Report - bancavirtual34.bancavirtual34.repl.co/formsecurity.php

Report Overview

Submitted URL
bancavirtual34.bancavirtual34.repl.co/formsecurity.php
IP
34.149.204.188
ASN
#15169 GOOGLE
Submitted
2023-02-08 05:24:37
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.160.122.190
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	55 kB	34.120.237.76
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.5 kB	93.184.220.29
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	519 B	578 B	142.250.74.163
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	657 B	349 B	31.13.72.36
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.1 kB	4.2 kB	216.58.211.3
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	395 B	29 kB	157.240.221.16
bancavirtual34.bancavirtual34.repl.co	unknown	2023-02-08T04:09:56Z	2023-02-08T06:24:15Z	14 kB	1.6 MB	34.149.204.188
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	403 B	70 kB	142.250.74.168
region1.analytics.google.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:11:52Z	780 B	468 B	216.239.34.36
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	544 B	468 B	64.233.164.156

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/	Scotiabank
2023-02-08	medium	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	Scotiabank

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-DLPT7Q2WK0&l=dataLayer&cx=c	218 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-DLPT7Q2WK0&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:29:58 Last Seen2023-03-13 19:29:58 Times Seen1 Hash 4d2ac951911bb3fa0d583f25cae029fc 7d5196c8eb8efbc4e6d414c3fad22a520c81fd7d 7d207c6cc37728b11f27e685d4f8c9ec642f1ee64ddc79b6a6316ed2c91a001c Loading...

	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	228 B	2023-03-08	2023-06-14
Pretty URL bancavirtual34.bancavirtual34.repl.co/formsecurity.php IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash 91656fb441dbc297eb228e5c8d2e6a25 6f025c03d41c3090a6db7c01680a4eb2c0a9b751 b8bbb6d9d930034ef454c204e703693d8a5fb8b5715ce2f3250633ab3c985bb6 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 19:00:36 Times Seen37070526 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	connect.facebook.net/signals/plugins/inferredevents.js?v=2.9.95	74 kB	2023-03-12	2024-04-20
Pretty URL connect.facebook.net/signals/plugins/inferredevents.js?v=2.9.95 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:01:49 Last Seen2024-04-20 17:48:03 Times Seen983 Hash 19cd6e47a2804b5793d5ea070fcd8ca3 be3ae77ec133b1d125b803fbb12b3ab2adfe11fc 5849e07d0d6cbb144829b98da75fda4a8eb3fc2b5749d48cc94bb170db54859a Loading...

	bancavirtual34.bancavirtual34.repl.co/M_files/js	125 kB	2023-03-08	2023-06-14
Pretty URL bancavirtual34.bancavirtual34.repl.co/M_files/js IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen3 Hash 3bcca5e497274cc92f0383ef7848c6f2 1e39125188f65f5911d739240cd3572f980549f2 f6277602d0fa9d4c989818f6bf4c49f802e53e30baccd839ada2ddd306518bf3 Loading...

	bancavirtual34.bancavirtual34.repl.co/M_files/analytics.js.descarga	46 kB	2023-03-08	2023-12-10
Pretty URL bancavirtual34.bancavirtual34.repl.co/M_files/analytics.js.descarga IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-12-10 02:05:20 Times Seen37 Hash 871c39943ac31c498d591a714a31212c 1d9ff3e3db5eb5293de06df5726f6058f07d98de fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955 Loading...

	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	422 B	2023-03-08	2024-02-15
Pretty URL bancavirtual34.bancavirtual34.repl.co/formsecurity.php IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2024-02-15 03:44:16 Times Seen12 Hash baa52a55eb153d12f3c99e5dcb9e2f35 f14bc469bdcad2a0b0762c8b4dc4f1009a81e0ca 9dfff4583c3723a349b3a36e0864460e64b79f6f5f51642f0e7a0ae29a66a899 Loading...

	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	236 B	2023-03-08	2023-06-14
Pretty URL bancavirtual34.bancavirtual34.repl.co/formsecurity.php IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash 42cac3e3ea3c44ae06836b973fbeee68 a5c0585587cde7f379a19eaab2a840e00d54fe07 86f338ffa45375f3e2e02d1a8dce597a699c902328f32426dc0ef325fe52f1ce Loading...

	connect.facebook.net/signals/config/136231996928353?v=2.9.95&r=stable	154 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/signals/config/136231996928353?v=2.9.95&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:29:59 Last Seen2023-03-13 19:29:59 Times Seen1 Hash 9ec36a45f196db69ae5012b15c490b07 9e2893401336fbf2588c499406630978f5935732 dd59bda26c0ca05dcc59fe164c555008ca389ebf8989cdd2418218ff81798d74 Loading...

	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	452 B	2023-03-08	2023-06-14
Pretty URL bancavirtual34.bancavirtual34.repl.co/formsecurity.php IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash e1653f1e659fd222dafa0a8eac487ec8 d66c32916b54ca649e1ccd2eb0d6b5fe301f239d 1ac62e35750ac5942d857b56036874c5d0b7d0f983bb931cdeaac074b7fc8482 Loading...

	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	234 B	2023-03-08	2023-06-14
Pretty URL bancavirtual34.bancavirtual34.repl.co/formsecurity.php IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash 29aea6d77425d5408ed171a3730e00f7 48557a3fbd186a37a1fdc7acba32f28df70f1760 30e47f0f39d268db5958e86c503c30b9833cba348dc5f8fb60528b081dfbea08 Loading...

	bancavirtual34.bancavirtual34.repl.co/formsecurity.php	226 B	2023-03-08	2023-06-14
Pretty URL bancavirtual34.bancavirtual34.repl.co/formsecurity.php IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash 8505a60de9b158b27e9107993c7fd692 99b044e0fdd6f59338c99286c6961b5dc42beb12 afb21d83bd56f7ce1bbc859cfeb4981ad4fd3460224191ee5f2e5a8a2e0a9501 Loading...

	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-13	2023-11-17
Pretty URL connect.facebook.net/en_US/fbevents.js IP 157.240.221.16 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:47:19 Last Seen2023-11-17 16:32:25 Times Seen5 Hash beca88e7d9125b63f58be285031b0930 08cda009ebdf601f0ffe06b0ee3065fff2fb105b c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236 Loading...

	bancavirtual34.bancavirtual34.repl.co/M_files/main.bfc149b668eb5562f4a5.js.descarga	922 kB	2023-03-08	2023-06-14
Pretty URL bancavirtual34.bancavirtual34.repl.co/M_files/main.bfc149b668eb5562f4a5.js.descarga IP 34.149.204.188 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen3 Hash aef85a370b1bee2ca018fff09dd71356 dcd442017b378521f9e99b0294e8b8466de68855 c6e6588dfc9001a26563251079ee0c9af5749316eb5adfe3a2b08ddaf6e34954 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-T28RDJS	255 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-T28RDJS IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:29:59 Last Seen2023-03-13 19:29:59 Times Seen1 Hash d947282f46a67edb97f628a1f950335c a592bd1e8727cd682d2caafec9a1ca8f7245afdc 18b55d1dde4477e778ccbb908717826b4d7fe2806470b9b73a7b5214123621ae Loading...

		Size	First Seen	Last Seen
	#1 Eval - a74057a647b08a4137d55497b44f3e24	130 B	2023-03-08	2023-03-13
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-03-13 19:29:59 Times Seen1 Hash a74057a647b08a4137d55497b44f3e24 96e0e34d5b6f578665c1bf21752e9fd97e32605d 50f7141ac427344d4e9a7b9a010ef1089c6e52cd263fb6455358d57f19272822 Loading...

	#2 Eval - 8110a30ee5fa254316d0841d313b0249	128 B	2023-03-08	2023-06-14
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash 8110a30ee5fa254316d0841d313b0249 a85816536583942e3adb0e0c39f7f7c1430db918 96aa087f53cd947a28fa8c90112ca1972e01a64eea81a4d25dd08c717b735f8f Loading...

	#3 Eval - e358df8c5352d259d47f717f23ac523c	129 B	2023-03-08	2023-06-14
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash e358df8c5352d259d47f717f23ac523c cf726d48dadb4f3d40b46cc79295ce85bb54bcdc 95975c519bcfac18b39e468fc493cabad8d0315439c79b93694ec1c10b29e349 Loading...

	#4 Eval - 47cdbd1d7eb39780d377d458bae97f8b	113 B	2023-03-08	2023-03-13
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-03-13 19:29:59 Times Seen1 Hash 47cdbd1d7eb39780d377d458bae97f8b c6a76d617bf1cf924642184ed4e6b4dac2da4156 ebcb46ab107c2cb5ff91328b85069c1228f795336d57565dd8af5805cda678b6 Loading...

	#5 Eval - 6e2ce37947f3b3912c07ad02affde9cf	113 B	2023-03-08	2023-03-13
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-03-13 19:29:59 Times Seen1 Hash 6e2ce37947f3b3912c07ad02affde9cf 2a1f82528a0c50a3a4974f9b77456964b5339b5f 5d3af8d3c242448ff8c8ef4d9cbbc5ecc80f5bff3ab11ab514491285856a74b3 Loading...

	#6 Eval - 2644b3cfd1caf55327a5ed2442a68c38	128 B	2023-03-08	2023-06-14
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash 2644b3cfd1caf55327a5ed2442a68c38 639dc18ebe1b6c8ed09b94e57501dd8279801fbf 130b676096c5868b50a4565aa3135826abf40e81e82628c7ac455a8df635314c Loading...

	#7 Eval - 44e783229caa5a2e4f9aace08598e372	112 B	2023-03-08	2023-06-14
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash 44e783229caa5a2e4f9aace08598e372 9f101fae71e9773868848a61aa9f51cfe4dd73a8 67a6af96c161eb5b80ab7c79372cd0f94eddacb6efe9dcc34d1b420074395a27 Loading...

	#8 Eval - 1bbd22a90ea96326780ee4b1227db4f6	294 B	2023-03-07	2024-04-12
Pretty Observations First Seen2023-03-07 12:22:24 Last Seen2024-04-12 17:16:43 Times Seen242 Hash 1bbd22a90ea96326780ee4b1227db4f6 fee29884629c29c7df94095e60e0a5dc6b6b9277 9a18464d3f863ef2e27787734d1324f3e36f28b8b55fbab100e9c40d35e9f0e2 Loading...

	#9 Eval - 17278468319e02f78b6028cd558672f1	113 B	2023-03-07	2024-04-23
Pretty Observations First Seen2023-03-07 12:02:57 Last Seen2024-04-23 16:24:01 Times Seen563 Hash 17278468319e02f78b6028cd558672f1 9e02bc1e262bc5500951cefd95ebd949efc12d12 dc7a2a5cf824a212451d62a656848ed0f3adf69593f84fc4e99b14681bb09c2f Loading...

	#10 Eval - 06cd79a3c8608be29b4d1d5a887189e4	44 B	2023-03-08	2024-02-15
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2024-02-15 03:44:17 Times Seen8 Hash 06cd79a3c8608be29b4d1d5a887189e4 51d8cc21de6d561ba47b1671c2c3de5a80e74955 0b095a2c212535c90921621e541325fcfe5c783c1f90013f8568f5c72e30e9f6 Loading...

	#11 Eval - 92db82edad0a56f694677c65efaa6c71	130 B	2023-03-08	2023-03-13
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-03-13 19:29:59 Times Seen1 Hash 92db82edad0a56f694677c65efaa6c71 e3ab203fd265ad909aaee46b93cdf318d8ecd063 fcf29fab89fd322db9c2311505a05d68c76a4bdabf67557395130e28a6a679a4 Loading...

	#12 Eval - df52c3e07eb62f03b9820b80bb3e5cf6	112 B	2023-03-08	2023-06-14
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash df52c3e07eb62f03b9820b80bb3e5cf6 bfc12394daa1e750eefa1da0c2b97edd36cbb57b eef384def58f532c01332c5eb542205206c9e7bcfcadc2f995acac37e640c5c2 Loading...

	#13 Eval - ff529bce38a5c1222b6b92f6214107e7	112 B	2023-03-08	2023-06-14
Pretty Observations First Seen2023-03-08 06:46:48 Last Seen2023-06-14 16:58:55 Times Seen2 Hash ff529bce38a5c1222b6b92f6214107e7 2b65b5cdbb67c84ce4fcbe8443e4d08edcc604ba 7e94934667c0d32c4de47c812f62bb2f595b878b6b2883e87647a294dd8e8a97 Loading...

HTTP Transactions (58)

URL IP Response Size

bancavirtual34.bancavirtual34.repl.co/formsecurity.php

34.149.204.188

308 Permanent Redirect

98 B

URL HTTP/1.1
bancavirtual34.bancavirtual34.repl.co/formsecurity.php
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text
Size
98 B (98 bytes)
Hash
a8da8111d99562b8c7e2d29c26d897a4
0f0023f530931f37a4e784071f5f8d24f04f0dee
dd5b380f93d62691a77e66a3e9d6a64d9dcae61c91ece7048e1c6ce873afc460

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /formsecurity.php HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 308 Permanent Redirect
Content-Type: text/html; charset=utf-8
Location: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Replit-Cluster: global
Date: Wed, 08 Feb 2023 05:24:26 GMT
Content-Length: 98
Via: 1.1 google

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5279
Expires: Wed, 08 Feb 2023 06:52:25 GMT
Date: Wed, 08 Feb 2023 05:24:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2412
Expires: Wed, 08 Feb 2023 06:04:38 GMT
Date: Wed, 08 Feb 2023 05:24:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16220
Expires: Wed, 08 Feb 2023 09:54:46 GMT
Date: Wed, 08 Feb 2023 05:24:26 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 04:34:12 GMT
content-type: application/json
age: 3014
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 6ZCgb2rosA8zhCJxariscIFbMTlpXRfNYahxDqr4s5scaxx/L+NsHrdHLOWVJ9LgHy3aI2wGCsg=
x-amz-request-id: AKN8R7B5YQSJDYMP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 04:45:50 GMT
age: 2316
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 05:24:26 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e9c9f00dba9b308cdd59a881153182b2
afe27e77e58e76cac69d4bbac19614d008be9c2e
836e56be4c0034ebe24cddf30a8d50ac8b8cd96e99ba6e896b45369b4c0c8075

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "836E56BE4C0034EBE24CDDF30A8D50AC8B8CD96E99BA6E896B45369B4C0C8075"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 11:24:26 GMT
Date: Wed, 08 Feb 2023 05:24:26 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 04:51:20 GMT
age: 1986
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5627
Expires: Wed, 08 Feb 2023 06:58:14 GMT
Date: Wed, 08 Feb 2023 05:24:27 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-T28RDJS

142.250.74.168

200 OK

69 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-T28RDJS
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (54816)
Size
69 kB (69065 bytes)
Hash
affdc214cbecc44a0ddabc518addcdd4
17d300f987210e01c564fc7da98b7f3fdb909095
40cba943365c5ce8a24ec8e018c459404edf2099221b0be42bb83823f1ac2550

HTTP Headers

GET /gtm.js?id=GTM-T28RDJS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 05:24:27 GMT
expires: Wed, 08 Feb 2023 05:24:27 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69065
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d5417d247d259e3c0186136b83d9f75
49fbcf99a352669aee2559579ef73fa60f46d38d
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

35.160.122.190

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.122.190:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QXuwLW7RJa263lnbqs2Ecw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QoB78hRj26z7RVMz6akIEz+YMdc=

bancavirtual34.bancavirtual34.repl.co/M_files/136231996928353

34.149.204.188

404 Not Found

556 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/136231996928353
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
556 B (556 bytes)
Hash
46632c9ec0b093a80e10bacb32c0922d
af98ebdb4f0c167b82c7ea0cd585e5771e5969b6
dd094b7dd46406aa4d7df7ee4d1f1093519f6c4c25eb7f722db93048c1434402

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/136231996928353 HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:27 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 556
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/fbevents.js.descarga

34.149.204.188

404 Not Found

561 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/fbevents.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
561 B (561 bytes)
Hash
b226c6d41da6bc42bd7f524b2a87dbb8
82220cd119af3d4137bf1ccf34e676545b04c51a
7076f01c8f97e5c026f1e07bd6f1e329be3a52e7593b43264369b5cfd3f9ee10

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/fbevents.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:27 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 561
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/fpd2.js.descarga

34.149.204.188

404 Not Found

557 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/fpd2.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
557 B (557 bytes)
Hash
db203b0abe91c5bb2409c449bc33c07b
cf6e9af36f3a7b149f3c2079f22849056bf4a0c2
bce6d1a5b4df799444336493d58d745df4d97dd50643250b36016439730e0995

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/fpd2.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:27 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 557
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/analytics.js.descarga

34.149.204.188

200 OK

46 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/analytics.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1350)
Size
46 kB (45958 bytes)
Hash
871c39943ac31c498d591a714a31212c
1d9ff3e3db5eb5293de06df5726f6058f07d98de
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/analytics.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 05:24:27 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-type: text/plain; charset=utf-8
content-length: 45958
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/styles.4cae5a1b74c52d656054.css

34.149.204.188

200 OK

76 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/styles.4cae5a1b74c52d656054.css
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (76212 bytes)
Hash
2f59353436ef48e8bb6e1ad4a499eb0e
3f2993d57a9892cbdc672d9494b3fcc645b1f94b
2cfe17fce9fa1f7c194ab9696c53286f22ccab881fa0faa0e65d7dae582e8226

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/styles.4cae5a1b74c52d656054.css HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:27 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 76212
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/js

34.149.204.188

200 OK

125 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/js
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2102)
Size
125 kB (124736 bytes)
Hash
3bcca5e497274cc92f0383ef7848c6f2
1e39125188f65f5911d739240cd3572f980549f2
f6277602d0fa9d4c989818f6bf4c49f802e53e30baccd839ada2ddd306518bf3

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/js HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 05:24:27 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-type: text/plain; charset=utf-8
content-length: 124736
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/seguridad_files/5.ed9471278e13c974656c.js.descarga

34.149.204.188

404 Not Found

583 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/seguridad_files/5.ed9471278e13c974656c.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
583 B (583 bytes)
Hash
32e9a6fc78a8579dce6f6ebf91c636a8
5de95536084283f38892351875c331df71898eb4
79bcb337d91d6ddf05ba4166c3845c2a8022e018cf60bc12ebc96eff13274a43

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /seguridad_files/5.ed9471278e13c974656c.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 583
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/seguridad_files/1.5abf7b8ed07cbd2f8feb.js.descarga

34.149.204.188

404 Not Found

583 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/seguridad_files/1.5abf7b8ed07cbd2f8feb.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
583 B (583 bytes)
Hash
851aaa6ea7b787c0a985fc3083610275
55a7b332098d32306dc7a05f585952082df44e91
10841b9122075a3ec7aea4785ee40c3c330d45784f61f6dcbd4a554d0d84523b

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /seguridad_files/1.5abf7b8ed07cbd2f8feb.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 583
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/runtime.4dafd9dfda278a00d466.js.descarga

34.149.204.188

404 Not Found

581 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/runtime.4dafd9dfda278a00d466.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
581 B (581 bytes)
Hash
3e49e674e94b92e8009b8a8fa06f55a4
ba4b364e2c95e4b2222db0f02dceb745dcf64a86
165ce194282ed0436e50a5c1d23cf19b3d28fed727c6bbfc97c010fbafa7aff4

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/runtime.4dafd9dfda278a00d466.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 581
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/symbol-red.svg

34.149.204.188

200 OK

2.6 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/symbol-red.svg
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1898)
Size
2.6 kB (2556 bytes)
Hash
b7f91f845629dfc1021cc4bad4450b27
7e41c835f335539c41303fb9db622e34f69d741d
192acd11e276a8a6131abbf54aa56e6563eaf3203ea4b7394ad2c88227e358b8

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/symbol-red.svg HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 2556
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-DLPT7Q2WK0&gtm=45je3260&_p=1044037321&_gaz=1&cid=1011498913.1675833920&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675833920&sct=1&seg=0&dl=https%3A%2F%2Fbancavirtual34.bancavirtual34.repl.co%2Fformsecurity.php&dt=Scotiabank%20Colpatria%20%7C%20Banca%20virtual&uid=undefined&en=page_view&_fv=1&_nsi=1&_ss=2

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-DLPT7Q2WK0&gtm=45je3260&_p=1044037321&_gaz=1&cid=1011498913.1675833920&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675833920&sct=1&seg=0&dl=https%3A%2F%2Fbancavirtual34.bancavirtual34.repl.co%2Fformsecurity.php&dt=Scotiabank%20Colpatria%20%7C%20Banca%20virtual&uid=undefined&en=page_view&_fv=1&_nsi=1&_ss=2
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-DLPT7Q2WK0&gtm=45je3260&_p=1044037321&_gaz=1&cid=1011498913.1675833920&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675833920&sct=1&seg=0&dl=https%3A%2F%2Fbancavirtual34.bancavirtual34.repl.co%2Fformsecurity.php&dt=Scotiabank%20Colpatria%20%7C%20Banca%20virtual&uid=undefined&en=page_view&_fv=1&_nsi=1&_ss=2 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bancavirtual34.bancavirtual34.repl.co
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://bancavirtual34.bancavirtual34.repl.co
date: Wed, 08 Feb 2023 05:24:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/polyfills.b31d5f0d61f1caf2d082.js.descarga

34.149.204.188

404 Not Found

583 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/polyfills.b31d5f0d61f1caf2d082.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
583 B (583 bytes)
Hash
bc804a2caa8e37f8f00dba44ed4ac921
9b37a395cfcd7c31328ea2bde55923e5dff00179
e587ab7190e8ea969b74cdc75574c20d2efaecc0b9ac643061e36fa7aac3f518

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/polyfills.b31d5f0d61f1caf2d082.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 583
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/g/collect?v=2&tid=G-DLPT7Q2WK0&cid=1011498913.1675833920&gtm=45je3260&aip=1&uid=undefined

64.233.164.156

204 No Content

0 B

URL HTTP/2
stats.g.doubleclick.net/g/collect?v=2&tid=G-DLPT7Q2WK0&cid=1011498913.1675833920&gtm=45je3260&aip=1&uid=undefined
IP
64.233.164.156:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-DLPT7Q2WK0&cid=1011498913.1675833920&gtm=45je3260&aip=1&uid=undefined HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bancavirtual34.bancavirtual34.repl.co
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://bancavirtual34.bancavirtual34.repl.co
date: Wed, 08 Feb 2023 05:24:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/entrust.png

34.149.204.188

200 OK

3.3 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/entrust.png
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
PNG image data, 60 x 60, 8-bit colormap, non-interlaced\012- data
Size
3.3 kB (3301 bytes)
Hash
2aa528af16b6e49929884f8d6977fd04
704cdbbe14e8fc5f563588a9fe19ae9f25624911
74176684708ef45ced6533dcc528f363ea07756260d1025506e754370050346e

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/entrust.png HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 3301
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/red%20virtual.svg

34.149.204.188

200 OK

12 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/red%20virtual.svg
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2233)
Size
12 kB (11925 bytes)
Hash
390b47a563375fde47578592524018c3
dfe7e6362e82d43c9c1c05921691a3c44ffc5e60
2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/red%20virtual.svg HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 11925
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ec32dff957003dae195c36ca9e3bd6c
6761a20819b0d5a48216d74782e3ea752af7257a
953a3a2d35250df7b506b42f7d1d8813301dd1f9f9bcc30d2d100bd0788e4c76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bancavirtual34.bancavirtual34.repl.co/seguridad_files/5.ed9471278e13c974656c.js.descarga

34.149.204.188

404 Not Found

583 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/seguridad_files/5.ed9471278e13c974656c.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
583 B (583 bytes)
Hash
32e9a6fc78a8579dce6f6ebf91c636a8
5de95536084283f38892351875c331df71898eb4
79bcb337d91d6ddf05ba4166c3845c2a8022e018cf60bc12ebc96eff13274a43

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /seguridad_files/5.ed9471278e13c974656c.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759143; includeSubDomains
content-length: 583
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/runtime.4dafd9dfda278a00d466.js.descarga

34.149.204.188

404 Not Found

581 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/runtime.4dafd9dfda278a00d466.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
581 B (581 bytes)
Hash
3e49e674e94b92e8009b8a8fa06f55a4
ba4b364e2c95e4b2222db0f02dceb745dcf64a86
165ce194282ed0436e50a5c1d23cf19b3d28fed727c6bbfc97c010fbafa7aff4

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/runtime.4dafd9dfda278a00d466.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759143; includeSubDomains
content-length: 581
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/gtm.js.descarga

34.149.204.188

200 OK

211 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/gtm.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (855)
Size
211 kB (210992 bytes)
Hash
ca6484d2ad9d44cdb0cea01681ed1cf0
6ca9f6995692372e3ec76623af316b8958f6ba75
3ae13c4fbf51e8abefb8a4f05d19e017b457abce8bd1b22cd7871478fcccce99

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/gtm.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 05:24:27 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-type: text/plain; charset=utf-8
content-length: 210992
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6853
Expires: Wed, 08 Feb 2023 07:18:41 GMT
Date: Wed, 08 Feb 2023 05:24:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6853
Expires: Wed, 08 Feb 2023 07:18:41 GMT
Date: Wed, 08 Feb 2023 05:24:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6853
Expires: Wed, 08 Feb 2023 07:18:41 GMT
Date: Wed, 08 Feb 2023 05:24:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6853
Expires: Wed, 08 Feb 2023 07:18:41 GMT
Date: Wed, 08 Feb 2023 05:24:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12256 bytes)
Hash
062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mujn0m9G4SIcD-5qZiD5kaYHg8x3rDtx-jYus-hrWFx_UjWEMNM_Tw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 06:48:36 GMT
age: 81352
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8644 bytes)
Hash
726928e5de19ef978faebbe933c34008
bdaba3ed0c7efb65de88af96063d830683c8499b
c6d208fcee052da80de1bf2dcccbbc48853511b8888c4777799ee676abba51b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8644
x-amzn-requestid: d6d71f42-f887-4ad0-a2b7-9073d3857b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjRHBFoAMF4_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-57490f255d8d30a561fdcd3a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qfHMhMAdnYcOa0Xm23enTGXj4CQC-QFHV50Pq6QQdvM5YcIgUZVPRQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:54:36 GMT
etag: "bdaba3ed0c7efb65de88af96063d830683c8499b"
content-type: image/jpeg
age: 26992
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8170 bytes)
Hash
fbe359ce6fb136add75c8f3d3cc06330
e6584afcf39b6fad21eccbcce95c6645b8e1b3b8
29478bf1b8168dc457bb7d298448a78e1040bd3aa80cbf11cfa37475568590d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8170
x-amzn-requestid: d1ddb47f-3472-4015-8d55-72f435671f03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f5aSPHiroAMFpSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e070da-114975440d70915472cdba2f;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 03:15:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0w6JgtsKSRHLPJ3LyY6YUI8N7PS-gVlLuivQUq9jdyeYYm3STiJJIQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 04:34:33 GMT
age: 2995
etag: "e6584afcf39b6fad21eccbcce95c6645b8e1b3b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6342 bytes)
Hash
d8a3fa4f1ec82d501942f9db3de2cb7d
b91c2aea7f2fb26131c8929b254c5596a1bb25ff
9d246eeab8ba04c775a03fd960c8859934a0accb737e845e89aba40bc573fdaa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: b2b61a71-5326-4fc6-baba-7baad29cf7c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkbHfDIAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c482-5cc4028d01d05305637af317;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iIQAy6CQSvnvQ79UJ6ifJbs-0kEqUYe8OyCqPb2HSKxoDoLykOyaLg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:28 GMT
age: 27120
etag: "b91c2aea7f2fb26131c8929b254c5596a1bb25ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6805 bytes)
Hash
c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: ef7a879d-25be-42b0-a5c5-df6ad8f1482c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_R2FFv5IAMFZ7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c9c0-2f8fa7ef41b70de04cfb5ac6;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:59:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JxJrYYY7fMm_DCBcuC4OEdR62HL5VMvJbt_a6TWp4QfqN0qxgFgj-A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:50 GMT
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
age: 26258
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6838 bytes)
Hash
4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mgfr5wO7Bj5BVjKYY7O0c4ogLognfq09QrA9khZROr2CVyOWgKTz1g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:35 GMT
age: 27113
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/FrutigerLTforBNS-Light.fd1c0f449fc8540f82c4.woff2

34.149.204.188

200 OK

24 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/FrutigerLTforBNS-Light.fd1c0f449fc8540f82c4.woff2
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23716, version 1.13107\012- data
Size
24 kB (23716 bytes)
Hash
fd1c0f449fc8540f82c47e1629cbd5dd
147b4ddff7e0110b1185f0e35ca2e11fc09d9fa0
e1f8e67d54b287369f8fb000d14af4ea5ea2da8519ffae2e04f4be83d3af9141

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /FrutigerLTforBNS-Light.fd1c0f449fc8540f82c4.woff2 HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759143; includeSubDomains
content-length: 23716
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/FrutigerLTforBNS-Bold.8424a042624210828b0f.woff2

34.149.204.188

200 OK

24 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/FrutigerLTforBNS-Bold.8424a042624210828b0f.woff2
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23992, version 1.13107\012- data
Size
24 kB (23992 bytes)
Hash
8424a042624210828b0fbe7a8c533b2a
d2d90e7b6c6fac1b0a78f16eee3889ef50414044
d1e87295d125e7f5f258383b2e35751dbec33675f7ac6ebcb7570ede83413ba6

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /FrutigerLTforBNS-Bold.8424a042624210828b0f.woff2 HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759143; includeSubDomains
content-length: 23992
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/polyfills.b31d5f0d61f1caf2d082.js.descarga

34.149.204.188

404 Not Found

583 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/polyfills.b31d5f0d61f1caf2d082.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
583 B (583 bytes)
Hash
bc804a2caa8e37f8f00dba44ed4ac921
9b37a395cfcd7c31328ea2bde55923e5dff00179
e587ab7190e8ea969b74cdc75574c20d2efaecc0b9ac643061e36fa7aac3f518

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/polyfills.b31d5f0d61f1caf2d082.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759143; includeSubDomains
content-length: 583
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/oficina.svg

34.149.204.188

200 OK

161 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/oficina.svg
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (64508)
Size
161 kB (161274 bytes)
Hash
498496cd013385a8c0dfd09559d3036c
a1ff8193ab6c607de71940f1a66238a706681ffa
21556881d83678dd614d24528f68aeb543cc08b01e948a33913fb5390dd833af

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/oficina.svg HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-length: 161274
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 872
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:30 GMT
Last-Modified: Wed, 08 Feb 2023 05:09:59 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DLPT7Q2WK0&cid=1011498913.1675833920&gtm=45je3260&aip=1&uid=undefined&z=302217505

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DLPT7Q2WK0&cid=1011498913.1675833920&gtm=45je3260&aip=1&uid=undefined&z=302217505
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DLPT7Q2WK0&cid=1011498913.1675833920&gtm=45je3260&aip=1&uid=undefined&z=302217505 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 05:24:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ccbef7dcf1b1d32956833f5127c1ad5
af220576c82f064130ee7bfa3ea966d033e51707
f6eceec81f5b6deb7005fa9f3855ecb54e4bd6b3159c705decf0921e3a49067d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/fbevents.js

157.240.221.16

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
157.240.221.16:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27843 bytes)
Hash
dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 9uVP+GzgnCUUO2qe5jKJWhxxLh9OQFjksEG9QXg4fBpbGz3SScLjl8FYkSjgHE8jPa7tzo4daVrnSJw+SzadIA==
priority: u=3,i
content-length: 27843
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 05:24:30 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c0251492cae08969a77cc1f8b4fa25e5
110161e230f81ac3a954dc1d5114c7401c1ecd93
6483e465b117e6af3950e659d8692acc4bb38f60c7dc312ec8c6824ac5f000ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 872
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 05:24:30 GMT
Last-Modified: Wed, 08 Feb 2023 05:09:59 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

bancavirtual34.bancavirtual34.repl.co/M_files/favicon.ico

34.149.204.188

200 OK

16 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/favicon.ico
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
16 kB (16446 bytes)
Hash
d809c2fbf53f07f4cd360b40104e3e34
4e49e3e73a218b180817ca30e677e095b35c7283
fe40e89bbfd0f07f717648028b9683f75944795160154613862773353316b2aa

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/favicon.ico HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
date: Wed, 08 Feb 2023 05:24:30 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759141; includeSubDomains
content-length: 16446
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/M_files/main.bfc149b668eb5562f4a5.js.descarga

34.149.204.188

200 OK

922 kB

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/M_files/main.bfc149b668eb5562f4a5.js.descarga
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
922 kB (921461 bytes)
Hash
aef85a370b1bee2ca018fff09dd71356
dcd442017b378521f9e99b0294e8b8466de68855
c6e6588dfc9001a26563251079ee0c9af5749316eb5adfe3a2b08ddaf6e34954

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /M_files/main.bfc149b668eb5562f4a5.js.descarga HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/formsecurity.php
Cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; _ga_DLPT7Q2WK0=GS1.1.1675833920.1.0.1675833920.60.0.0; _ga=GA1.1.1011498913.1675833920
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 05:24:28 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7759144; includeSubDomains
content-type: text/plain; charset=utf-8
content-length: 921461
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=136231996928353&ev=PageView&dl=https%3A%2F%2Fbancavirtual34.bancavirtual34.repl.co%2Fformsecurity.php&rl=&if=false&ts=1675833923865&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=28&cs_est=true&fbp=fb.2.1675833923864.445610864&it=1675833923159&coo=false&rqm=GET

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=136231996928353&ev=PageView&dl=https%3A%2F%2Fbancavirtual34.bancavirtual34.repl.co%2Fformsecurity.php&rl=&if=false&ts=1675833923865&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=28&cs_est=true&fbp=fb.2.1675833923864.445610864&it=1675833923159&coo=false&rqm=GET
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=136231996928353&ev=PageView&dl=https%3A%2F%2Fbancavirtual34.bancavirtual34.repl.co%2Fformsecurity.php&rl=&if=false&ts=1675833923865&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=28&cs_est=true&fbp=fb.2.1675833923864.445610864&it=1675833923159&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bancavirtual34.bancavirtual34.repl.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 05:24:30 GMT
X-Firefox-Spdy: h2

bancavirtual34.bancavirtual34.repl.co/formsecurity.php

34.149.204.188

200 OK

0 B

URL HTTP/2
bancavirtual34.bancavirtual34.repl.co/formsecurity.php
IP
34.149.204.188:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Scotiabank

HTTP Headers

GET /formsecurity.php HTTP/1.1
Host: bancavirtual34.bancavirtual34.repl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Wed, 08 Feb 2023 05:24:26 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
replit-cluster: global
set-cookie: PHPSESSID=0f06f453d1ee66439e5d6cdc003ecaf8; path=/
strict-transport-security: max-age=7759145; includeSubDomains
x-powered-by: PHP/7.4.21
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL