Report - re-try-connect.ctab.com.br/en/

Report Overview

Visited public
2023-12-03 05:32:43
Tags
crypto phishing
Submit Tags
URL
re-try-connect.ctab.com.br/en/
Finishing URL
re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
IP / ASN
108.179.253.92
#46606 UNIFIEDLAYER-AS-1
Title
Verification | MetaMask
Phishing - Generic Crypto/Wallet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
re-try-connect.ctab.com.br	unknown	unknown	No data	No data	15 kB	719 kB	108.179.253.92
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-02 05:09:04	2.6 kB	214 kB	151.101.129.229
images.ctfassets.net	4623	2017-03-28	2017-09-20 18:27:05	2023-12-02 05:10:04	556 B	53 kB	54.230.111.2
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-02 07:24:06	2.2 kB	36 kB	216.58.207.227
cdn.korzh.com	unknown	1999-01-12	2017-02-10 09:55:23	2023-11-09 20:51:00	898 B	1.7 MB	172.67.133.181
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-02 07:17:09	469 B	1.4 kB	142.250.74.170

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn	ScriptElement	73 B	2023-03-07	2025-06-30
Pretty URL re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn IP 108.179.253.92 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2025-06-30 14:06 Times Seen233 Hash ccf7a258eee5e12d2cb3d813a5da86c8 0d0c6985e493d2f610870c9259901a2511734328 441b05bfa42c0b589fd682ec21e9ba36e55f6ec2718fbb259a812cd0b999c28e Loading...

	re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn	ScriptElement	97 B	2023-09-26	2024-08-21
Pretty URL re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn IP 108.179.253.92 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-26 02:07 Last Seen2024-08-21 05:45 Times Seen11 Hash e211fcffffcad47d3a228f99f6c58a8b 3374e65ba852370abdc282f57fa6b7234fddeaa1 21280025d608be64117109d0d04677521dfdd3f9a1e0e6294c0e8722a3b11f09 Loading...

	re-try-connect.ctab.com.br/en/mywallet/style/webfont.js	ScriptElement	13 kB	2023-03-07	2025-06-30
Pretty URL re-try-connect.ctab.com.br/en/mywallet/style/webfont.js IP 108.179.253.92 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-30 18:49 Times Seen19818 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn	ScriptElement	1.4 kB	2023-09-26	2024-08-21
Pretty URL re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn IP 108.179.253.92 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-26 02:07 Last Seen2024-08-21 05:45 Times Seen11 Hash eb5585a904579924ce58dce730a56b05 99518ae241e056f3aa89253e07d3d50bd05833f7 ac4d66982e1bee4753c08ee8553752ee8078a2519f764f5288d56bcc76029e1f Loading...

	cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js	ScriptElement	72 kB	2023-03-07	2025-06-30
Pretty URL cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-30 18:41 Times Seen2629 Hash fb8409a092adc6e8be17e87d59e0595e cf8d9821552d51bb50ce572e696aba1309065800 e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js	ScriptElement	83 kB	2023-03-07	2025-06-30
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:23 Last Seen2025-06-30 18:41 Times Seen4238 Hash a0805bca912ec901f2a7096228b62d46 3233fd01d87fba457eaad8dcbc289f75b170f814 19126b874a32753d42c12dfa6c17892bfd93820a5a5100ba1b34da4d07599b49 Loading...

	cdn.korzh.com/metroui/v4/js/metro.min.js	ScriptElement	623 kB	2023-09-26	2024-10-11
Pretty URL cdn.korzh.com/metroui/v4/js/metro.min.js IP 172.67.133.181 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-26 02:07 Last Seen2024-10-11 08:47 Times Seen13 Hash fde6223c137255aa0d9876b8e8baf265 2cf5dafbf21bc2b91074ba33d594f9b729121a63 3c8989ad7b3de70187687e6d2d23e063a823db3ab0e4d0a5fdb40e3e18a7380a Loading...

	re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn	ScriptElement	890 B	2023-09-26	2024-08-21
Pretty URL re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn IP 108.179.253.92 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-26 02:07 Last Seen2024-08-21 05:45 Times Seen11 Hash c8db05dcb7e25b73e3316c5c05e195b5 f31beaa683bf4fac070f9982831b021dc38d2887 11fb4eaadf8552fd59b9521e2269738beace2e8e4a0c2e44fefa8b1467cc12e8 Loading...

	re-try-connect.ctab.com.br/en/mywallet/style/main.js	ScriptElement	90 kB	2023-03-07	2025-06-30
Pretty URL re-try-connect.ctab.com.br/en/mywallet/style/main.js IP 108.179.253.92 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-06-30 18:57 Times Seen4748 Hash 0732e3eabbf8aa7ce7f69eedbd07dfdd 4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b Loading...

	re-try-connect.ctab.com.br/en/mywallet/js/control.js	ScriptElement	225 B	2023-09-26	2024-10-11
Pretty URL re-try-connect.ctab.com.br/en/mywallet/js/control.js IP 108.179.253.92 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-26 02:07 Last Seen2024-10-11 08:47 Times Seen12 Hash e76ac728698e3935cf039957458a10fb 2bcaab3d6af5441e94a80ddb9a70f7172896f7c6 e2121382a5483d7882fef2175c93f173b4eaa9e2264b71612808a87e269043c4 Loading...

HTTP Transactions (38)

URL IP Response Size

re-try-connect.ctab.com.br/en/

108.179.253.92

102 B

URL
re-try-connect.ctab.com.br/en/
IP
108.179.253.92:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with no line terminators
Size
102 B (102 bytes)
Hash
28b527efe2a2018170da978a73185819
b15ba074496caf2d2a4d04d516331fc2ba285484
4e57afa0ac8cbdfc0485a9b8706490b9db21a9dbe10b18026fb9f18b59071f8d

HTTP Headers

GET /en/ HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 102
content-type: text/html; charset=UTF-8
date: Sun, 03 Dec 2023 05:32:25 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn

108.179.253.92

200 OK

6.8 kB

URL User Request GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (436), with CRLF line terminators
Size
6.8 kB (6782 bytes)
Hash
e6cddbab25be23e8e16e7e38f3e8b558
5b8b1a41038ed38d84d550375868f2acf326ad18
f724061e18a2beb2ee9bbdf3066b0d230c75c02fa92f8a8234c2072db7400518

HTTP Headers

GET /en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 6782
content-type: text/html; charset=UTF-8
date: Sun, 03 Dec 2023 05:32:27 GMT
server: Apache
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/bootstrap-icons.css

151.101.129.229

200 OK

13 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/bootstrap-icons.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
13 kB (12937 bytes)
Hash
06cb502613f99040e534fec65fa725c7
03006f32792e033497e9ca68373b6c3386305933
e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f

HTTP Headers

GET /npm/bootstrap-icons@1.10.3/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.10.3
x-jsd-version-type: version
etag: W/"17579-AwBvMnkuAzSX6cpoNztsM4YwWTM"
content-encoding: br
accept-ranges: bytes
date: Sun, 03 Dec 2023 05:32:28 GMT
age: 10642891
x-served-by: cache-fra-etou8220052-FRA, cache-bma1679-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 12937
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (26373 bytes)
Hash
a4b3f509e79c54a512b890d73235ef04
1be37b62306c8c0c6775bb4c93c5e4c4e13d9775
f886516f3d41e9e7bd994c7f7a39a89cafae9483f90396cb0ddeafe8d1ea5e72

HTTP Headers

GET /npm/bootstrap@4.6.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.6.2
x-jsd-version-type: version
etag: W/"279d8-G+N7YjBsjAxndbtMk8XkxOE9l3U"
content-encoding: br
accept-ranges: bytes
date: Sun, 03 Dec 2023 05:32:28 GMT
age: 22134161
x-served-by: cache-fra-eddf8230063-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26373
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65245)
Size
26 kB (26139 bytes)
Hash
fb8409a092adc6e8be17e87d59e0595e
cf8d9821552d51bb50ce572e696aba1309065800
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

HTTP Headers

GET /npm/jquery@3.5.1/dist/jquery.slim.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.1
x-jsd-version-type: version
etag: W/"11abc-z42YIVUtUbtQzlcuaWq6EwkGWAA"
content-encoding: br
accept-ranges: bytes
date: Sun, 03 Dec 2023 05:32:28 GMT
age: 4062813
x-served-by: cache-fra-eddf8230022-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26139
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/normalize.css

108.179.253.92

200 OK

3.2 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/normalize.css
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
ASCII text, with CRLF line terminators
Size
3.2 kB (3168 bytes)
Hash
519121fa4cdf6782a4c1c412564605e2
dcd9297e0c5c4a9a8ba8fb02a7d93cf85984ccd3
25194b73ec31c5fa1e315cd30fd7428f4075d725740663aea2e60d1de61288cb

HTTP Headers

GET /en/mywallet/style/normalize.css HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3168
content-type: text/css
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js

151.101.129.229

200 OK

24 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65299)
Size
24 kB (23636 bytes)
Hash
a0805bca912ec901f2a7096228b62d46
3233fd01d87fba457eaad8dcbc289f75b170f814
19126b874a32753d42c12dfa6c17892bfd93820a5a5100ba1b34da4d07599b49

HTTP Headers

GET /npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.2
x-jsd-version-type: version
etag: W/"145b0-MjP9Adh/ukV+qtjcvCifdbFw+BQ"
content-encoding: br
accept-ranges: bytes
date: Sun, 03 Dec 2023 05:32:28 GMT
age: 20317924
x-served-by: cache-fra-eddf8230069-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23636
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/webflow.css

108.179.253.92

200 OK

16 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/webflow.css
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
assembler source, Unicode text, UTF-8 text, with very long lines (2587), with CRLF line terminators
Size
16 kB (15501 bytes)
Hash
395b633beea11647b06bebb9c5e9304b
af27e6eaffa90ae378e10d26392175e107bf86bb
5c4150571c1079e893f2af365598d52388a77fbaff96e9aa42946dc7fc574a8a

HTTP Headers

GET /en/mywallet/style/webflow.css HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15501
content-type: text/css
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET images.ctfassets.net/9sy2a0egs6zh/5n9UZwFnPyMTphfiT6SDMv/67001204dd8d16fa99070e902c512b9c/home-hero.png?w=1920&q=100&fm=webp

54.230.111.2

200 OK

52 kB

URL GET HTTP/2
images.ctfassets.net/9sy2a0egs6zh/5n9UZwFnPyMTphfiT6SDMv/67001204dd8d16fa99070e902c512b9c/home-hero.png?w=1920&q=100&fm=webp
IP
54.230.111.2:443
ASN
#16509 AMAZON-02

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerAmazon
Subjectimages.ctfassets.net
FingerprintCA:D7:EE:33:97:78:A0:CF:39:CA:40:DF:F5:6A:02:B4:28:F4:89:27
ValidityTue, 28 Feb 2023 00:00:00 GMT - Fri, 16 Feb 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
52 kB (52080 bytes)
Hash
e0b964ce8a22e37761e5c42b18cb810d
e57271a70e23f87d190556582831c2f91fd4a468
0a7b892b315f0dfecb0edfe9948c2925ebe11e6bb5b0c667bf870ff6ae84772c

HTTP Headers

GET /9sy2a0egs6zh/5n9UZwFnPyMTphfiT6SDMv/67001204dd8d16fa99070e902c512b9c/home-hero.png?w=1920&q=100&fm=webp HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/webp
content-length: 52080
etag: "e0b964ce8a22e37761e5c42b18cb810d"
last-modified: Tue, 07 Nov 2023 09:56:05 GMT
date: Sun, 03 Dec 2023 05:32:28 GMT
cache-control: max-age=31536000
server: Contentful Images API
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LGAA2Pxru1HFOFiM0TVxaRoIFcM8xR0eNOnN9ORBPnAwc5QefctKng==
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/webfont.js

108.179.253.92

200 OK

6.0 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/webfont.js
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
ASCII text, with very long lines (2134)
Size
6.0 kB (6022 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/webfont.js HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6022
content-type: application/javascript
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-aave.png

108.179.253.92

200 OK

14 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-aave.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 560 x 560, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14347 bytes)
Hash
521a00d54b7fe1cb1d7712b655ca54a6
8c5aa52335bf25183781e62843ede770bf6877ba
506d6d9d5ad22253976f2906bbf141c94d19eb15466ed62b8c6cfb887bf07b55

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-aave.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 14347
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/js/control.js

108.179.253.92

200 OK

167 B

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/js/control.js
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
e76ac728698e3935cf039957458a10fb
2bcaab3d6af5441e94a80ddb9a70f7172896f7c6
e2121382a5483d7882fef2175c93f173b4eaa9e2264b71612808a87e269043c4

HTTP Headers

GET /en/mywallet/js/control.js HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 167
content-type: application/javascript
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/css

108.179.253.92

200 OK

752 B

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/css
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
ASCII text
Size
752 B (752 bytes)
Hash
d75dbb7a19763e296b99fa0b3f42546d
8b7752a815b8325ece966de1476e4f43ee1dcdc9
8daea9a40be31e567300edc7daeb077f232cf7c32baed3aebff9ee9260b0d5a0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/css HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 752
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-opensea.png

108.179.253.92

200 OK

6.5 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-opensea.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
6.5 kB (6533 bytes)
Hash
f82776f839cec899c9c87a680226aabf
43f5dedb6216cb02ee568fcb66cb19fc296c3a85
c62a1f30cdb6aff5eafdfccb45383032e61bf70aa0573572a4428347a1b5b116

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-opensea.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 6533
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-rarible.png

108.179.253.92

200 OK

6.8 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-rarible.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 560 x 560, 8-bit/color RGBA, non-interlaced\012- data
Size
6.8 kB (6840 bytes)
Hash
b9f7c0fd11c34c044799e673947103f8
491baab057af39b2b24bf0c671d0eb05454b8c48
29db12a282df5639db8fa232831bbe9a7220884eecf79f1776f1b27237a4597c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-rarible.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 6840
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-compound.png

108.179.253.92

200 OK

11 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-compound.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (11355 bytes)
Hash
3818f9cfccbd94fad91a10d3c5ee356c
7c6af849177aa8bf6ef9bcbf801dc375e1997900
20a34c84f82590d99a060210ea362878975f21cfd65c3a70c54e7fb99dce1f76

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-compound.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 11355
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/mm-logo.svg

108.179.253.92

200 OK

12 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/mm-logo.svg
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001), with CRLF line terminators
Size
12 kB (12058 bytes)
Hash
7915373f26761992664272083eef55af
7b69d64a0ff01d6b0cf0b95558349e83ee4d0698
4ad9d7c985fe9bc858d79cfe642d805da47e0fe84ea092acaab8691e20ad8670

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/mm-logo.svg HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 12058
content-type: image/svg+xml
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-uniswap.png

108.179.253.92

200 OK

10 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-uniswap.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10268 bytes)
Hash
1948962ad395727d902bd6b5fcd01807
f7e85e096b084ef6d9f550afbcd702fd889031a5
ad0237265584181a6797c454ca123aa5d3df08001ae39b27bddfc66856b6751b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-uniswap.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 10268
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-axieinfinity.png

108.179.253.92

200 OK

43 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-axieinfinity.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 560 x 560, 8-bit/color RGBA, non-interlaced\012- data
Size
43 kB (42713 bytes)
Hash
5f662391fe3ddc927134ba8e15263eaf
ab5ea7aacdc8c97238247f59761abc02033b2a67
7faefc7f99e94d6251527c95794a5fdfb3e644baf25ae56f4e13afd125246421

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-axieinfinity.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 42713
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/img/metamask.gif

108.179.253.92

200 OK

227 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/img/metamask.gif
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
GIF image data, version 89a, 800 x 600\012- data
Size
227 kB (227301 bytes)
Hash
7dd0cbc9a551a2523d7b76146f165a4c
1a4f06c02a2dc89d08be77ef5a6be567d3a30778
9ec6ee31fdde5527af232cadd6f6a3e4b392e569db2841ad50a078145aedcb69

HTTP Headers

GET /en/mywallet/img/metamask.gif HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 227301
content-type: image/gif
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-maker.png

108.179.253.92

200 OK

6.9 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-maker.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
6.9 kB (6852 bytes)
Hash
720871ca002e89a10d26e5c516066311
8648fe12645cd5c3473a73faba1d42cef78de444
f0d7356ee903d26301b8960783f70c108efc0382f20c804e0d09872a5443ce96

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-maker.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 6852
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/dapp-gitcoin.png

108.179.253.92

200 OK

8.0 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/dapp-gitcoin.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (7998 bytes)
Hash
c710e9a5c39e89136a73edf0a1c99abe
aca40362b7d87533d00250e102ba852d19e2231c
7077eb7da3a6f399014d67a1032ab6d67f099055a1a2594cb4753022b843dc43

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/dapp-gitcoin.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 7998
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/favicon.png

108.179.253.92

200 OK

1.5 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/favicon.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1532 bytes)
Hash
b7919ea38a8beed9b4763858c4f7412b
1aa57bcd7ca8a0c3352923c9ee06c472f23d5b63
214080adac9969108cb602cb68617e332db1288e95e18c29c10f9396c6d3744c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/favicon.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 1532
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/webclip.png

108.179.253.92

200 OK

12 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/webclip.png
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11764 bytes)
Hash
48400a28770e10dd52a8c0e539aeb282
151bcd0c431ed79f30193731de564106a5b11956
27712ebee35bae5474f124f7cbf6cb2ca60d5121e561d284c9f11a4e69efd663

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/webclip.png HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 11764
content-type: image/png
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 10:04:56 GMT
expires: Fri, 29 Nov 2024 10:04:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Apr 2022 17:15:19 GMT
content-type: font/woff2
age: 242852
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

200 OK

8.4 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 01 Dec 2023 20:23:43 GMT
expires: Sat, 30 Nov 2024 20:23:43 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Apr 2022 17:15:41 GMT
content-type: font/woff2
age: 119325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 19:17:20 GMT
expires: Thu, 28 Nov 2024 19:17:20 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 21:10:56 GMT
content-type: font/woff2
age: 296108
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

200 OK

8.4 kB

URL GET HTTP/2
fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 23:32:37 GMT
expires: Fri, 29 Nov 2024 23:32:37 GMT
cache-control: public, max-age=31536000
age: 194391
last-modified: Thu, 24 Aug 2023 20:56:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

re-try-connect.ctab.com.br/en/mywallet//ws

108.179.253.92

836 B

URL
re-try-connect.ctab.com.br/en/mywallet//ws
IP
108.179.253.92:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
836 B (836 bytes)
Hash
11a0bbc52834cf74da795d5815b7dc63
5d401cf953df570210427a92d27e00ddf403f4b7
c989a169a129121f006c8fcbf90ab305d9005d516ce72cc44b4949167eed39d5

HTTP Headers

GET /en/mywallet//ws HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://re-try-connect.ctab.com.br
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TcYVDlOStxtNYLlr3hGFFg==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 404 Not Found
Date: Sun, 03 Dec 2023 05:32:29 GMT
Server: Apache
Last-Modified: Tue, 04 Oct 2022 14:10:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 836
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html

GET cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

151.101.129.229

200 OK

121 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 121296, version 1.0\012- data
Size
121 kB (121296 bytes)
Hash
7f477633ddd12f84284654f2a2e89b8a
17dad0776899ad1beadabd061c34e2a22b2cde74
966620f9e3bec428663687f9e8d67a6b8e35d79adebf6fb204e9b139eada7599

HTTP Headers

GET /npm/bootstrap-icons@1.10.3/font/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://re-try-connect.ctab.com.br
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 1.10.3
x-jsd-version-type: version
etag: W/"1d9d0-F9rQd2iZrRvq2r0GHDTioiss3nQ"
accept-ranges: bytes
date: Sun, 03 Dec 2023 05:32:31 GMT
age: 2858832
x-served-by: cache-fra-etou8220101-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 121296
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/EuclidCircularB-Regular-WebXL.woff2

108.179.253.92

200 OK

45 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/EuclidCircularB-Regular-WebXL.woff2
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/style/metamask-staging-2.webflow.css
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 45196
content-type: font/woff2
date: Sun, 03 Dec 2023 05:32:31 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/EuclidCircularB-Bold-WebXL.woff2

108.179.253.92

200 OK

44 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/EuclidCircularB-Bold-WebXL.woff2
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size
44 kB (44544 bytes)
Hash
9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet/style/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/style/metamask-staging-2.webflow.css
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
content-length: 44544
content-type: font/woff2
date: Sun, 03 Dec 2023 05:32:31 GMT
server: Apache
X-Firefox-Spdy: h2

GET cdn.korzh.com/metroui/v4/js/metro.min.js

172.67.133.181

200 OK

623 kB

URL GET HTTP/2
cdn.korzh.com/metroui/v4/js/metro.min.js
IP
172.67.133.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subjectkorzh.com
FingerprintE7:8C:25:47:6E:CE:74:55:BD:1A:91:2A:42:C3:5F:8D:8C:B3:E0:68
ValidityThu, 19 Oct 2023 10:28:06 GMT - Wed, 17 Jan 2024 10:28:05 GMT

File type

Size
623 kB (623070 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /metroui/v4/js/metro.min.js HTTP/1.1
Host: cdn.korzh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 05:32:28 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Sep 2022 15:49:20 GMT
etag: W/"30401c8-981de-8e7e2000"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
access-control-allow-headers: Content-Type
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oLYWlBsIKGIt4lH2hUSQ1uMtOZJ%2BYxSqO6m%2BVOYevtAl9%2BWRoMKoRKno%2F7wzo0ObEWtS94rzfr5BMFLwCN8PNt5EQt9wOR%2BlZ6rOM2e8tyKr5YNF4Ow%2FCI1Za0Ct4zRs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f96de41d8d56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.170

200 OK

800 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (816), with no line terminators
Size
800 B (800 bytes)
Hash
d649df21660305e95bf70d4282367324
4a3aeaf4830f03b873105998d8ceaa017bc0b65c
338d6967247111e7857d08db563973e8782b09601225fece0af3420e5cd2fa56

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 05:32:28 GMT
date: Sun, 03 Dec 2023 05:32:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet//ws

108.179.253.92

404 Not Found

0 B

URL GET HTTP/1.1
re-try-connect.ctab.com.br/en/mywallet//ws
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /en/mywallet//ws HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://re-try-connect.ctab.com.br
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TcYVDlOStxtNYLlr3hGFFg==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 404 Not Found
Date: Sun, 03 Dec 2023 05:32:29 GMT
Server: Apache
Last-Modified: Tue, 04 Oct 2022 14:10:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 836
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html

GET cdn.korzh.com/metroui/v4/css/metro-all.min.css

172.67.133.181

200 OK

1.1 MB

URL GET HTTP/2
cdn.korzh.com/metroui/v4/css/metro-all.min.css
IP
172.67.133.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subjectkorzh.com
FingerprintE7:8C:25:47:6E:CE:74:55:BD:1A:91:2A:42:C3:5F:8D:8C:B3:E0:68
ValidityThu, 19 Oct 2023 10:28:06 GMT - Wed, 17 Jan 2024 10:28:05 GMT

File type

Size
1.1 MB (1067681 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /metroui/v4/css/metro-all.min.css HTTP/1.1
Host: cdn.korzh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 05:32:28 GMT
content-type: text/css
last-modified: Thu, 01 Sep 2022 15:49:20 GMT
etag: W/"30401b0-104aa1-8e7e2000"
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
access-control-allow-headers: Content-Type
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F1OAkWQ06w2pkf5TPuW288Xr937aPkYnmMIhrtLx0Tp9D3biQ3T%2FZEphM8%2BpmxwkRRcjB%2F%2FCEPutSoBiUCJJylzptzv1LRkeC4cnyESFcDy%2Fw7%2F%2FobAomu2t4TdveDov"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f96de42d8e56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/main.js

108.179.253.92

200 OK

90 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/main.js
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
ASCII text, with very long lines (65446), with CRLF line terminators
Size
90 kB (89503 bytes)
Hash
0732e3eabbf8aa7ce7f69eedbd07dfdd
4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

HTTP Headers

GET /en/mywallet/style/main.js HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET re-try-connect.ctab.com.br/en/mywallet/style/metamask-staging-2.webflow.css

108.179.253.92

200 OK

141 kB

URL GET HTTP/2
re-try-connect.ctab.com.br/en/mywallet/style/metamask-staging-2.webflow.css
IP
108.179.253.92:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Certificate
IssuerLet's Encrypt
Subject*.ctab.com.br
Fingerprint12:BF:E9:5F:C9:24:5D:A4:D2:E7:88:8C:62:D1:46:BA:68:07:8E:E1
ValiditySat, 02 Dec 2023 07:09:36 GMT - Fri, 01 Mar 2024 07:09:35 GMT

File type
ASCII text, with CRLF line terminators
Size
141 kB (140959 bytes)
Hash
7b4ca45b499c60298cb9d8a7ea289dc9
2e0f97cb3d97853badaf45ec6512e0ad3429fe7f
f52dde44d3a2b84212b473277a9578196dc09bf9b2d572d2f8f7c3fbb8815fa5

HTTP Headers

GET /en/mywallet/style/metamask-staging-2.webflow.css HTTP/1.1
Host: re-try-connect.ctab.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-try-connect.ctab.com.br/en/mywallet/?token=nkbihfbeogaeaoehlefnkodbefgpgknn
Cookie: PHPSESSID=28f0de9022786b5c2e71bb60f66eb0f7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 09 Apr 2023 15:19:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Sun, 03 Dec 2023 05:32:28 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by