 B URL HTTP/2 assets.adobedtm.com/87fc8b53a8b1/29b0bfbb2495/4bc883170962/RCf1e0a1e2dc864a73bae93dbc0ef8e6bd-source.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (864)
Hash 05a5bb4dc996000abe560cc272c751f0
ab0fa8e0fabecf282bdbddaf59c5722ffb3bf9bf
cb0ab7af435ece6b22b4a3640f5788d6774cd7a3a1e61ec8403e9ef611e69e00
GET /87fc8b53a8b1/29b0bfbb2495/4bc883170962/RCf1e0a1e2dc864a73bae93dbc0ef8e6bd-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "447e29526c006a3bd4a61568a495d995:1672752889.790198"
last-modified: Tue, 03 Jan 2023 13:34:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 542
cache-control: max-age=3600
expires: Wed, 08 Feb 2023 16:23:29 GMT
date: Wed, 08 Feb 2023 15:23:29 GMT
access-control-allow-origin: http://c1711957.ferozo.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/87fc8b53a8b1/29b0bfbb2495/4bc883170962/RC4fcb7b75ff1649d09b7cec276cfecfa6-source.min.js
23.38.200.237200 OK 356 B URL HTTP/2 assets.adobedtm.com/87fc8b53a8b1/29b0bfbb2495/4bc883170962/RC4fcb7b75ff1649d09b7cec276cfecfa6-source.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (433)
Hash 670007ba1df06f99b706c862ca3506b9
eafa1f80c10e2fecbf6a837203d97ec429416b08
da6d8a8fe517f8bf426f8d2e3d4c1201ec6a193ea7dece37ef52ecf3a041219b
GET /87fc8b53a8b1/29b0bfbb2495/4bc883170962/RC4fcb7b75ff1649d09b7cec276cfecfa6-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "447e29526c006a3bd4a61568a495d995:1672752889.790198"
last-modified: Tue, 03 Jan 2023 13:34:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 356
cache-control: max-age=3600
expires: Wed, 08 Feb 2023 16:23:29 GMT
date: Wed, 08 Feb 2023 15:23:29 GMT
access-control-allow-origin: http://c1711957.ferozo.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/87fc8b53a8b1/29b0bfbb2495/4bc883170962/RC47e5f53caa2d40bfb9684e62ffe188fe-source.min.js
23.38.200.237200 OK 222 B URL HTTP/2 assets.adobedtm.com/87fc8b53a8b1/29b0bfbb2495/4bc883170962/RC47e5f53caa2d40bfb9684e62ffe188fe-source.min.js
IP 23.38.200.237:0
Hash b8c956c003f1066a5816789762ae9c3a
f44b3d16556b59c37120b2a5bd147aa7cc01b0de
63bf41130761a046510e48594fed30432a708a1fdb9cce6cecbd21a1772e4c43
GET /87fc8b53a8b1/29b0bfbb2495/4bc883170962/RC47e5f53caa2d40bfb9684e62ffe188fe-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "447e29526c006a3bd4a61568a495d995:1672752889.790198"
last-modified: Tue, 03 Jan 2023 13:34:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 222
cache-control: max-age=3600
expires: Wed, 08 Feb 2023 16:23:29 GMT
date: Wed, 08 Feb 2023 15:23:29 GMT
access-control-allow-origin: http://c1711957.ferozo.com
timing-allow-origin: *
X-Firefox-Spdy: h2
c1711957.ferozo.com/Users/LogClientSideError
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Users/LogClientSideError
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
POST /Users/LogClientSideError HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 244
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=193
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5cee7b98e5150c1f893636a54fc4a6a3
a4a5c0b5271d7489985e25bc9c5d912d4e2552d6
695a2faaf6485e37d403123c99b79a6c3cdf768592b487862cc23a10a6ab407e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 704
Cache-Control: max-age=140114
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:29 GMT
Etag: "63e33c03-1d7"
Expires: Fri, 10 Feb 2023 06:18:43 GMT
Last-Modified: Wed, 08 Feb 2023 06:06:59 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
c1711957.ferozo.com/Users/LogClientSideError
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Users/LogClientSideError
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
POST /Users/LogClientSideError HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 244
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/Users/TestEncrypt
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Users/TestEncrypt
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
POST /Users/TestEncrypt HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 261
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=194
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/Home/PilotoImagenLogin
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Home/PilotoImagenLogin
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
GET /Home/PilotoImagenLogin HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=194
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/webfonts/fa-regular-400.woff2
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/webfonts/fa-regular-400.woff2
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
GET /webfonts/fa-regular-400.woff2 HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://c1711957.ferozo.com/index_files/all.css
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=194
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ab88b8165d39c17802adcfb408ea10fa
fc931d76c575e6d449a0ee0fc3f149436fab526a
c82028ee7859d2c74998ab9385a8146f61e51918687edee3e6feb0f25bed294c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4092
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:29 GMT
Last-Modified: Wed, 08 Feb 2023 14:15:17 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=DF3360B65E15FFB70A495C4A%40AdobeOrg&d_nsid=0&ts=1675869864401
54.72.143.161200 OK 570 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=DF3360B65E15FFB70A495C4A%40AdobeOrg&d_nsid=0&ts=1675869864401
IP 54.72.143.161:0
File type JSON data\012- , ASCII text, with very long lines (1006), with no line terminators
Hash 23c8fb57712ad0547020661e0a9c776b
5f8c98c5490fa7b596eda902fa50e59dfdaf00f3
538e5781e7a2cee2696cb7f45fe65b61fda6c0f88dde891eda35be31e576bc67
GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=DF3360B65E15FFB70A495C4A%40AdobeOrg&d_nsid=0&ts=1675869864401 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://c1711957.ferozo.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-095b292e2.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=45128804845649440884392217265343702455; Max-Age=15552000; Expires=Mon, 07 Aug 2023 15:23:29 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: hsrLSH7yRos=
Content-Length: 570
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 26efb95230a8cea7b41daf1471ea6293
893cc606f115a09f1260394ddac94021261885ee
1e47b16d150844827e9cabe84dec04f94ed9f24ea2cbbda212b6bb625135de03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=152720
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:29 GMT
Etag: "63e37001-1d7"
Expires: Fri, 10 Feb 2023 09:48:49 GMT
Last-Modified: Wed, 08 Feb 2023 09:48:49 GMT
Server: nginx
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DF3360B65E15FFB70A495C4A%40AdobeOrg&d_nsid=0&d_mid=40196849902683134973863095091132821238&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=bg_sync_uid%01NaN%012&d_cid_ic=AdobeCampaignID%01NaN%012&d_cid_ic=mayoristaUserId%01NaN%012&ts=1675869864741
54.72.143.161200 OK 571 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DF3360B65E15FFB70A495C4A%40AdobeOrg&d_nsid=0&d_mid=40196849902683134973863095091132821238&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=bg_sync_uid%01NaN%012&d_cid_ic=AdobeCampaignID%01NaN%012&d_cid_ic=mayoristaUserId%01NaN%012&ts=1675869864741
IP 54.72.143.161:0
File type JSON data\012- , ASCII text, with very long lines (1006), with no line terminators
Hash e241346bbb90a24ba6ea03403b57601e
0f9ac92645a6980eb8da9bde43054ea1448fc7be
c9da0b549c2f067fe7f0e611405b319b1d367456b71b2f20449f30f952b99bfd
GET /id?d_visid_ver=5.5.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DF3360B65E15FFB70A495C4A%40AdobeOrg&d_nsid=0&d_mid=40196849902683134973863095091132821238&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=bg_sync_uid%01NaN%012&d_cid_ic=AdobeCampaignID%01NaN%012&d_cid_ic=mayoristaUserId%01NaN%012&ts=1675869864741 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://c1711957.ferozo.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-02d41f003.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=63269881978979131282509577842434949587; Max-Age=15552000; Expires=Mon, 07 Aug 2023 15:23:29 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: IOKo95yrRRY=
Content-Length: 571
Connection: keep-alive
c1711957.ferozo.com/index_files/logo-galicia-new.png
200.58.111.40200 OK 3.6 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/logo-galicia-new.png
IP 200.58.111.40:0
File type PNG image data, 148 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash 3529d3d714f5550a9f669230656f925b
01d37bd9daa559ba7eeb3441c810a4faf96c417c
c1ac115788f922e9bb68fc1e4710ed077bcae6e5014bc163c434b598e1e17ec9
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/logo-galicia-new.png HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "e05-5f42936b19f00"
Accept-Ranges: bytes
Content-Length: 3589
Keep-Alive: timeout=10, max=192
Connection: Keep-Alive
Content-Type: image/png
c1711957.ferozo.com/index_files/js
200.58.111.40200 OK 224 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/js
IP 200.58.111.40:0
File type ASCII text, with very long lines (21849)
Size 224 kB (223913 bytes)
Hash d988c2350fa9a89084f8f343d3b94874
f407a80aba47de429b207a8953b816452fc1703d
6820aa716dd68bf212338b12b130caa43eccd7960f2ad5d140795b9316c12d85
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/js HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:28 GMT
ETag: "36aa9-5f42936749600"
Accept-Ranges: bytes
Content-Length: 223913
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
c1711957.ferozo.com/index_files/logo-ob.png
200.58.111.40200 OK 41 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/logo-ob.png
IP 200.58.111.40:0
File type PNG image data, 155 x 37, 8-bit/color RGBA, non-interlaced\012- data
Hash c851c4526ba661d60b4b762e3f08a0cd
64cee333c93089d045001c0f6130448b9e9312b5
8ba5487a3441be54f0d77878bdde04863c7918e7551eae45e7d4d039d701d313
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/logo-ob.png HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "a122-5f42936b19f00"
Accept-Ranges: bytes
Content-Length: 41250
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: image/png
galiciabanco.tt.omtrdc.net/rest/v1/delivery?client=galiciabanco&sessionId=e324068f136f430c87e608a72104a6d1&version=2.10.0
52.209.9.253200 419 B URL HTTP/1.1 galiciabanco.tt.omtrdc.net/rest/v1/delivery?client=galiciabanco&sessionId=e324068f136f430c87e608a72104a6d1&version=2.10.0
IP 52.209.9.253:0
File type JSON data\012- , ASCII text, with very long lines (700), with no line terminators
Hash fc66b979cf1dda1befcd34f897f37fe1
ebdc7768fe6e55cbe1d8d3b76dd84398272ee689
3aa2971b460802b0e2b29fedd9b25c27577155442845f0638f0922f2ab4b9f80
POST /rest/v1/delivery?client=galiciabanco&sessionId=e324068f136f430c87e608a72104a6d1&version=2.10.0 HTTP/1.1
Host: galiciabanco.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain
Content-Length: 1385
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200
Date: Wed, 08 Feb 2023 15:23:29 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
Access-Control-Allow-Origin: http://c1711957.ferozo.com
Access-Control-Allow-Credentials: true
X-Request-ID: ec748ede3afa6fe7c8d4d0b439614a13
Timing-Allow-Origin: *
Accept-CH: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
Content-Encoding: gzip
c1711957.ferozo.com/webfonts/fa-regular-400.woff
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/webfonts/fa-regular-400.woff
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
GET /webfonts/fa-regular-400.woff HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://c1711957.ferozo.com/index_files/all.css
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864; AMCV_DF3360B65E15FFB70A495C4A%40AdobeOrg=179643557%7CMCIDTS%7C19397%7CvVersion%7C5.5.0; mbox=session#e324068f136f430c87e608a72104a6d1#1675871725; at_check=true
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=193
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
galiciabanco.demdex.net/dest5.html?d_nsid=0
54.72.143.161200 OK 2.8 kB URL HTTP/1.1 galiciabanco.demdex.net/dest5.html?d_nsid=0
IP 54.72.143.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: galiciabanco.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 8 Feb 2023 15:23:30 GMT
DCS: dcs-prod-irl1-2-v046-0d40b97f0.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Feb 2023 11:53:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: Jn1RMsraRro=
Content-Length: 2791
Connection: keep-alive
c1711957.ferozo.com/Images/Banners/login-banner-00.jpg
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Images/Banners/login-banner-00.jpg
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
GET /Images/Banners/login-banner-00.jpg HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864; AMCV_DF3360B65E15FFB70A495C4A%40AdobeOrg=179643557%7CMCIDTS%7C19397%7CMCMID%7C40196849902683134973863095091132821238%7CMCAAMLH-1676474664%7C6%7CvVersion%7C5.5.0; mbox=session#e324068f136f430c87e608a72104a6d1#1675871725; at_check=true
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c1711957.ferozo.com/index_files/logo-norton-secured.png
200.58.111.40200 OK 55 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/logo-norton-secured.png
IP 200.58.111.40:0
File type PNG image data, 83 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash c775ec4a1ad4351e8aa7eddc2749d027
d5110d97f622fc23a512f4622d631ee67319d21d
35cb5eab45d68fb30d35b279656e72d0d55c16a133b194aaa0282b9ee053a8a6
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/logo-norton-secured.png HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "d56d-5f42936b19f00"
Accept-Ranges: bytes
Content-Length: 54637
Keep-Alive: timeout=10, max=193
Connection: Keep-Alive
Content-Type: image/png
c1711957.ferozo.com/index_files/login-banner-07.jpg
200.58.111.40200 OK 104 kB URL HTTP/1.1 c1711957.ferozo.com/index_files/login-banner-07.jpg
IP 200.58.111.40:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, orientation=upper-left, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 566x380, components 3\012- data
Size 104 kB (103852 bytes)
Hash 6977e160e3a70aff4dc1e73d9a3e6f8e
df39f46876fca4f5f886cebea5d0fb765699ceef
31afa957108f620ee57fedf4b247b461f88e30f921b6a6216576b9f42d72fbad
Analyzer Verdict Alert openphish Banco Galicia
GET /index_files/login-banner-07.jpg HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:29 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:32 GMT
ETag: "195ac-5f42936b19f00"
Accept-Ranges: bytes
Content-Length: 103852
Keep-Alive: timeout=10, max=193
Connection: Keep-Alive
Content-Type: image/jpeg
c1711957.ferozo.com/webfonts/fa-regular-400.ttf
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/webfonts/fa-regular-400.ttf
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
fortinet Phishing
GET /webfonts/fa-regular-400.ttf HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/index_files/all.css
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864; AMCV_DF3360B65E15FFB70A495C4A%40AdobeOrg=179643557%7CMCIDTS%7C19397%7CMCMID%7C40196849902683134973863095091132821238%7CMCAAMLH-1676474664%7C6%7CMCAAMB-1676474664%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-2130172318%7CMCOPTOUT-1675877064s%7CNONE%7CvVersion%7C5.5.0; mbox=session#e324068f136f430c87e608a72104a6d1#1675871725; at_check=true; AMCVS_DF3360B65E15FFB70A495C4A%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:30 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
sifo.bancogalicia.com.ar/scriptdealer/script/v1/7nn41/login.js?clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61&websiteId=633
34.196.56.54200 145 kB URL HTTP/1.1 sifo.bancogalicia.com.ar/scriptdealer/script/v1/7nn41/login.js?clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61&websiteId=633
IP 34.196.56.54:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (957)
Size 145 kB (144937 bytes)
Hash 6bdb98d9f57af26c39862b3a1bc7e5c4
53696b9d93596d756403ec3ba41dd60fbd14dd52
782d309d9d8ae2b3709baf8f70f5bf2626df60f492d1d2c9bed93c8cf4db5e73
GET /scriptdealer/script/v1/7nn41/login.js?clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61&websiteId=633 HTTP/1.1
Host: sifo.bancogalicia.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Date: Wed, 08 Feb 2023 15:23:29 GMT
Content-Type: application/javascript
Content-Length: 144937
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'self'
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
x-xss-protection: 1;mode=block
x-frame-options: DENY
x-content-type-options: nosniff
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20085
Date: Wed, 08 Feb 2023 13:43:47 GMT
Expires: Wed, 08 Feb 2023 15:43:47 GMT
Cache-Control: public, max-age=7200
Age: 5983
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/gtm/optimize.js?id=GTM-T4S93XP
142.250.74.110200 OK 44 kB URL HTTP/2 www.google-analytics.com/gtm/optimize.js?id=GTM-T4S93XP
IP 142.250.74.110:0
File type ASCII text, with very long lines (1759)
Hash c10f65b68917848abde41c9f45472d95
769baf5f9558e564de8cb1477f0d3b685ee4a279
db4e0349eebafd06b1c9815958240ffc089c2cc7aa0ffe6b69269bfb60b929c4
GET /gtm/optimize.js?id=GTM-T4S93XP HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 15:23:30 GMT
expires: Wed, 08 Feb 2023 15:23:30 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44362
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-23D1JFWMP9&cid=981734126.1675869864>m=45je3260&aip=1&z=1818839527
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-23D1JFWMP9&cid=981734126.1675869864>m=45je3260&aip=1&z=1818839527
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-23D1JFWMP9&cid=981734126.1675869864>m=45je3260&aip=1&z=1818839527 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 15:23:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 6a04429df489dcff6b131a95af319157
223f0a28b399c98baff3e53605aa86fa1c763b11
400e073898e632e177b232cde3e7cbce796c2a38ca9f947cf2acf568a4f93777
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86868
Date: Wed, 08 Feb 2023 15:23:30 GMT
Etag: "63e2599e-1d7"
Expires: Thu, 09 Feb 2023 15:31:18 GMT
Last-Modified: Tue, 07 Feb 2023 14:01:02 GMT
Server: ECS (nyb/1D2A)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: r_RKUD4Dm0lCpn8KUDI-bTnP93ANkmUUJnrn3HQQqAbQNrkwfYQoEA==
Age: 5416
cm.everesttech.net/cm/dd?d_uuid=45128804845649440884392217265343702455
18.203.152.154302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=45128804845649440884392217265343702455
IP 18.203.152.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=45128804845649440884392217265343702455 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Wed, 08 Feb 2023 15:23:30 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y_O_cgAAAM1SzgOV; Domain=.everesttech.net; Expires=Thu, 08-Feb-2024 15:23:30 GMT; Path=/
everest_session_v2="Y@O@cgAAAM1SzwOV"; Version=1; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV
54.72.143.161302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV
IP 54.72.143.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c1711957.ferozo.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v046-055e9ae9c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=19427475787786024090012167322104972873; Max-Age=15552000; Expires=Mon, 07 Aug 2023 15:23:30 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 6W5pK/dwRDQ=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV
54.72.143.161200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV
IP 54.72.143.161:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_O_cgAAAM1SzgOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c1711957.ferozo.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v046-0ff0e17f0.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: tYv5l3CBTG8=
Content-Length: 59
Connection: keep-alive
sifo.bancogalicia.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61
34.196.56.54200 0 B URL HTTP/1.1 sifo.bancogalicia.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61
IP 34.196.56.54:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /requestserver/rest/v1/pageFeatures?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61 HTTP/1.1
Host: sifo.bancogalicia.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://c1711957.ferozo.com/
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Date: Wed, 08 Feb 2023 15:23:30 GMT
Content-Length: 0
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-origin: http://c1711957.ferozo.com
access-control-allow-methods: POST, OPTIONS
access-control-max-age: 3600
access-control-allow-headers: x-requested-with, content-type
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'self'
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
x-xss-protection: 1;mode=block
x-frame-options: DENY
x-content-type-options: nosniff
sifo.bancogalicia.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61
34.196.56.54200 115 B URL HTTP/1.1 sifo.bancogalicia.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61
IP 34.196.56.54:0
File type JSON data\012- , ASCII text, with no line terminators
Hash fbe9c921107ecdc9931e3e0783303f66
870d700f3345d0d7c7db96c03a26121a31d5a062
a5ddff6bb6d2a46cae87ffc97582f7c718edf0362568bdb42e22e35dc18437af
POST /requestserver/rest/v1/pageFeatures?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61 HTTP/1.1
Host: sifo.bancogalicia.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 15718
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Date: Wed, 08 Feb 2023 15:23:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-origin: http://c1711957.ferozo.com
access-control-allow-methods: POST, OPTIONS
access-control-max-age: 3600
access-control-allow-headers: x-requested-with, content-type
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
set-cookie: herok=2886860804HzM0ubnXhGYFX3c9sB2g5XTUjfs22V; Expires=Wed, 08-Feb-2023 15:53:30 GMT; SameSite=None; Secure
kirby=2886860804HzM0ubnXhGYFX3c9sB2g5XTUjfs22V; SameSite=None; Secure
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'self'
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
x-xss-protection: 1;mode=block
x-frame-options: DENY
x-content-type-options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2997fc37613c4fbbdee722ade10e6340
1049666b05fddbf891398203d164c2da645a8cf0
8f2a5fb80a4c784c9c33e3a04ed2a5bd54da0afd5b25ba42551487482f2727b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 15:23:31 GMT
Etag: "63e2f722-1d7"
Server: ECS (amb/6B89)
Content-Length: 471
sifo.bancogalicia.com.ar/requestserver/rest/v1/screenshot?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61
34.196.56.54200 0 B URL HTTP/1.1 sifo.bancogalicia.com.ar/requestserver/rest/v1/screenshot?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61
IP 34.196.56.54:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /requestserver/rest/v1/screenshot?sessionId=x&clientId=4f610b72-bc0d-4cb6-9bca-9142006dfa61 HTTP/1.1
Host: sifo.bancogalicia.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------27421615641884445271550018270
Content-Length: 53341
Origin: http://c1711957.ferozo.com
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: herok=2886860804HzM0ubnXhGYFX3c9sB2g5XTUjfs22V; kirby=2886860804HzM0ubnXhGYFX3c9sB2g5XTUjfs22V
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Date: Wed, 08 Feb 2023 15:23:31 GMT
Content-Length: 0
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-origin: http://c1711957.ferozo.com
access-control-allow-methods: POST, OPTIONS
access-control-max-age: 3600
access-control-allow-headers: x-requested-with, content-type
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'self'
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
x-xss-protection: 1;mode=block
x-frame-options: DENY
x-content-type-options: nosniff
c1711957.ferozo.com/Images/Banners/login-banner-00.jpg
200.58.111.40404 Not Found 196 B URL HTTP/1.1 c1711957.ferozo.com/Images/Banners/login-banner-00.jpg
IP 200.58.111.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
openphish Banco Galicia
GET /Images/Banners/login-banner-00.jpg HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Cookie: _ga_23D1JFWMP9=GS1.1.1675869863.1.0.1675869863.60.0.0; _ga=GA1.1.981734126.1675869864; AMCV_DF3360B65E15FFB70A495C4A%40AdobeOrg=179643557%7CMCIDTS%7C19397%7CMCMID%7C40196849902683134973863095091132821238%7CMCAAMLH-1676474664%7C6%7CMCAAMB-1676474664%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-2130172318%7CMCOPTOUT-1675877064s%7CNONE%7CMCSYNCSOP%7C411-19404%7CvVersion%7C5.5.0; mbox=session#e324068f136f430c87e608a72104a6d1#1675871725|PC#e324068f136f430c87e608a72104a6d1.37_0#1739114665; at_check=true; AMCVS_DF3360B65E15FFB70A495C4A%40AdobeOrg=1; aam_uuid=45128804845649440884392217265343702455
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 15:23:31 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
wsec06.bancogalicia.com.ar/Images/favicon.ico
161.190.1.33200 OK 1.6 kB URL HTTP/1.1 wsec06.bancogalicia.com.ar/Images/favicon.ico
IP 161.190.1.33:0
ASN #13474 Banco de Galicia y Buenos Aires
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash b700b544f2fa87e37e6b728fef00fcb0
c0735fa743392c2f3032c22d241854b88832cdb7
f20a33fd40173f122bec15a105374059fb3ec612d51146485ed84ef0001f2f03
Analyzer Verdict Alert urlquery phishing Phishing - Galicia
GET /Images/favicon.ico HTTP/1.1
Host: wsec06.bancogalicia.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/x-icon
Last-Modified: Mon, 23 Jan 2023 17:40:34 GMT
Accept-Ranges: bytes
ETag: "80cbf5cb512fd91:0"
Date: Wed, 08 Feb 2023 15:23:31 GMT
Content-Length: 1559
Set-Cookie: TS0107f463=01f07bd103a99e0218f193e33e8fe9c33867fe1e833d5012cf3262c8e4b1ec919f76a08478805f3c6e5798c61d9689bea157ede462; Path=/; Domain=.wsec06.bancogalicia.com.ar
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
34.120.237.76200 OK 0 B URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP 34.120.237.76:0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mgfr5wO7Bj5BVjKYY7O0c4ogLognfq09QrA9khZROr2CVyOWgKTz1g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:35 GMT
age: 63054
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c1711957.ferozo.com/index_files/jquery-1.7.2.min.js.descarga
200.58.111.40200 OK 0 B URL HTTP/1.1 c1711957.ferozo.com/index_files/jquery-1.7.2.min.js.descarga
IP 200.58.111.40:0
Analyzer Verdict Alert openphish Banco Galicia
fortinet Phishing
GET /index_files/jquery-1.7.2.min.js.descarga HTTP/1.1
Host: c1711957.ferozo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1711957.ferozo.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 15:23:28 GMT
Server: Apache
Last-Modified: Wed, 08 Feb 2023 05:05:30 GMT
ETag: "1727d-5f42936931a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33636
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: application/javascript