Report - bdhleon.com/wps

Report Overview

Submitted URL
bdhleon.com/wps
IP
200.58.111.29
ASN
#27823 Dattatec.com
Submitted
2023-01-18 08:27:47
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	511 B	694 B	216.58.207.228
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
bdhleon.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	17 kB	3.0 MB	200.58.111.29
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	21 kB	216.239.38.178
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.6 kB	172.217.21.163
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	376 B	52 kB	142.250.74.168
bhd.com.do	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	321 kB	204.126.128.60
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	5.1 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.149.61.21
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	84 kB	34.120.237.76
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	349 B	31.13.72.36
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
detectca.easysol.net	60033	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.4 kB	107.23.44.14
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	705 B	64.233.165.154
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	29 kB	31.13.72.12
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	510 B	694 B	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-18 08:27:41	medium	200.58.111.29	Client IP	ET PHISHING Possible Phish - Saved Website Comment Observed
2023-01-18 08:27:41	medium	200.58.111.29	Client IP	ET PHISHING Possible Phish - Saved Website Comment Observed

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-18	medium	bdhleon.com/wps	Phishing
2023-01-18	medium	bdhleon.com/wps/	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/fbevents.js.descarga	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/detect.js.descarga	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/analytics.js.descarga	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/ra_collection(1)	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/gtm.js.descarga	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/242328147526346	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/ra_collection	Phishing
2023-01-18	medium	bdhleon.com/wps/perso.html	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/HP.html	Phishing
2023-01-18	medium	bdhleon.com/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.woff	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/ARF	Phishing
2023-01-18	medium	bdhleon.com/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.ttf	Phishing
2023-01-18	medium	bdhleon.com/wps/index_files/check.js.descarga	Phishing
2023-01-18	medium	bdhleon.com/wps/perso_files/mashup_ra_collection	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	detectca.easysol.net/detectca/scripts/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/detect.js	1.6 kB	2023-03-13	2023-03-13
Pretty URL detectca.easysol.net/detectca/scripts/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/detect.js IP 107.23.44.14 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash 9879f3d7063820bfa182a161e05866f8 6425cf80c65ab768ce341f266c8d058cb2b07882 5e5198599f3bb094c3eedb1331d58448e60b1c4eadd0afff2cb0eb2e4dbafb21 Loading...

	bdhleon.com/wps/index_files/fbevents.js.descarga	108 kB	2023-03-12	2023-03-13
Pretty URL bdhleon.com/wps/index_files/fbevents.js.descarga IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:27:05 Last Seen2023-03-13 02:53:43 Times Seen1 Hash 215d19684091f3dc2c98b38b0a1254b1 4625cc5882f5730370f2a753ce1b740ad69e7463 cba8862bc0eeff77ab390c0669021b95055e809f226aa0e7dc438d79e3ad399f Loading...

	bdhleon.com/wps/	82 B	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/ IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash 2a47f9c5c8e8bc73e5c4a8f56525f5dc e6a9797dd257aa87d0fdd9948b006f5d758921dc 6ff8c92426cd1a322b33e1bbfd8e3070931b31ba240e7373188e5c78ef81e997 Loading...

	bdhleon.com/wps/index_files/analytics.js.descarga	50 kB	2023-03-08	2024-04-26
Pretty URL bdhleon.com/wps/index_files/analytics.js.descarga IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-26 00:32:39 Times Seen1530 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	bdhleon.com/wps/index_files/gtm.js.descarga	135 kB	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/index_files/gtm.js.descarga IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash 0e28ec8fce8fb6af7c272468c4d5889f a75770c92a471182383b76812a0e79ba887bf1f8 62e612c123f0fbfcdd337aa51ff0dd6a92e4ed498f6ac05c54df398bc5d745e9 Loading...

	bdhleon.com/wps/index_files/242328147526346	308 kB	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/index_files/242328147526346 IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash acfbde341569678703f81231ef19e2a1 29846444058c4ee0a455a6ae8a4ab7d595eefbcd b8408630df84b479731128088be777a4e226b8f23493ba346c78df6e3a137dda Loading...

	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-12	2023-03-18
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:27:08 Last Seen2023-03-18 07:43:22 Times Seen1 Hash cf0731d687328f0426cf2709b697dd92 3fe9944a3efd792f4c59d0f1012cd8206769dca4 39cc6c78632abb08815246e75d23371d17c0106cfb4156297f74366c8404b533 Loading...

	connect.facebook.net/signals/config/242328147526346?v=2.9.92&r=stable	386 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/signals/config/242328147526346?v=2.9.92&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash 9498b998ea46f9828b0584338605507b 7a05714303d4ab1d84a3439acf0c42e52154b14e ed5a6a4c88aeb5751a033c7728a5b36b25de010253c1fdba0ac242f6e1e03f8b Loading...

	bdhleon.com/wps/	411 B	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/ IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash 750262616911bd0d29a34f1ad87d652d 25e25b95501c364d2e799ee5e2a4caea3fa3a68f 4924ad9bb681db647394d8777b3802ee5f55c230e3c9466f1f977049a75acf3b Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KXHQ7FV	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KXHQ7FV IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash 5698768b287544f3ea38f64d9f391a9c bd59d0320315545d74fa7a44502691418f7028ae 79c82a5c576818341462da0a940ddfd4332be7e81edcc7036882622f18a47009 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 05:01:19 Times Seen37083649 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	bdhleon.com/wps/index_files/detect.js.descarga	1.6 kB	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/index_files/detect.js.descarga IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash 4e5a6e5aac68175cbf9791af5d481b6c d313589446ad2df9908b47d8b2aa681d03873ac4 c2b404b63b648c7f5c20710e15bfe9a05a9d97e1ccb96b76239fcc095ffe2feb Loading...

	bdhleon.com/wps/	398 B	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/ IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash b1863f93dfb89cdd367c35680c47a8f7 8e5b09762ed7ae37457712302c21e96a6df6270d c14d3c539322eb3b0b060bbf5beb9c59a9e1fce8ee3fbcb2e4ac910c563be176 Loading...

	bdhleon.com/wps/	24 B	2023-03-07	2024-04-25
Pretty URL bdhleon.com/wps/ IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:31 Last Seen2024-04-25 18:47:37 Times Seen975 Hash 4261d16328bf553db3854d37ff5d5b96 ccb5a4d6697ab915fd627c7fe562feaa7f4ff16a 65d0d311f97cc6b1a7ee267fda63038b30c87ba25199ea76bf3f524c7262e19b Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 216.239.38.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	bdhleon.com/wps/index_files/ra_collection(1)	10 kB	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/index_files/ra_collection(1) IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:25 Last Seen2023-03-13 02:02:25 Times Seen1 Hash bffb10d4f8dc2e43185ed34ed08ab199 f9f693defb66ec76b01c2e87d089780596574249 1fc42d124001ec0807fe82188ea8bb8bec35910cecc4c7833e1041882977a45c Loading...

	bdhleon.com/wps/index_files/ra_collection	588 kB	2023-03-13	2023-03-13
Pretty URL bdhleon.com/wps/index_files/ra_collection IP 200.58.111.29 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:02:26 Last Seen2023-03-13 02:02:26 Times Seen1 Hash eda2663dea901ca7771383ed9aaddb61 d37f61fb83ea8e99e1b3ac4b4247d9ebf74a46d5 297d23d664fd27795907d4963518c43718cae0b2a8bc8e8a83f64e29885bac91 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 7907545e68f617f87fd26a259a5b3f0e	29 kB	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 12:56:08 Last Seen2024-04-18 13:11:43 Times Seen100 Hash 7907545e68f617f87fd26a259a5b3f0e c622592f52dadca1e34df931bcc68642b31b5e37 09997726531b148218f8c09bfae926e9345fbc85907e28df9ef9db7fd0d0081d Loading...

	#2 Eval - 8cf542b4c1e3f9328108c448e8596ba7	36 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 01:27:57 Last Seen2024-04-14 07:36:16 Times Seen101 Hash 8cf542b4c1e3f9328108c448e8596ba7 83aa53b68e105593dc419a215f025d0ff5eef4bb 3a432892366ff54070e907455807f9f5f767ccaa664a1164fa862e6dccc38398 Loading...

	#3 Eval - 129f5fd162665cd0abc0f39fea8c9e8f	24 kB	2023-03-07	2024-04-22
Pretty Observations First Seen2023-03-07 01:33:09 Last Seen2024-04-22 12:32:09 Times Seen1066 Hash 129f5fd162665cd0abc0f39fea8c9e8f 253c21387dc8055cee42777276f455c7794de3cf a6336811b695da7dff581c054bbcb90502e899d034ec0f26005f91236c3817b1 Loading...

	#4 Eval - 3ecdf33ea12e099568080c739cf135ab	44 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 01:27:57 Last Seen2024-04-14 07:36:16 Times Seen100 Hash 3ecdf33ea12e099568080c739cf135ab 5b94c122f3c3efffd1ee363ad299ade491b1d790 1260373596fccab9f78ef49644de6a84937c8dc65de99f5ff1c273ec30de4327 Loading...

HTTP Transactions (90)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
648bf42163c5d645d8a33cd0a9afebd0
9b9ac85435c4e90647e8379bca54c689058a8929
060757fb4857858d4d01a715824ea6771d0137e73a24bf75e2844d0f346380fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060757FB4857858D4D01A715824EA6771D0137E73A24BF75E2844D0F346380FA"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2167
Expires: Wed, 18 Jan 2023 09:03:43 GMT
Date: Wed, 18 Jan 2023 08:27:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bb0c8d0984a1f09a012961a54cda03c6
1a8ad450a0241554ee4fc7d02fac7b83529e60f6
eee3ca879a67cc25ea89cb83de9521eea1b82845705c3e82169d4787ecb7dd3a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EEE3CA879A67CC25EA89CB83DE9521EEA1B82845705C3E82169D4787ECB7DD3A"
Last-Modified: Mon, 16 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6334
Expires: Wed, 18 Jan 2023 10:13:10 GMT
Date: Wed, 18 Jan 2023 08:27:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 18 Jan 2023 07:49:19 GMT
content-type: application/json
age: 2297
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6c8239f3894cfba54d1f3a9ea1c85db5
a70f2b3bf79f2aa26b0cc0340dd182565c3eb946
64dc0508d3fcea1ec92fb60310e9b3f5454c0b69f61e8453fd443bc46ab9471b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64DC0508D3FCEA1EC92FB60310E9B3F5454C0B69F61E8453FD443BC46AB9471B"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20007
Expires: Wed, 18 Jan 2023 14:01:03 GMT
Date: Wed, 18 Jan 2023 08:27:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: xER6yjISxViSG04iboqV98p7986Z8O1UQyvLlhKagEjrj1+8lO0ThJJ4+vIWCioemoQA5thDhx0=
x-amz-request-id: FYQ405ZX2867XZYJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 18 Jan 2023 07:45:19 GMT
age: 2537
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 18 Jan 2023 08:27:36 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

bdhleon.com/wps

200.58.111.29

301 Moved Permanently

231 B

URL HTTP/1.1
bdhleon.com/wps
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
231 B (231 bytes)
Hash
a76c0f756850006348059778817200f6
b69a87614e79ba978ae020246c54b2c2a0279f2a
a21ff315285fc843f47239ce3f6bfbe8e6c196a8691ccc90d2791a1950c2b7c2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Wed, 18 Jan 2023 08:27:36 GMT
Server: Apache
Location: http://bdhleon.com/wps/
Content-Length: 231
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 18 Jan 2023 08:17:25 GMT
age: 612
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8720730dce33d0026a1a354ac93d4a7d
ed5f086bc646a4d93d2344b19ff7821c96e44f7c
b2892fda88242fbc4d58dd1f3bb159ca02cbf98b77c57dde66fba98d183c0136

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4384
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:37 GMT
Last-Modified: Wed, 18 Jan 2023 07:14:33 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.61.21

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.61.21:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FerTTheYcFBODclngKLxMw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XdhoCC+BLcOtKYih9GaZJ4KJ8jE=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5043
Expires: Wed, 18 Jan 2023 09:51:40 GMT
Date: Wed, 18 Jan 2023 08:27:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5043
Expires: Wed, 18 Jan 2023 09:51:40 GMT
Date: Wed, 18 Jan 2023 08:27:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5043
Expires: Wed, 18 Jan 2023 09:51:40 GMT
Date: Wed, 18 Jan 2023 08:27:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5043
Expires: Wed, 18 Jan 2023 09:51:40 GMT
Date: Wed, 18 Jan 2023 08:27:37 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ce66831-56e0-4f6e-ba05-da99c3485e5e.jpeg

34.120.237.76

200 OK

3.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ce66831-56e0-4f6e-ba05-da99c3485e5e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.6 kB (3599 bytes)
Hash
928e970121a035e9f8d537e4bfe6bf5c
ce4aadc6b3500508d1c4b42b76f09be4414b6eee
2da1438b17cf05aed64e565350dcc706420f2bae7e8c5e36d1b5bad38248c275

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ce66831-56e0-4f6e-ba05-da99c3485e5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3599
x-amzn-requestid: 5b743b27-b6d4-4d98-9984-3a5e17cb28e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A1xH8BIAMFuZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c714f1-2f1031db0871abae4760d5b6;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:36:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jyWosZVSdPHomvHRyf-MuxVp0gR7sKIJ0-jmMStDeixhd8Bhoqzitg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 22:01:09 GMT
age: 37588
etag: "ce4aadc6b3500508d1c4b42b76f09be4414b6eee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe52164e3-afec-433e-87ab-adb17222f1cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13848 bytes)
Hash
8656702f08344d3a4658bc43a9074a1f
fba424e1d09cbdc839ca320458b51715dafbbccc
0b0ac963c377b07f843637348f3d7c41d2aca89540ab8c2b80ef5fbbf466fee8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe52164e3-afec-433e-87ab-adb17222f1cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13848
x-amzn-requestid: 93bbdd19-aa04-49ec-858f-9fa1d6b736d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6BKCGEtoAMFgsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c71573-008911af44c3998d7b27b837;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:38:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: adtKl3gOcesaXNHcRbi71-1Wz6caEgtXrAvbhB9qhId7eJEkd7d7pQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 21:59:45 GMT
age: 37672
etag: "fba424e1d09cbdc839ca320458b51715dafbbccc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefcc19e1-75f3-4a6f-8686-3308f93dd409.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7574 bytes)
Hash
df397b10a8e03cec7f74cd8f0fbb4e6e
625e8a1b7e865def8861e194ac754c486cd374e7
6bafab2eaac6814dd4c0f2155119f71e01cf6ecd602d51fa5d5e547db3588705

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefcc19e1-75f3-4a6f-8686-3308f93dd409.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7574
x-amzn-requestid: e330d010-6465-47c6-b45f-b25a6de84f9d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A16GjsIAMFYgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c714f2-17ca5566719117874cb6a6d0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:36:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wF_siKELQDBuWLkhNtrGzLwKyuMaGaSoCQNpE5etDRs6XotQgRYF3w==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 22:02:53 GMT
age: 37484
etag: "625e8a1b7e865def8861e194ac754c486cd374e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d4770a8-c74a-4d56-b999-a0f191af3bf2.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6454 bytes)
Hash
9200e43ca808b9ecec74828e03853d4c
3070340147ced46e5fdf73408272aa39391976fb
abdaedfc2da45180c463607686b20afd82113b78cfa78b0f28ab169b9858469b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d4770a8-c74a-4d56-b999-a0f191af3bf2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6454
x-amzn-requestid: 79329eb3-8d89-423f-8626-32c5e2e2831a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A0gHpeoAMF-Jw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c714e9-5e859dc121cd322c6b684eee;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:36:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TKl5JNASQseZsuX_yJtVaUT2TCY5lKIxjJ8QvhDIXDAkC8GwIRilYg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 22:01:08 GMT
age: 37589
etag: "3070340147ced46e5fdf73408272aa39391976fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a78cd6d-1eab-47b0-b5c7-f2d1f91acc3a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8853 bytes)
Hash
3f112ea3865f38cbbcc8400b58320fa0
dacc584338546bf60f26b2a0bec48e9b584640dc
7feb3c0691f40354701d1cb0bf3c834d1eeead4a7297fac3afc0f4a7ca2c94cb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a78cd6d-1eab-47b0-b5c7-f2d1f91acc3a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8853
x-amzn-requestid: ff98ec33-294a-4a13-b064-3cd4744cd2b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e0LLKHPnIAMF0vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4bf14-233cbc6407c6b138144d7abb;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 03:05:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QZZaGtGl3Z-4G4DxO4R_gjfDdQVgJc30Ur9EyLAvbGFhv4LfaXziPQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 04:00:29 GMT
age: 16028
etag: "dacc584338546bf60f26b2a0bec48e9b584640dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

25 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F861225b5-aa80-4ecb-b68c-3a62a2e3d376.gif
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 296 x 148\012- data
Size
25 kB (24970 bytes)
Hash
e9e29acd071f93411556a2a1cbb076fa
6cc5c64b7e82cc5bdc148be6f4760e98cb06f414
a1d23e683f912c5c9a334df441908c7d522ae8f41c91dbb0e99e6bf5162bc54e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F861225b5-aa80-4ecb-b68c-3a62a2e3d376.gif HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 24970
x-amzn-requestid: 65ccc511-17aa-468c-a607-f531ccba1e91
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e0K86HLgIAMFfxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4beb8-798eaf875ae85c5e1d73e183;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 03:04:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RCzR1Y9Aya6p6jIR9T0rDo5BEyR_q238uzLQpJ7veDu2HDPCaMtKbg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 03:56:47 GMT
age: 16250
etag: "6cc5c64b7e82cc5bdc148be6f4760e98cb06f414"
content-type: image/gif
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bdhleon.com/wps/

200.58.111.29

200 OK

8.0 kB

URL HTTP/1.1
bdhleon.com/wps/
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (825)
Size
8.0 kB (8002 bytes)
Hash
53c5d0e3ea56663b8dffb0c7a2e6a567
fcbf7b0f565bbcaad8dc4ea5f01d492fa1c8a010
2c6a4c6bd0a93a84da76812ab0bb0653f005fafda5ddef002791226cee0684d7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/ HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:37 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8002
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
773596e36fe4af70225f1ee08e977461
5595433fd09a22008b2c739f6626aef116ad5285
fb18080471e9a54e7d1c060d2e26b023f09c135e0d195e48917cd064549d7fdc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-KXHQ7FV

142.250.74.168

200 OK

51 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KXHQ7FV
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2558)
Size
51 kB (50843 bytes)
Hash
c1be2cbc668626c9f064f47d2f7dc967
b65d34397a354edeb5d3247702e3a86df1eed00e
266a775540ba685ca7a5935fd9dec465e6a51edf052f2f11adf95a71cee07bfe

HTTP Headers

GET /gtm.js?id=GTM-KXHQ7FV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 18 Jan 2023 08:27:38 GMT
expires: Wed, 18 Jan 2023 08:27:38 GMT
cache-control: private, max-age=900
last-modified: Wed, 18 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50843
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
773596e36fe4af70225f1ee08e977461
5595433fd09a22008b2c739f6626aef116ad5285
fb18080471e9a54e7d1c060d2e26b023f09c135e0d195e48917cd064549d7fdc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bdhleon.com/wps/index_files/fbevents.js.descarga

200.58.111.29

200 OK

28 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/fbevents.js.descarga
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (64348)
Size
28 kB (27689 bytes)
Hash
acf344ceaf9be1c4e69773807426f85a
2cfe6acad97b04baa137d6f46ade64e408294995
70a0969420840cc92f46eea2ef977df348f29a41aaf6d09db5bcc0c9a5bf7d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/fbevents.js.descarga HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:38 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:22 GMT
ETag: "1a468-5f21d1e7bbc40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27689
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript

bdhleon.com/wps/index_files/detect.js.descarga

200.58.111.29

200 OK

512 B

URL HTTP/1.1
bdhleon.com/wps/index_files/detect.js.descarga
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1644), with no line terminators
Size
512 B (512 bytes)
Hash
9d2857af9e89d9f4d077aa207d30655b
ba3bcc93ad54901d376d87d5411f724e29eb1114
23df46a53c019d7894f18721bc3ae3172beeaa31a59f10f6c5b740969b280421

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/detect.js.descarga HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:22 GMT
ETag: "66c-5f21d1e77d446-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 512
Keep-Alive: timeout=10, max=200
Content-Type: application/javascript

bdhleon.com/wps/index_files/analytics.js.descarga

200.58.111.29

200 OK

20 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/analytics.js.descarga
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1325)
Size
20 kB (20073 bytes)
Hash
93bde531cb4f65be97d29e35331ca13e
a893da1a81f92a8b58bba978dbe35780c97235b2
2172506c0cbb4a0f851f60c59097cf9e578de853c1382061395858f5d448ab8d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/analytics.js.descarga HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:20 GMT
ETag: "c436-5f21d1e531a26-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20073
Keep-Alive: timeout=10, max=200
Content-Type: application/javascript

bdhleon.com/wps/index_files/ra_collection(1)

200.58.111.29

200 OK

10 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/ra_collection(1)
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
Unicode text, UTF-8 text, with very long lines (10208)
Size
10 kB (10270 bytes)
Hash
bffb10d4f8dc2e43185ed34ed08ab199
f9f693defb66ec76b01c2e87d089780596574249
1fc42d124001ec0807fe82188ea8bb8bec35910cecc4c7833e1041882977a45c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/ra_collection(1) HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:39 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:25 GMT
ETag: "281e-5f21d1e9fce69"
Accept-Ranges: bytes
Content-Length: 10270
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive

bdhleon.com/wps/index_files/style1.css

200.58.111.29

200 OK

42 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/style1.css
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (65369)
Size
42 kB (42476 bytes)
Hash
de10eed8360f803757ffc24d881a796b
df023601247d120e557c13d36f7a2b09416f0686
2549dc6365848c440871dc2748004a83bcd516a980f6bbbaadf4a6d773dbb82d

HTTP Headers

GET /wps/index_files/style1.css HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:26 GMT
ETag: "39ecf-5f21d1eb369d3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 42476
Keep-Alive: timeout=10, max=200
Content-Type: text/css

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
544006635f64d2f302c3bde070b9e8d3
9ce1d38f325d5020f97823ae9bbc10db8c9ff35b
e245fd2018c0b8739dbd64222723d13db90690043bd93ede0a2bca26b9762053

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1136
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:39 GMT
Last-Modified: Wed, 18 Jan 2023 08:08:43 GMT
Server: ECS (amb/6B7D)
X-Cache: HIT
Content-Length: 471

bdhleon.com/wps/index_files/gtm.js.descarga

200.58.111.29

200 OK

51 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/gtm.js.descarga
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (2558)
Size
51 kB (50855 bytes)
Hash
174421be858f93134eaa3be0a8fd7353
5f4ecf88a8f430f26bc646c21133e68681b09c29
efd47b8ac5cb2b35d7436b327dfe0fe6399c3baf8b6f7f8fd5b7587fd7a9b153

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/gtm.js.descarga HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:23 GMT
ETag: "20df7-5f21d1e804461-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=200
Transfer-Encoding: chunked
Content-Type: application/javascript

bdhleon.com/wps/index_files/242328147526346

200.58.111.29

200 OK

308 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/242328147526346
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (64471)
Size
308 kB (308129 bytes)
Hash
acfbde341569678703f81231ef19e2a1
29846444058c4ee0a455a6ae8a4ab7d595eefbcd
b8408630df84b479731128088be777a4e226b8f23493ba346c78df6e3a137dda

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/242328147526346 HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:20 GMT
ETag: "4b3a1-5f21d1e501c8a"
Accept-Ranges: bytes
Content-Length: 308129
Keep-Alive: timeout=10, max=200

bdhleon.com/wps/index_files/ra_collection

200.58.111.29

200 OK

588 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/ra_collection
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (65442)
Size
588 kB (588396 bytes)
Hash
eda2663dea901ca7771383ed9aaddb61
d37f61fb83ea8e99e1b3ac4b4247d9ebf74a46d5
297d23d664fd27795907d4963518c43718cae0b2a8bc8e8a83f64e29885bac91

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/ra_collection HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:39 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:25 GMT
ETag: "8fa6c-5f21d1ea02071"
Accept-Ranges: bytes
Content-Length: 588396
Keep-Alive: timeout=10, max=200

detectca.easysol.net/detectca/images/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/DetectCA.png?ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&sr=1280%20x%201024&url=http://bdhleon.com/wps/&rf=&nc=0.27749454620791714

107.23.44.14

200 OK

82 B

URL HTTP/1.1
detectca.easysol.net/detectca/images/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/DetectCA.png?ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&sr=1280%20x%201024&url=http://bdhleon.com/wps/&rf=&nc=0.27749454620791714
IP
107.23.44.14:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data
Size
82 B (82 bytes)
Hash
ae11c9259e141875b33cbb6598aa1485
4d71dc1bd4621df68ee846fe3f9409606aabced4
ca2613f315c93819ed7c4a14d44dcf8b041a71c5e032bd0aec9b399a6f4eb491

HTTP Headers

GET /detectca/images/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/DetectCA.png?ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&sr=1280%20x%201024&url=http://bdhleon.com/wps/&rf=&nc=0.27749454620791714 HTTP/1.1
Host: detectca.easysol.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 18 Jan 2023 08:27:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *

www.google-analytics.com/j/collect?v=1&_v=j98&a=2141933676&t=pageview&_s=1&dl=http%3A%2F%2Fbdhleon.com%2Fwps%2F&ul=en-us&de=UTF-8&dt=Banco%20BHD&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&_u=aEBAAEABEAAAACAAI~&jid=844222263&gjid=436000698&cid=1758485268.1674030460&tid=UA-32863799-1&_gid=499219198.1674030460&_r=1&_slc=1&cd1=&z=391130085

216.239.38.178

200 OK

4 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=2141933676&t=pageview&_s=1&dl=http%3A%2F%2Fbdhleon.com%2Fwps%2F&ul=en-us&de=UTF-8&dt=Banco%20BHD&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&_u=aEBAAEABEAAAACAAI~&jid=844222263&gjid=436000698&cid=1758485268.1674030460&tid=UA-32863799-1&_gid=499219198.1674030460&_r=1&_slc=1&cd1=&z=391130085
IP
216.239.38.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

HTTP Headers

POST /j/collect?v=1&_v=j98&a=2141933676&t=pageview&_s=1&dl=http%3A%2F%2Fbdhleon.com%2Fwps%2F&ul=en-us&de=UTF-8&dt=Banco%20BHD&sd=24-bit&sr=1280x1024&vp=1152x836&je=0&_u=aEBAAEABEAAAACAAI~&jid=844222263&gjid=436000698&cid=1758485268.1674030460&tid=UA-32863799-1&_gid=499219198.1674030460&_r=1&_slc=1&cd1=&z=391130085 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://bdhleon.com
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://bdhleon.com
date: Wed, 18 Jan 2023 08:27:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bdhleon.com/wps/index_files/LogoSB.png

200.58.111.29

200 OK

13 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/LogoSB.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 450 x 451, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12920 bytes)
Hash
05be705f6cf52a13d46cc101fe2afe88
8fd18a4cc2242c7b11943efd17daa26fbf497152
c4d0dab37f80b6134e45c378225782c91b7e458e5750d05ddac1bd5eac4a5dd1

HTTP Headers

GET /wps/index_files/LogoSB.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:23 GMT
ETag: "3278-5f21d1e890684"
Accept-Ranges: bytes
Content-Length: 12920
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: image/png

bdhleon.com/wps/index_files/180x90+banner+pequen%CC%83o+BHD+BIEN.jpg

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/180x90+banner+pequen%CC%83o+BHD+BIEN.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/180x90+banner+pequen%CC%83o+BHD+BIEN.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/banner_180x90_wellness_bhd.jpg

200.58.111.29

200 OK

30 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/banner_180x90_wellness_bhd.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 180x90, components 3\012- data
Size
30 kB (29779 bytes)
Hash
32f040f801dafce116a2f8040091db2e
6d0184f8ef0e407983a86002e31468009c24a8da
06fb7de4fa90c482a8ac879df7af67017392b3406be8446ff86d314867ca8a42

HTTP Headers

GET /wps/index_files/banner_180x90_wellness_bhd.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:21 GMT
ETag: "7453-5f21d1e5e9f4c"
Accept-Ranges: bytes
Content-Length: 29779
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: image/jpeg

detectca.easysol.net/detectca/scripts/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/detect.js

107.23.44.14

200 OK

1.6 kB

URL HTTP/1.1
detectca.easysol.net/detectca/scripts/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/detect.js
IP
107.23.44.14:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (1640), with no line terminators
Size
1.6 kB (1640 bytes)
Hash
9879f3d7063820bfa182a161e05866f8
6425cf80c65ab768ce341f266c8d058cb2b07882
5e5198599f3bb094c3eedb1331d58448e60b1c4eadd0afff2cb0eb2e4dbafb21

HTTP Headers

GET /detectca/scripts/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/detect.js HTTP/1.1
Host: detectca.easysol.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 18 Jan 2023 08:27:40 GMT
Content-Type: application/javascript
Content-Length: 1640
Last-Modified: Tue, 24 Aug 2021 00:00:00 GMT
Connection: keep-alive
ETag: "61243680-668"
Accept-Ranges: bytes

bdhleon.com/wps/perso.html

200.58.111.29

200 OK

7.4 kB

URL HTTP/1.1
bdhleon.com/wps/perso.html
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4690)
Size
7.4 kB (7388 bytes)
Hash
e9eb0a199007007c09ece4fc4f3061a6
fc33fe443811aa782971e7620053fd2e839145bf
87834e0dd5c866e04f35d0003b10c5ac89b7dd40698cec6bec9e5d4f80c13323

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phish - Saved Website Comment Observed

HTTP Headers

GET /wps/perso.html HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:10 GMT
ETag: "51a5-5f21d1dbcc2c2-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7388
Keep-Alive: timeout=10, max=200
Content-Type: text/html

bdhleon.com/wps/index_files/HP.html

200.58.111.29

200 OK

7.4 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/HP.html
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3882)
Size
7.4 kB (7375 bytes)
Hash
e182695e1dfba8269026c0eb7287480a
196d9b60445c14600d37d6c9aa2426e3cfc80795
f5cfd620c192ee779373f925bfaf77a2cb637e55b11196f46d8f42f59e730886

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phish - Saved Website Comment Observed

HTTP Headers

GET /wps/index_files/HP.html HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 13 Jan 2023 03:49:23 GMT
ETag: "5762-5f21d1e83ab74-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7375
Keep-Alive: timeout=10, max=200
Content-Type: text/html

bdhleon.com/wps/index_files/bg_web.jpg

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/bg_web.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/bg_web.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

107.23.44.14

200 OK

82 B

URL HTTP/1.1
detectca.easysol.net/detectca/images/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/DetectCA.png?ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&sr=1280%20x%201024&url=http://bdhleon.com/wps/&rf=&nc=0.9026334072508344
IP
107.23.44.14:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data
Size
82 B (82 bytes)
Hash
ae11c9259e141875b33cbb6598aa1485
4d71dc1bd4621df68ee846fe3f9409606aabced4
ca2613f315c93819ed7c4a14d44dcf8b041a71c5e032bd0aec9b399a6f4eb491

HTTP Headers

GET /detectca/images/IkdhFg2jKjOmCujHP22n9cqRdyRkUG/DetectCA.png?ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&sr=1280%20x%201024&url=http://bdhleon.com/wps/&rf=&nc=0.9026334072508344 HTTP/1.1
Host: detectca.easysol.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 18 Jan 2023 08:27:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *

bdhleon.com/wps/index_files/1600x550_2WBC_BHD.png

200.58.111.29

200 OK

303 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/1600x550_2WBC_BHD.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 1600 x 550, 8-bit colormap, non-interlaced\012- data
Size
303 kB (303032 bytes)
Hash
60efeb3bb1110d7bdebefd1ec932cd4f
441685173a2b411f78cb76da26950d1f7076a900
8fc39162e1137b264440a132c5bb08abc2a950201de48b0378cdea5d9e058ed0

HTTP Headers

GET /wps/index_files/1600x550_2WBC_BHD.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:19 GMT
ETag: "49fb8-5f21d1e465899"
Accept-Ranges: bytes
Content-Length: 303032
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: image/png

bdhleon.com/wps/index_files/180x90_WBC_BHD+paint.png

200.58.111.29

200 OK

30 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/180x90_WBC_BHD+paint.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 180 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
30 kB (29823 bytes)
Hash
2547d737cfdd63afd29d14a1f5e9df49
a89b26451273e945179eb8949fd23529ab50f4ac
7bb887cfe2935634efb58175067db910bf2885c1409be98908a883b455475712

HTTP Headers

GET /wps/index_files/180x90_WBC_BHD+paint.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:19 GMT
ETag: "747f-5f21d1e497d44"
Accept-Ranges: bytes
Content-Length: 29823
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: image/png

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6a6b2d9466c78838d5b89a24b1afc5f1
056b045d2648e975609cc689aace2cebf56dc4b8
87f1afd429d569be0ae89952298d447806d8c9d543b4ed8d2bc80cd9dc3d125d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&gjid=436000698&_gid=499219198.1674030460&_u=aEBAAEAAEAAAACAAI~&z=1698117566

64.233.165.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&gjid=436000698&_gid=499219198.1674030460&_u=aEBAAEAAEAAAACAAI~&z=1698117566
IP
64.233.165.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&gjid=436000698&_gid=499219198.1674030460&_u=aEBAAEAAEAAAACAAI~&z=1698117566 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://bdhleon.com
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://bdhleon.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 18 Jan 2023 08:27:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6a6b2d9466c78838d5b89a24b1afc5f1
056b045d2648e975609cc689aace2cebf56dc4b8
87f1afd429d569be0ae89952298d447806d8c9d543b4ed8d2bc80cd9dc3d125d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bdhleon.com/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.woff

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.woff
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.woff HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/btn-bhd-online.png

200.58.111.29

200 OK

8.2 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/btn-bhd-online.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 272 x 114, 8-bit/color RGBA, non-interlaced\012- data
Size
8.2 kB (8217 bytes)
Hash
12bbeca6f6a3094c25ad0f27688d61c4
5a9e085666e834b950acf6d370f0dd3788de9bc2
d746e03ee3a35d66c5ad30d0218cee058dd3471dda46c5d53094a772dd0989c8

HTTP Headers

GET /wps/index_files/btn-bhd-online.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:21 GMT
ETag: "2019-5f21d1e62641e"
Accept-Ranges: bytes
Content-Length: 8217
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: image/png

bdhleon.com/wps/index_files/ARF

200.58.111.29

200 OK

0 B

URL HTTP/1.1
bdhleon.com/wps/index_files/ARF
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/ARF HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/HP.html
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:20 GMT
ETag: "0-5f21d1e514568"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive

bdhleon.com/wps/index_files/sub-menu_bg.jpg

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/sub-menu_bg.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/sub-menu_bg.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.ttf

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.ttf
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/fonts/trebuc.ttf HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/check.js.descarga

200.58.111.29

200 OK

29 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/check.js.descarga
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (17988)
Size
29 kB (28904 bytes)
Hash
ee53f227d8234638b585d514941b2ee6
0a855f5f1a956cc26ae9b84e65e046ca8beb1303
38773697d91eebfe5c449116ded6d2c40a8a5935cf81571d6959b8626d958a63

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/index_files/check.js.descarga HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/HP.html
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:21 GMT
ETag: "34421-5f21d1e66c530-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 28904
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: application/javascript

bdhleon.com/wps/index_files/logo-1.png

200.58.111.29

200 OK

154 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/logo-1.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 1354 x 417, 8-bit/color RGBA, interlaced\012- data
Size
154 kB (154271 bytes)
Hash
15e6b52732c804009655d8774deeb46d
bdd821d6838599adb7195e88a9489a2e6cf25fe0
cb35b59fcbcba73d2980e821fa66cc5e41e47e37d28e8c519e4c7fd4e89231ad

HTTP Headers

GET /wps/index_files/logo-1.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:23 GMT
ETag: "25a9f-5f21d1e896c13"
Accept-Ranges: bytes
Content-Length: 154271
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: image/png

bdhleon.com/wps/index_files/main-menu-close.png

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/main-menu-close.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/main-menu-close.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/slide-control.png

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/slide-control.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/slide-control.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/thums_bg.png

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/thums_bg.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/thums_bg.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/thums_bg_on.png

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/thums_bg_on.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/thums_bg_on.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/bhd-1.png

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/index_files/bhd-1.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/index_files/bhd-1.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/index_files/style1.css
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/index_files/Banner+1600x550+Banner+Home+BHD.jpg

200.58.111.29

200 OK

284 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/Banner+1600x550+Banner+Home+BHD.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.5 (Macintosh), datetime=2022:12:28 00:31:23], progressive, precision 8, 1600x550, components 3\012- data
Size
284 kB (283630 bytes)
Hash
bb139194558cc686122f760ed0b923ec
ed5262dee4d108a050822311684bd6d6dad36a90
2936f2dd3580e6718623a5cf83ef264103528e0e6f31ecfd2b0817b1be415d64

HTTP Headers

GET /wps/index_files/Banner+1600x550+Banner+Home+BHD.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:20 GMT
ETag: "453ee-5f21d1e581f46"
Accept-Ranges: bytes
Content-Length: 283630
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: image/jpeg

bdhleon.com/wps/index_files/Bannersite.jpg

200.58.111.29

200 OK

114 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/Bannersite.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1601x551, components 3\012- data
Size
114 kB (114092 bytes)
Hash
054adc2fb9469fb15385fcdc3fd02e9f
e3ef68649ed5d145b8fdfdb4cf974369ef69ba87
bfb7849c2f56c834aefa8ba4cfa6c78f4422b5224a4b2575c2f3b9110c32fad6

HTTP Headers

GET /wps/index_files/Bannersite.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:20 GMT
ETag: "1bdac-5f21d1e5a6d1a"
Accept-Ranges: bytes
Content-Length: 114092
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: image/jpeg

bdhleon.com/wps/index_files/Bannersite.png

200.58.111.29

200 OK

12 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/Bannersite.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 180 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
12 kB (12464 bytes)
Hash
44418f7d664e0284ce21a6f71f771410
f8bb96b7d6c11db1d8f398699aa9e8d74c8055a7
d5e50619acfd4d6a3171c165735b3d55506ab5b9f0e7e6b0d189dd6afaba781d

HTTP Headers

GET /wps/index_files/Bannersite.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:20 GMT
ETag: "30b0-5f21d1e5aa3ca"
Accept-Ranges: bytes
Content-Length: 12464
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: image/png

bdhleon.com/wps/index_files/Banners350x100-Cambio.jpg

200.58.111.29

200 OK

52 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/Banners350x100-Cambio.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=100, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=350], progressive, precision 8, 350x100, components 3\012- data
Size
52 kB (51925 bytes)
Hash
82cf6e5bdbd995154061dbf47145be70
6a73541b5caff9a0189f8ecb7a2dcb1fada952d4
1c7a411a19e22f85fad056ae416b457a651c62001bfa34c4f554bbbd126ef108

HTTP Headers

GET /wps/index_files/Banners350x100-Cambio.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:20 GMT
ETag: "cad5-5f21d1e5690d8"
Accept-Ranges: bytes
Content-Length: 51925
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: image/jpeg

bdhleon.com/wps/index_files/Prestamos-Tasa.jpg

200.58.111.29

200 OK

55 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/Prestamos-Tasa.jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Macintosh), datetime=2015:08:26 17:06:25], progressive, precision 8, 350x100, components 3\012- data
Size
55 kB (55143 bytes)
Hash
ce119505d46889bf198e5b954141b069
c53dcdf116826e5a9eb6762bfc45954422924319
8367e1386881eeef0c639e12da2a1b211ef420ec6f831caea7fc888c98aea2fb

HTTP Headers

GET /wps/index_files/Prestamos-Tasa.jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:25 GMT
ETag: "d767-5f21d1e9c82ae"
Accept-Ranges: bytes
Content-Length: 55143
Keep-Alive: timeout=10, max=194
Connection: Keep-Alive
Content-Type: image/jpeg

bdhleon.com/wps/perso_files/mashup_ra_collection

200.58.111.29

200 OK

379 kB

URL HTTP/1.1
bdhleon.com/wps/perso_files/mashup_ra_collection
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
ASCII text
Size
379 kB (378895 bytes)
Hash
ec62dd6dce5e1b91c32305c89837f903
5e82194a87101fbd1cb8ed74bd87dec973bba2f0
9667d170e7bafa9347072e1d2c8eaf9aaf465b4df96a0da9cf77efaebaffc0c7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wps/perso_files/mashup_ra_collection HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/perso.html
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:40 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:33 GMT
ETag: "5c80f-5f21d1f1860e2"
Accept-Ranges: bytes
Content-Length: 378895
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive

www.google-analytics.com/analytics.js

216.239.38.178

200 OK

20 kB

URL HTTP/1.1
www.google-analytics.com/analytics.js
IP
216.239.38.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20085
Date: Wed, 18 Jan 2023 08:16:09 GMT
Expires: Wed, 18 Jan 2023 10:16:09 GMT
Cache-Control: public, max-age=7200
Age: 693
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
97c18a1f4ad26bed14c097c5bb7459f0
2c6ee86fc895d1b3a4b5b8e4caf9cb71a54ab790
d6817e25966a6106335f3e3c2eecb392cc3cff8e148e1dfadf7c26254cc8e8dc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5925
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Last-Modified: Wed, 18 Jan 2023 06:48:58 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e1c7515ba5231aaae042ef63071a8562
676673d88597e11f572ac38844b18562ab57b920
002b5adabb3fb37aa6c0f18adee2f221a770e217fe95a027fcf8b8fe84794a19

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27815 bytes)
Hash
541db4f3f0ba067bfb58cdac34cb86f4
20e6883f068568888ce37c6b9ef8f5d12be257c0
83898f3b2da2a11996d2eb3a5115ef301255030fdf231b8bf7971916769bc7be

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: /2gRiKLORtgSm3Jf+Tq9XLi6vJzDo438fT8qpTWLSxfOBY8BwflyCQXxNCrtUP/DYAvGXSZTQNySHeQyigYtMQ==
priority: u=3,i
content-length: 27815
x-fb-trip-id: 1904183273
date: Wed, 18 Jan 2023 08:27:42 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
38de5599544ffa789bad3f8686808c5e
fa442ea8ec124d47130fe75d0e848330a279e19e
d0344819ecf4cb1795fcd668d5f1a806121a48e174588ecd2eb8751595ac61ce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&_u=aEBAAEAAEAAAACAAI~&z=1963713207

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&_u=aEBAAEAAEAAAACAAI~&z=1963713207
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&_u=aEBAAEAAEAAAACAAI~&z=1963713207 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 18 Jan 2023 08:27:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
97c18a1f4ad26bed14c097c5bb7459f0
2c6ee86fc895d1b3a4b5b8e4caf9cb71a54ab790
d6817e25966a6106335f3e3c2eecb392cc3cff8e148e1dfadf7c26254cc8e8dc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5925
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Last-Modified: Wed, 18 Jan 2023 06:48:58 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&_u=aEBAAEAAEAAAACAAI~&z=1963713207

142.250.74.131

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&_u=aEBAAEAAEAAAACAAI~&z=1963713207
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-32863799-1&cid=1758485268.1674030460&jid=844222263&_u=aEBAAEAAEAAAACAAI~&z=1963713207 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 18 Jan 2023 08:27:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
38de5599544ffa789bad3f8686808c5e
fa442ea8ec124d47130fe75d0e848330a279e19e
d0344819ecf4cb1795fcd668d5f1a806121a48e174588ecd2eb8751595ac61ce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

172.217.21.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
43904744042cec16f81766250b8ebf49
8393568a2e9c86dafc36563c76703704c7cd86c6
d2359c7cce5176a68cd627ba7e39dfceff78036c6840cd468994df8519f1fb27

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bdhleon.com/wps/perso_files/clear(2).png

200.58.111.29

200 OK

81 B

URL HTTP/1.1
bdhleon.com/wps/perso_files/clear(2).png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /wps/perso_files/clear(2).png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/perso.html
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:42 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:30 GMT
ETag: "51-5f21d1eedd29b"
Accept-Ranges: bytes
Content-Length: 81
Keep-Alive: timeout=10, max=193
Connection: Keep-Alive
Content-Type: image/png

bdhleon.com/wps/perso_files/clear1.png

200.58.111.29

200 OK

0 B

URL HTTP/1.1
bdhleon.com/wps/perso_files/clear1.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wps/perso_files/clear1.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/perso.html
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:42 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:31 GMT
ETag: "0-5f21d1ef72545"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: image/png

bdhleon.com/wps/perso_files/dd_arrow_login.gif

200.58.111.29

404 Not Found

196 B

URL HTTP/1.1
bdhleon.com/wps/perso_files/dd_arrow_login.gif
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /wps/perso_files/dd_arrow_login.gif HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/perso_files/mashup_ra_collection
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 404 Not Found
Date: Wed, 18 Jan 2023 08:27:42 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

bdhleon.com/wps/perso_files/maquetasprite.png

200.58.111.29

200 OK

327 kB

URL HTTP/1.1
bdhleon.com/wps/perso_files/maquetasprite.png
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
PNG image data, 300 x 2000, 8-bit/color RGBA, interlaced\012- data
Size
327 kB (327363 bytes)
Hash
e82718dc4a9fd014817769ccc3999dae
efc9c37982ad7025cc3deeb6acd5331997744b4d
0d74446e7e0a7838b016a172c8cda9c4e6239358c6e335b98c2ef6e8864dac72

HTTP Headers

GET /wps/perso_files/maquetasprite.png HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/perso_files/mashup_ra_collection
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e; _ga=GA1.2.1758485268.1674030460; _gid=GA1.2.499219198.1674030460; _gat=1

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:42 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:32 GMT
ETag: "4fec3-5f21d1f129873"
Accept-Ranges: bytes
Content-Length: 327363
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: image/png

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f404da3b1abdefd6f64e8ab04e9cb72c
f370005dff7facaadd69b0798429288c7a7dfeb7
6401934189fb3b3e98c348bce0803f026e71bd48050af1879f19730f398d1e09

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6000
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Last-Modified: Wed, 18 Jan 2023 06:47:42 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
477065ec836d5d086c6586bb804ad073
edbe34158fdc15466fa7dba66b5e88a5406c1496
fc4b05d013faa6071d1017b3733b2ee76cbdc46e6e7c41a7b505879c6f3d64e1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=145656
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Etag: "63c74376-1d7"
Expires: Fri, 20 Jan 2023 00:55:18 GMT
Last-Modified: Wed, 18 Jan 2023 00:55:18 GMT
Server: nginx
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
477065ec836d5d086c6586bb804ad073
edbe34158fdc15466fa7dba66b5e88a5406c1496
fc4b05d013faa6071d1017b3733b2ee76cbdc46e6e7c41a7b505879c6f3d64e1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 08:27:42 GMT
Server: ECS (amb/6B82)
Content-Length: 471

bdhleon.com/wps/index_files/banner_1600x550_wellness_bhd+(1).jpg

200.58.111.29

200 OK

151 kB

URL HTTP/1.1
bdhleon.com/wps/index_files/banner_1600x550_wellness_bhd+(1).jpg
IP
200.58.111.29:0
ASN
#27823 Dattatec.com

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1600x550, components 3\012- data
Size
151 kB (150794 bytes)
Hash
8dcdf89548e77ddd32cf3ee940277948
d8d3dc7eca68dacebeb59b52878e2e9fe4679b3b
ff03470ffc89715e49ef76f7d0e738fe0b55eb082cb6a59373e1d4e24218a751

HTTP Headers

GET /wps/index_files/banner_1600x550_wellness_bhd+(1).jpg HTTP/1.1
Host: bdhleon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdhleon.com/wps/
Cookie: PHPSESSID=147cad9eb0a58f1d482e02e9b4f5aa5e

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:41 GMT
Server: Apache
Last-Modified: Fri, 13 Jan 2023 03:49:21 GMT
ETag: "24d0a-5f21d1e5f629b"
Accept-Ranges: bytes
Content-Length: 150794
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: image/jpeg

www.facebook.com/tr/?id=242328147526346&ev=PageView&dl=http%3A%2F%2Fbdhleon.com%2Fwps%2F&rl=&if=false&ts=1674030462693&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1674030462691.1145261973&it=1674030462214&coo=false&rqm=GET

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=242328147526346&ev=PageView&dl=http%3A%2F%2Fbdhleon.com%2Fwps%2F&rl=&if=false&ts=1674030462693&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1674030462691.1145261973&it=1674030462214&coo=false&rqm=GET
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=242328147526346&ev=PageView&dl=http%3A%2F%2Fbdhleon.com%2Fwps%2F&rl=&if=false&ts=1674030462693&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1674030462691.1145261973&it=1674030462214&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 18 Jan 2023 08:27:42 GMT
X-Firefox-Spdy: h2

bhd.com.do/wps/contenthandler/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png

204.126.128.60

302 Found

0 B

URL HTTP/1.1
bhd.com.do/wps/contenthandler/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png
IP
204.126.128.60:0
ASN
#6400 Compania Dominicana de Telefonos S. A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wps/contenthandler/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png HTTP/1.1
Host: bhd.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Date: Wed, 18 Jan 2023 08:27:31 GMT
Server: IBM_HTTP_Server
ARM_CORRELATOR: 002ECC00303030303036464330303035463238353936363638333238304242354132333430424235413233340001
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Powered-By: Servlet/3.0
Accept-Ranges: bytes
Location: /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png
X-Request-Digest: NzaYyllem8vGJo2IJ0isWA
X-DataSource-Digest: XzWpHd4WWNGJyUWtkUvndg
Content-Length: 0
Cache-Control: max-age=604800
Expires: Wed, 25 Jan 2023 08:27:31 GMT
Content-Security-Policy: object-src 'self' 'unsafe-inline' 'unsafe-eval';
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Language: en-US
Set-Cookie: NSC_mc_CIEMfpo_Qpsubm_Joufsop=ffffffffc3a0e29845525d5f4f58455e445a4a42378b;expires=Wed, 18-Jan-2023 09:00:46 GMT;path=/;secure;httponly
Strict-Transport-Security: max-age=63072000

bhd.com.do/wps/contenthandler/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico

204.126.128.60

302 Found

0 B

URL HTTP/1.1
bhd.com.do/wps/contenthandler/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico
IP
204.126.128.60:0
ASN
#6400 Compania Dominicana de Telefonos S. A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wps/contenthandler/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico HTTP/1.1
Host: bhd.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdhleon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Date: Wed, 18 Jan 2023 08:27:31 GMT
Server: IBM_HTTP_Server
ARM_CORRELATOR: 002ECC00303030303036464330303035463238353936363646443342304242354132333630424235413233360001
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Powered-By: Servlet/3.0
Accept-Ranges: bytes
Location: /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico
X-Request-Digest: NzaYyllem8vGJo2IJ0isWA
X-DataSource-Digest: XzWpHd4WWNGJyUWtkUvndg
Content-Length: 0
Cache-Control: max-age=604800
Expires: Wed, 25 Jan 2023 08:27:31 GMT
Vary: User-Agent
Content-Security-Policy: object-src 'self' 'unsafe-inline' 'unsafe-eval';
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Language: en-US
Set-Cookie: NSC_mc_CIEMfpo_Qpsubm_Joufsop=ffffffffc3a0e29845525d5f4f58455e445a4a42378b;expires=Wed, 18-Jan-2023 09:00:46 GMT;path=/;secure;httponly
Strict-Transport-Security: max-age=63072000

bhd.com.do/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico

204.126.128.60

200 OK

15 kB

URL HTTP/1.1
bhd.com.do/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico
IP
204.126.128.60:0
ASN
#6400 Compania Dominicana de Telefonos S. A.

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15406 bytes)
Hash
2c203fb7aa177752c7cdc168e101b47a
728138e5aefb05231950b511d5641d05e93933f8
1d2afd917a3b164c4c316f7acb945cf06a5617e5f881dc196176cfcdbfb869e1

HTTP Headers

GET /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico HTTP/1.1
Host: bhd.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bdhleon.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:31 GMT
Server: IBM_HTTP_Server
ARM_CORRELATOR: 002ECC00303030303036464330303035463238353936363939434234304242354132333930424235413233390001
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Powered-By: Servlet/3.0
Accept-Ranges: bytes
X-Request-Digest: NzaYyllem8vGJo2IJ0isWA
X-DataSource-Digest: XzWpHd4WWNGJyUWtkUvndg
Expires: Wed, 25 Jan 2023 08:27:27 GMT
Cache-Control: public, max-age=604800
ETag: W/"BEE0037B181"
Last-Modified: Fri, 01 Jul 2022 00:36:38 GMT
Content-Location: /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/favicon_n.ico
Content-Disposition: attachment;filename="favicon_n.ico";size=15406;modification-date="Fri, 01 Jul 2022 00:36:38 GMT"
Vary: User-Agent
Content-Security-Policy: object-src 'self' 'unsafe-inline' 'unsafe-eval';
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/x-icon
Content-Language: en-US
Set-Cookie: WRTCorrelator=000006FC0005f28596699cb40BB5A239; Secure; HttpOnly;
NSC_mc_CIEMfpo_Qpsubm_Joufsop=ffffffffc3a0e29845525d5f4f58455e445a4a42378b;expires=Wed, 18-Jan-2023 09:00:46 GMT;path=/;secure;httponly
Strict-Transport-Security: max-age=63072000

bhd.com.do/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png

204.126.128.60

200 OK

301 kB

URL HTTP/1.1
bhd.com.do/wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png
IP
204.126.128.60:0
ASN
#6400 Compania Dominicana de Telefonos S. A.

File type
PNG image data, 633 x 633, 8-bit/color RGBA, interlaced\012- data
Size
301 kB (300781 bytes)
Hash
da034cb3e49852fc88fcad55aa1436b3
6501cf698d2c13e5c60268fb422f6b629fe8ad7c
2854e57c880ed91e0d0e5d5c23c20c904dfd5348f94667508fd6c7ce24729796

HTTP Headers

GET /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png HTTP/1.1
Host: bhd.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bdhleon.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 18 Jan 2023 08:27:31 GMT
Server: IBM_HTTP_Server
ARM_CORRELATOR: 002ECC00303030303036464330303035463238353936363932323933304242354132333830424235413233380001
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-Powered-By: Servlet/3.0
Accept-Ranges: bytes
X-Request-Digest: NzaYyllem8vGJo2IJ0isWA
X-DataSource-Digest: XzWpHd4WWNGJyUWtkUvndg
Expires: Wed, 25 Jan 2023 08:27:27 GMT
Cache-Control: public, max-age=604800
ETag: W/"63C1537B181"
Last-Modified: Fri, 01 Jul 2022 00:38:06 GMT
Content-Location: /wps/contenthandler/!ut/p/digest!XzWpHd4WWNGJyUWtkUvndg/dav/fs-type1/themes/BHDTheme/build/themes/images/logobh152.png
Content-Disposition: attachment;filename="logobh152.png";size=300781;modification-date="Fri, 01 Jul 2022 00:38:06 GMT"
Content-Security-Policy: object-src 'self' 'unsafe-inline' 'unsafe-eval';
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/png
Content-Language: en-US
Set-Cookie: WRTCorrelator=000006FC0005f285966922930BB5A238; Secure; HttpOnly;
NSC_mc_CIEMfpo_Qpsubm_Joufsop=ffffffffc3a0e29845525d5f4f58455e445a4a42378b;expires=Wed, 18-Jan-2023 09:00:46 GMT;path=/;secure;httponly
Strict-Transport-Security: max-age=63072000

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F053123e4-9914-4404-b1e9-cb5f3e38b7a2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11781 bytes)
Hash
5caa7df39f82600c651046957ab6b62d
d6d6fbd676b74e487ee06248c48da87e178223e7
df3090d2e7c7c6e970fe498609d74c63e04aa80d55a26c956d1e3be5bebfafbc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F053123e4-9914-4404-b1e9-cb5f3e38b7a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11781
x-amzn-requestid: 522a0799-2025-43cd-9d7e-08cdaa5acf11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e0vQMGZRIAMFfjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4f8cd-697804fd5b8b3cff7d2d5a7e;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 07:12:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MGfNpq5RCQifmDzeCJl4-1DPyd63DRE89n_BlQwQanwYyYquvaBkBw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 07:21:45 GMT
age: 3959
etag: "d6d6fbd676b74e487ee06248c48da87e178223e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML