Report - teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE

Report Overview

Submitted URL
teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
IP
104.21.72.141
ASN
#13335 CLOUDFLARENET
Submitted
2022-08-28 23:37:48
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-06T05:09:34Z	758 B	2.7 kB	143.204.55.36
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-06T06:00:56Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-06T05:09:12Z	594 B	127 B	52.39.57.61
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-06T05:09:35Z	3.2 kB	51 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-06T05:09:03Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-06T05:10:30Z	401 B	5.8 kB	143.204.55.35
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-06T05:10:42Z	690 B	1.4 kB	142.250.74.3
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-06T05:09:43Z	321 B	229 B	34.117.237.239
teedhobuscasx.com	unknown	2022-08-27T13:33:47Z	2022-08-30T00:11:46Z	8.1 kB	310 kB	172.67.223.192
www.itau.com.br	22220	2012-05-22T21:44:23Z	2023-03-06T21:47:41Z	409 B	5.8 kB	23.38.200.79

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-08-27	medium	teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE	Itau Unibanco S.A

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/magalu-logo.webp	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2	Phishing
2022-08-28	medium	teedhobuscasx.com/etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js	Phishing
2022-08-28	medium	teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	teedhobuscasx.com/etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js	640 kB	2023-03-07	2023-03-14
Pretty URL teedhobuscasx.com/etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:42 Last Seen2023-03-14 08:03:51 Times Seen1 Hash 0110f6701a7929d1d154ef9bc0b799d5 e3373307ec2cab99a282a8a9bca2f91e480464db 4b1132086d8211687a98094f26556b7fa2874cb3e0acf5266677abfe1ee74c71 Loading...

	teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js	820 kB	2023-03-07	2023-03-07
Pretty URL teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:42 Last Seen2023-03-07 01:07:51 Times Seen1 Hash 8062e1f3394ef56dd1e7537ab4cbb9a1 415333a069142e367b7d7ffd805da411da5a95d5 f93309fcb2a29d5df52a9441fb55f4c59ce943ec55f8a97fca8f19c091a2525e Loading...

	teedhobuscasx.com/etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js	478 B	2023-03-07	2024-04-05
Pretty URL teedhobuscasx.com/etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js IP 172.67.223.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:42 Last Seen2024-04-05 18:10:52 Times Seen135 Hash 2d598e5d51a32ffac757870976e94d21 23daf1dc8527e60b7e481744ca9d719cd11381ce 4f33c31c9da2ad0ddedadc4c4012af086ed9371fce659d8e0e6cfd5123d91caa Loading...

	teedhobuscasx.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js	3.6 kB	2023-03-07	2023-07-06
Pretty URL teedhobuscasx.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:41 Last Seen2023-07-06 15:12:08 Times Seen2 Hash ffbfb925ca05dfcdbb8892de585d4860 239c7647143a91c90a07bbcff638bd4e288e9598 67ec7fadd41ba4613a2ab2f10c28429c60a54fec1780a1742c29a03f9dfd7b11 Loading...

HTTP Transactions (36)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
21b1296f31569e4fb94048c52df34904
3e3194f640d71b9da28e809660443e332bdba310
7ebe5d06efe28c8507b4cdfbf68c6e5bbd9919ba776990fb8a22d90cca0c1c1b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EBE5D06EFE28C8507B4CDFBF68C6E5BBD9919BA776990FB8A22D90CCA0C1C1B"
Last-Modified: Sat, 27 Aug 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9439
Expires: Mon, 29 Aug 2022 02:14:56 GMT
Date: Sun, 28 Aug 2022 23:37:37 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 28 Aug 2022 23:14:11 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: M5fPan9KeB6hW5kvDDOpD8fBiZd4rHIUWOaPx2d5fn7v4vEw2Mr2mw==
Age: 1406

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 28 Aug 2022 22:35:59 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ud6xeytfUcFzXCJZzWgFRf25gPtCf3TGBZql23Wbbv_v3HL7_Qnr0g==
age: 3699
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/6or26ezfq7g

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/6or26ezfq7g
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0620493bd2e5ab3f9b2a2cbe3817b433
0cb6f612ca3ed5bfba24849414ab01562377160b
6805870fd460b5dc77916130260b330a29af7f84f1cf21714c724d01ba998b4e

HTTP Headers

POST /s/gts1p5/6or26ezfq7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 Aug 2022 23:37:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 28 Aug 2022 23:37:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 28 Aug 2022 23:17:12 GMT
Expires: Sun, 28 Aug 2022 23:43:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: U6muLrdoLL2PhATuUuKjSeSjPiKtuHG_Qv6zqu8_vjLdzj-ITU7iaA==
Age: 1226

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
396ffb5d17a8a353f8f748959fcf7966
8301f51528695b9c8a48de0e6e889b603f34308c
a5c0dd3453bdba148aea970cda083b70b3ba680286a6c65878cc369d20f1d216

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3146
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 28 Aug 2022 23:37:38 GMT
Last-Modified: Sun, 28 Aug 2022 22:45:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/s/gts1p5/6or26ezfq7g

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/6or26ezfq7g
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0620493bd2e5ab3f9b2a2cbe3817b433
0cb6f612ca3ed5bfba24849414ab01562377160b
6805870fd460b5dc77916130260b330a29af7f84f1cf21714c724d01ba998b4e

HTTP Headers

POST /s/gts1p5/6or26ezfq7g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 Aug 2022 23:37:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.39.57.61

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.57.61:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vGo3G3NcanGwlDn/Y2Slbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xvnUf32Mifr8yfg/kT6v8hKRRQA=

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2

172.67.223.192

200 OK

20 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 20336, version 1.0\012- data
Size
20 kB (20336 bytes)
Hash
63b41291ead223dee31d35f314b7968d
a261ce8cf48c373966e114365d6132121ca08876
44ea8da2d545e55cf9ecaf0d4f7936cf83ba9476dcbb833b3e8152f6d3f171ad

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 20336
last-modified: Thu, 24 Feb 2022 21:44:58 GMT
etag: "4f70-5d8ca7e544a80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bk0wB2ttUIn6iQ4yj%2FY9KJ4MthLV8bm6dabtQzgBA5UPFHHMEDmISSS7KpWVDMjFsOXUdTztH5z6SiIm1CpHG5fjBTAn5Gap2F4MyuPQ3voAMkXOD%2Bb1W02C%2F5XwKyumMsTvcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e46b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff

172.67.223.192

200 OK

139 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 139296, version 1.0\012- data
Size
139 kB (139296 bytes)
Hash
d9a9d074200e6425c65c57cf3fbc3420
5506f29e197e139759be1528d09242026e27ff10
0627930b6d4838fba88a1b6a456ddcec05200a7a0596dc2ac57e2b9180736e83

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff
content-length: 139296
last-modified: Thu, 24 Feb 2022 21:45:02 GMT
etag: "22020-5d8ca7e915380"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DjHB0YAZGH8n7Y0jRUdharWUUzXSPKNIh9aP2LfxR21xlUbTCILXgCEXRPoyEQYLReiV02TGNPx5AG3sI3ur%2BqHmAhrsVmUSZzvxcPX4ivdsZvwLSWgNP8MqNgu1EeNZGP8szw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0409e53b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2

172.67.223.192

200 OK

18 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 17892, version 1.0\012- data
Size
18 kB (17892 bytes)
Hash
4c9045c151fd584835340bef1292fa48
7b550140ce90c15ae16efb7913717746b2bf8a06
661a87469e3a98ce456dd15c5ce402278f25db98b5885d823651284f4fd4de91

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 17892
last-modified: Thu, 24 Feb 2022 21:45:02 GMT
etag: "45e4-5d8ca7e915380"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xDAxDpN1YW0XFepC%2F%2F7Jwa479SlCXHOn01CYkuBGDR7V%2F3vXeHR4h8FhZkNem7kPVWNTvnGbNBOT2i39X513I7MU2ApKnh9v5AmViTE%2F%2BylJftpHXVH5pJ8QY4HXUOq9yhXC2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e40b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2

172.67.223.192

200 OK

20 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 20244, version 1.0\012- data
Size
20 kB (20244 bytes)
Hash
195620c524ec7c323db8fa3ceccb9cd2
9bc9e6e59f737f89acae0fd7ab5e323dfed48579
dcd743060b3c09ccf5003db3bb4b85fbe7a71d176638dabbf089669ef3f787c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 20244
last-modified: Thu, 24 Feb 2022 21:44:58 GMT
etag: "4f14-5d8ca7e544a80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNBEbcqP4Rew4rh7zU4XkpyW45D0EBkfhfQ6Kev2DKM1%2FXaxt0leWadtucgUiGCiy99xTKAjhKGIe6%2FXP2l5hqBoa0hJs%2F29bSPchivE%2BlnHidQiQO3Qjec9ki%2BPuO5fLud0kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e4fb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2

172.67.223.192

200 OK

20 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 19856, version 1.0\012- data
Size
20 kB (19856 bytes)
Hash
c2237a47b207b79d49dacbc6767f094b
e9e4bc7effa06252f6ccf3c8aae0910ec7a5d2c0
eb3d38629627f709b3ce3cc9d8e853a71d45d3f776a1c5ae28251bbdfaeee44e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 19856
last-modified: Thu, 24 Feb 2022 21:45:00 GMT
etag: "4d90-5d8ca7e72cf00"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNs%2FYSmW6vJKlA%2B3HPPS6Ld25dv3FpCH5QFvXWZBMEfdqk5b78ESvBrgBXlrYij%2B2fvXriobAudaETSy0EsyWdJq%2BcaXAO9YyLmwYRxRIp4DZUdJxBa84gU3rsviuEzHuHwZ%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e4ab4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2

172.67.223.192

200 OK

18 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 17892, version 1.0\012- data
Size
18 kB (17892 bytes)
Hash
4c9045c151fd584835340bef1292fa48
7b550140ce90c15ae16efb7913717746b2bf8a06
661a87469e3a98ce456dd15c5ce402278f25db98b5885d823651284f4fd4de91

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 17892
last-modified: Thu, 24 Feb 2022 21:45:16 GMT
etag: "45e4-5d8ca7f66f300"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aHzPyYpRBF4y4bilZmcoVj1USNWyhPb%2BlIvSs2l7%2FBOAVGBHYbswP%2FFBzYwU7mpYaavjmOSX6nYeJJ4Lry7V5mEiXJ0WIIWdLDsKOJ5fVQdBjKEOX%2FaxyqP4h7lH3SMVXDp93Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e47b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2

172.67.223.192

200 OK

18 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 18140, version 1.0\012- data
Size
18 kB (18140 bytes)
Hash
6c8fe1156552769b5e65e3fc1eb81395
0339dcf247cb98781cb26174bf7810e15a394310
25a5d759897134cb9caa4b9f0f58ebb3f34e5759af0b8c712959665df0754e7e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 18140
last-modified: Thu, 24 Feb 2022 21:45:04 GMT
etag: "46dc-5d8ca7eafd800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FUn7eQ8V1qI%2BuAZa4HVcnXDF4vbeUXNuzw72q7lQYjBZq7mpxCr9nolge%2B6UgD2f6mot%2BfYClXOEZaFqAiIKQA5Ako04tEBGU9V%2BH8rgkVG3uAqwGHGWuf%2BLxLz%2BMfNpQ7sVZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e43b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/magalu-logo.webp

172.67.223.192

200 OK

5.3 kB

URL HTTP/2
teedhobuscasx.com/magalu-logo.webp
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.3 kB (5316 bytes)
Hash
7fbc42a4b63120dc1521c416c152f994
be360cff67eb29ef6fe12445623d47eb0cc104c5
91059ccdd65c1496d764f84ece42376760652ea7c734fe0c0dd0b086c91ce6ef

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /magalu-logo.webp HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: image/webp
content-length: 5316
last-modified: Thu, 24 Feb 2022 21:44:00 GMT
etag: "14c4-5d8ca7adf4800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2sJDWey49AtAHGMJKjy0erbFYdiCEqeT7J3OPKaTGV6ExIEjFXwa%2FpX%2F2z5LUUbYW3JLKqgUsDPRHocK6rFLlo2LaQuG%2BIy%2BCcBl2LMcojZ1%2B9cfoz5NHzVrvBM16fYkx6FELg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0409e56b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2

172.67.223.192

200 OK

20 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 20492, version 1.0\012- data
Size
20 kB (20492 bytes)
Hash
943eded538dde6a0dfafee5453aa6dcf
ce3c14529df937462fc9e6f7b3a853785b05a6f0
6941f9570d5085cfa2ddba639611d4a5ab3e9aded5e3eb2139dc23e613b20067

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 20492
last-modified: Thu, 24 Feb 2022 21:45:00 GMT
etag: "500c-5d8ca7e72cf00"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xgL1Ux%2BsZi3EaxZysqaOuPBMhKeowC6DOkgKE9qDEvOVF1GN0X2%2FFMwD43Ayr9U9iiWb6xL%2F8PLmo7wRC3lGzwqadUQ9zJlBgF%2BGK2DLKDCJ677N%2B2rhEgPZWmHFApt40KbEEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e50b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2

172.67.223.192

200 OK

18 kB

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 17508, version 1.0\012- data
Size
18 kB (17508 bytes)
Hash
f755825cfc33424de53229ed51a48547
7d55a33fb68b5743cf7a5adfe7b424752e1cc52f
f898f65ddbfb8e0b9ecf86132b0fa3ed23b5cfa87d599e7b5364c5b3ef7e5c1c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2 HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: font/woff2
content-length: 17508
last-modified: Thu, 24 Feb 2022 21:45:04 GMT
etag: "4464-5d8ca7eafd800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIYSm7fHQe7B5dsln%2F7P7iwP22H6RAZD0UqBR56h1G5LsNl73OynBDSUuNj8J0QNK5ZeYKJC%2BLEj4jigExksOmP4t6oLhRDwQ6wSgNK%2FWcjw%2FCAXLU8t7gMBTvAw%2FXJKMSxW%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0409e51b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.itau.com.br/content/dam/itau/cartoes/magalu/magalu-logo.png

23.38.200.79

200 OK

5.3 kB

URL HTTP/2
www.itau.com.br/content/dam/itau/cartoes/magalu/magalu-logo.png
IP
23.38.200.79:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.3 kB (5316 bytes)
Hash
7fbc42a4b63120dc1521c416c152f994
be360cff67eb29ef6fe12445623d47eb0cc104c5
91059ccdd65c1496d764f84ece42376760652ea7c734fe0c0dd0b086c91ce6ef

HTTP Headers

GET /content/dam/itau/cartoes/magalu/magalu-logo.png HTTP/1.1
Host: www.itau.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
etag: "3be9-5c23d8df52480"
last-modified: Wed, 27 Oct 2021 16:10:17 GMT
server: Akamai Image Manager
x-serial: 215
x-check-cacheable: YES
content-length: 5316
content-type: image/webp
cache-control: private, no-transform, max-age=838955
expires: Wed, 07 Sep 2022 16:40:14 GMT
date: Sun, 28 Aug 2022 23:37:39 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
access-control-allow-methods: GET, POST, GET, POST
access-control-allow-origin: internet.itau.com.br, internet.itau.com.br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
86b2884af34c96fbb194bd340a2d0193
e55b2a45be21cff15398ac7b7aff45206198fbdf
eff4ee2043ba81d81d564fae2b72994858725e9282d45972ca92291bbc193fee

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFF4EE2043BA81D81D564FAE2B72994858725E9282D45972CA92291BBC193FEE"
Last-Modified: Fri, 26 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4741
Expires: Mon, 29 Aug 2022 00:56:41 GMT
Date: Sun, 28 Aug 2022 23:37:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
86b2884af34c96fbb194bd340a2d0193
e55b2a45be21cff15398ac7b7aff45206198fbdf
eff4ee2043ba81d81d564fae2b72994858725e9282d45972ca92291bbc193fee

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFF4EE2043BA81D81D564FAE2B72994858725E9282D45972CA92291BBC193FEE"
Last-Modified: Fri, 26 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4741
Expires: Mon, 29 Aug 2022 00:56:41 GMT
Date: Sun, 28 Aug 2022 23:37:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
86b2884af34c96fbb194bd340a2d0193
e55b2a45be21cff15398ac7b7aff45206198fbdf
eff4ee2043ba81d81d564fae2b72994858725e9282d45972ca92291bbc193fee

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFF4EE2043BA81D81D564FAE2B72994858725E9282D45972CA92291BBC193FEE"
Last-Modified: Fri, 26 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4741
Expires: Mon, 29 Aug 2022 00:56:41 GMT
Date: Sun, 28 Aug 2022 23:37:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
86b2884af34c96fbb194bd340a2d0193
e55b2a45be21cff15398ac7b7aff45206198fbdf
eff4ee2043ba81d81d564fae2b72994858725e9282d45972ca92291bbc193fee

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFF4EE2043BA81D81D564FAE2B72994858725E9282D45972CA92291BBC193FEE"
Last-Modified: Fri, 26 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4741
Expires: Mon, 29 Aug 2022 00:56:41 GMT
Date: Sun, 28 Aug 2022 23:37:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89e72dff-cf78-4cc6-90d7-02d0f5634ccf.webp

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89e72dff-cf78-4cc6-90d7-02d0f5634ccf.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5659 bytes)
Hash
6b8e0621ebb3ddda66a9fe29eca10eac
fe7a1a2f21280e3851a553f3abe8a8e517879586
4af482150001d9a67ddf309924868bf14d9effac8a535a94df6940cec0b63c6b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89e72dff-cf78-4cc6-90d7-02d0f5634ccf.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5659
x-amzn-requestid: d8817418-7084-447f-91c6-570fdc57306a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xd1IEG_4oAMFl9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63089bcd-36238a18613477f10c38850f;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 10:09:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ub5GjqfoDQ2IRxXWIr7WLyb-Ek3ABIrt-f2vb0rmeBe1Z3mddP32SQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:35:16 GMT
age: 7344
etag: "fe7a1a2f21280e3851a553f3abe8a8e517879586"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
86b2884af34c96fbb194bd340a2d0193
e55b2a45be21cff15398ac7b7aff45206198fbdf
eff4ee2043ba81d81d564fae2b72994858725e9282d45972ca92291bbc193fee

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFF4EE2043BA81D81D564FAE2B72994858725E9282D45972CA92291BBC193FEE"
Last-Modified: Fri, 26 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4741
Expires: Mon, 29 Aug 2022 00:56:41 GMT
Date: Sun, 28 Aug 2022 23:37:40 GMT
Connection: keep-alive

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94e91b9b-1206-4aed-8c83-18cf70edf32e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9077 bytes)
Hash
ad06ed828f693139341ccfe48f97115d
6539155ae2528248dd6de37fb5ff1440c9692b39
9e05359e4c15e9e1a4be5e4a23cb55b2b894c7f4e9a1af9a451eaa938c908760

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94e91b9b-1206-4aed-8c83-18cf70edf32e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9077
x-amzn-requestid: 31843c8e-9da2-4224-b6ee-d10b24f7843b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XeDpCGSXIAMFvkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6308b306-6fb8cb2d5ca067d656eccf6a;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 11:48:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: U3xEJN3HT7wy2SfNWvQKEOaex1-0WveBBWUyRuIb0nUXcLXw2grJjg==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:35:43 GMT
age: 7317
etag: "6539155ae2528248dd6de37fb5ff1440c9692b39"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d6fc243-1f36-4e7f-8ae5-c9926e27d40b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7384 bytes)
Hash
182339e49eb50a6d89fed9b4ac4bc39f
0909d2250d8efc3093f15401713da4c74ba6707b
bc6fac01cec90f56f665671e2abab894752b9d8f1b1d5551e4d83cc53f0d4251

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d6fc243-1f36-4e7f-8ae5-c9926e27d40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7384
x-amzn-requestid: 8c864d07-cb4e-44db-85f0-ebea10e67aaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XV7EPG0mIAMFRGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6305721a-32398abd1da8b41f48b4755c;Sampled=0
x-amzn-remapped-date: Wed, 24 Aug 2022 00:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6aiAJzrFSh5oLa_mpPgX71BUSwjCS0NoNruUV_4tSPwpnphPE2DWGA==
via: 1.1 759bceededb9469e75c24a46c03d64bc.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:49:06 GMT
age: 6514
etag: "0909d2250d8efc3093f15401713da4c74ba6707b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd51935d9-640c-4fb7-a0a6-2bf697c44bdc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7548 bytes)
Hash
fb6279d7b8476f6f50d43363c1595b8a
ffdf31466f9fe7363f99994ab19191f96d54c240
7b6f362f762730345a2faa4a68cd864b664721d20fd28c92e00f3c08ab6e1d10

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd51935d9-640c-4fb7-a0a6-2bf697c44bdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7548
x-amzn-requestid: 9e820d78-c78c-4248-99c0-89e95123d4cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdDKiFwCoAMF6bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63084bdc-2d116abb1015fde9605c13bf;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 04:28:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gEuyCE8GLutx96uzJoMyCwg2WXDzhBVQ_f4vCjWFMIyrg8xHhDCcXQ==
via: 1.1 dec8fa38a453902521b941c7cd70d33c.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:49:52 GMT
age: 6468
etag: "ffdf31466f9fe7363f99994ab19191f96d54c240"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe04819fd-358b-4a07-ac19-c8d362bb224a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6963 bytes)
Hash
0a52ba09a9d43a19fcf29e9a58975b9d
6dfa90f84160f605f1b101c36aaabe5fe5f7a175
eb074c4b09417d105503eb463633d0ca4ff0909b49be8e17d1b08930cf54792f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe04819fd-358b-4a07-ac19-c8d362bb224a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6963
x-amzn-requestid: 61968774-e3a0-4714-ba8c-85fe6b5f45cb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjxDeHr9IAMFh3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630afbaf-276942a451abbd640333d383;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 05:22:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z66XHh2Wq8iMIZsPSzqKKAjGrQBqVxy3ahh4DNeWIclVrEuA85Y_9A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:35:03 GMT
age: 7357
etag: "6dfa90f84160f605f1b101c36aaabe5fe5f7a175"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6982da72-0f3b-4868-a5d0-965606070656.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7817 bytes)
Hash
374e889da59693eceda6a703b69791a5
62cb15f5896a855da94a4f17238d076c09692214
96a2b14e8b6e7673346e798076552f589f853f71aee7301b3c3fb3badcef5be6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6982da72-0f3b-4868-a5d0-965606070656.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7817
x-amzn-requestid: 99e7e24a-95eb-42bb-a787-dcdbedd02949
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xew81HqooAMFceQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6308fb85-29df7e07669e925f13e34c0c;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 16:57:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FlJVp9J6hslGL52k_WLJF3BgeEhTaZmUFyV0wQczyWy3uCkmy9en3Q==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 22:04:26 GMT
age: 71910
etag: "62cb15f5896a855da94a4f17238d076c09692214"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js

172.67.223.192

200 OK

0 B

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1de-5d8ca7f66f300"
last-modified: Thu, 24 Feb 2022 21:45:16 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Ickn0ggFoN4%2BdUQxnQVSmRsGqWjuth%2F67Vz9Ui6pd6kMY9JqUSET34X0HWFeYJfOQ8wv0XmdKFmnMOdLJVxu8fjMswT68Vty78%2BRG9Yr6C9dZkukaMBcuxQBCOcLTGkDpBzfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0409e55b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.11c95aa513d1bfa558ffd098de124b06.css

172.67.223.192

200 OK

0 B

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.11c95aa513d1bfa558ffd098de124b06.css
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.11c95aa513d1bfa558ffd098de124b06.css HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2201
etag: W/"899-5d8ca7f857780"
last-modified: Thu, 24 Feb 2022 21:45:18 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wr60%2Fqsfy1MA9EBvtifkkQCOu6SeBEvH0gD1tXhJDv3Wpgkzlg%2FZieffiFlEQCjqyy6aWZodaIIecQKryn8Eb6BFRgfGnUi5GIbbcrmfm0pfQP1QGHHcdcld60oDaFfRtzdAgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0409e54b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base.min.2b40b1b39f98cea329b75ac4733abdbf.css

172.67.223.192

200 OK

0 B

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/itau/clientlibs/clientlib-base.min.2b40b1b39f98cea329b75ac4733abdbf.css
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /etc.clientlibs/itau/clientlibs/clientlib-base.min.2b40b1b39f98cea329b75ac4733abdbf.css HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1379774
etag: W/"150dbe-5d8ca7e35c600"
last-modified: Thu, 24 Feb 2022 21:44:56 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2ByKZUoz1ppTvPXH63YLNcLAF3taV680SD%2BtLLkNrE2F5qfrBfyFMSIsqGxn%2Byp2adeP4JaBw0zEiixfBbZwZ3k6t83NnIvRTyHjvdvhgCQJqb3sPDv%2F16ShBjk%2BkJE0X29VNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e3eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE

172.67.223.192

200 OK

0 B

URL HTTP/2
teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Itau Unibanco S.A
fortinet	Phishing

HTTP Headers

GET /?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:38 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.29
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgM%2BwcMYxyZxJeMGHOa4NNl1NF2iEqvz6KxIKlagn80jONe1d1i3vqx61fHVmBhqZyUrbNhlmxUjl%2BcYzrJjdNIpZCFHEQhKYIs3Z8vi9W3bUnUThdDZZYDK87AbjnJaBBzmeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7420e03cfc6cb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

teedhobuscasx.com/etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.51b8a224aa8c5e5101bb0ec667ba1e77.css

172.67.223.192

200 OK

0 B

URL HTTP/2
teedhobuscasx.com/etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.51b8a224aa8c5e5101bb0ec667ba1e77.css
IP
172.67.223.192:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.51b8a224aa8c5e5101bb0ec667ba1e77.css HTTP/1.1
Host: teedhobuscasx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn-QIVA86zCh0WowhgE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 28 Aug 2022 23:37:39 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=648740
etag: W/"9e624-5d8ca7f486e80"
last-modified: Thu, 24 Feb 2022 21:45:14 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3%2B%2BjjDTfxop3xL5wO0mYeittCvludez65vgYUhpEVxxlnlbEuESSCPXjajnHaa96xNk1EuaHVVow6kXee%2FgtCqiXyp%2FVsP0O3zwOhSsaJ5dOxpMkOu9EIHANI5ku2zl54oJZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7420e0408e3db4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (36)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size