Report - personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/

Report Overview

URL

personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
IP

104.21.44.151

ASN

#13335 CLOUDFLARENET
Submitted

2023-06-02T00:27:26Z

Access

public
Tags

bancolombia financial phishing
urlquery detections

Phishing - Bancolombia

Detections

urlquery

18
Network Intrusion Detection

0
Threat Detection Systems

19

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
personas.hgdsa.com (18)	unknown	2023-05-30 14:55:05	2023-06-01 03:10:06	9550	537234	104.21.44.151
ka-f.fontawesome.com (4)	3598	2019-12-17 07:36:13	2023-06-01 18:15:24	1963	135942	172.64.202.28
kit.fontawesome.com (1)	1868	2019-12-16 20:51:31	2023-06-01 18:19:23	447	12294	104.18.22.52
images-cdn.info (1)	528156	2020-06-20 01:31:03	2023-06-01 03:10:14	431	229	54.86.140.52

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-06-01	medium	personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com
2023-06-01	medium	hgdsa.com

ThreatFox

No alerts detected

JavaScript (6)

HTTP Transactions (24)

URL IP Response Size

personas.hgdsa.com/panel/mua/img/error.jpg

104.21.44.151

200 OK

5363

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/error.jpg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 195x194, components 3\012- data

Size

5363
Hash

845eeed3b61d4c19ed0059c42fa7fc2e

ace747921c0b92d8451a1562759c867296c31b44

f68c633109e951014c6c401f878be7196c8894f6723215afb18388dbbbb83f1d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/error.jpg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/jpeg
content-length: 5363
etag: "14f3-5fce05bf2a362"
last-modified: Tue, 30 May 2023 02:57:09 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fjib71s0aVhq8wl%2BN9NkWP2e1l9HXcSbaDvuVdeLVGmtBim98GEkxe%2F%2B63OOheA%2BAkSe3XTZjcqJpKgbc%2FQljd3%2BwQnieeG%2Bj589vYGWxWdvzjeTyllIFPrlvyOlYN62S98feYY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbd8067b-OSL
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/img/reglamento.jpg

104.21.44.151

200 OK

1764

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/reglamento.jpg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 103x103, components 3\012- data

Size

1764
Hash

be3af886cffea048856b7fc77eaeebfc

96c0ec1895b5544070fd9c3ff371812ea04c7932

4d31c93eab87267a6e5e827fedd488a02c824a79ded4f00ef19f7431eaedab12

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/reglamento.jpg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/jpeg
content-length: 1764
etag: "6e4-5fce05bf3d6ed"
last-modified: Tue, 30 May 2023 02:57:09 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xd6v6GOi5giicb5MkZBeMrmPfiyLylQyxZLDAuQLIqzbc0TcPVnvasz26US8KQ1JTYJCLTKwyXHQ8WebA1PNjn36vpRCGSvxl%2BvPpjn6pWpLhDjazsh9jOVV72OuxzMWOqeFF7o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbdb067b-OSL
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/img/politica.jpg

104.21.44.151

200 OK

2615

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/politica.jpg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 103x103, components 3\012- data

Size

2615
Hash

7bb6c2ef23b43c8b8723d9e68ddf2fec

351b75536ef2c3244b7ba1eec7fe13215990a177

7b4d681b13b2beeab7a0dbd807eac72b762dec8e3bb18410776270a51860ac86

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/politica.jpg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/jpeg
content-length: 2615
etag: "a37-5fce05bf48a6b"
last-modified: Tue, 30 May 2023 02:57:09 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kgbaw3jlW3fTBed1E8b%2BC6DYthuVkJJIJ9clOe5vUxfEjEfQsaYn5wJshScSgcJfL7PNKBUxuZLnfXnL1yUdXfi%2FsQF8d6wh43Ywc4cci3n9%2F8Iq71CvG1Mhn59snXzWsV%2BAnpU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbda067b-OSL
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/img/seguridad.jpg

104.21.44.151

200 OK

1935

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/seguridad.jpg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 103x103, components 3\012- data

Size

1935
Hash

1aa9d62d948208093b507e8e1439b309

72f701f1204320b47d9966d5d0ed496a733adb80

1800e5e993450b4f547840ccb7abf5cd1f285f6cf9784b3ec23675528a49ff8c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/seguridad.jpg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/jpeg
content-length: 1935
etag: "78f-5fce05bef9e4d"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mAWuFqZpMox6F4eYz34e0ToDRlloAbTqVc2KK%2BHZn8GDp1Pd4lBb%2BSNsFDjm59Jv3tb9yxVba4L3CpUP4wvDHUt1kqXhDdB6qq2WXAzNg6MUUMpav7If6QN%2B06DKQcGnfsWMzw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbd9067b-OSL
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/img/demo.jpg

104.21.44.151

200 OK

1465

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/demo.jpg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 103x103, components 3\012- data

Size

1465
Hash

992039d1b794268d688a19b3563b7cd2

9116dbfe0fe620a6351952c1053017501537002f

61541605fc80557ad8cbc03b7d7ea64e94732198e536d4618dea0cb70191eb48

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/demo.jpg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/jpeg
content-length: 1465
etag: "5b9-5fce05bef55d5"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Il9add4PCmB%2F96IsTcqQYbNHgaPjuvX%2BbKbowhG51dBJtvV1Ql2PGRtdO97Ju9NyGneJtb2%2B4WtapxTT1aeYYT9pmRETd0SOiFInU7mA%2BQIjc7ArTiUjnuNfWis0uBdjTetI6aM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbd7067b-OSL
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/img/info.jpg

104.21.44.151

200 OK

3438

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/info.jpg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 62x61, components 3\012- data

Size

3438
Hash

72f07f88a708281bb165235fb88649ee

d2e7284036b30a170dc68c2ad476d664234ed66c

13df691e5ad1109013261983ff6272aa37353f3b28525a9e8b0b29355a1ebec4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/info.jpg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/jpeg
content-length: 3438
etag: "d6e-5fce05bea749e"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30V8mN6KOk4%2FDZbIxGkD4Opvc6UIXOSjssVIzbJDxKCTSsBLG4rX%2FeQ9Rw7k0PajGDa6iorpJ1RWi6Cn2D9zGlX68ZBM2u7mPdPQmFIuwM7b1eFL%2FHGwL%2BEhFcTdGNbErWKW%2Bhw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbd5067b-OSL
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/img/inicio.jpg

104.21.44.151

200 OK

47804

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/inicio.jpg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 627x327, components 3\012- data

Size

47804
Hash

085532800ace541124cb3472d27a2365

153ac0b32e31c472e021e450b6e48f4564a4c40f

35500fe4c97323624f089389243374c56e666e25478685a849c2456461a6163d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/inicio.jpg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/jpeg
content-length: 47804
etag: "babc-5fce05beda441"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2NPp3jUvDV4LTczQdDEwbJ4cS7XTGWB2tlBmBPhaJx%2BrMCv7IkaHSIsl5Sy5sOB5%2FbKtlTlBifaMPCIa2FEd1uTUJzFtJWIHBlY%2F7Ous51Fg23%2FZe4eeOtiria0bl6kNz9vXaM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbdc067b-OSL
alt-svc: h3=":443"; ma=86400

ka-f.fontawesome.com/releases/v6.4.0/css/free-v5-font-face.min.css?token=45b9078c9f

172.64.202.28

200 OK

745

URL GET HTTP/2

ka-f.fontawesome.com/releases/v6.4.0/css/free-v5-font-face.min.css?token=45b9078c9f
IP

172.64.202.28:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15

ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (608)

Size

745
Hash

5856e3f07fbc36fc4d430a95a577a87f

2eac8865e02675da74e9c3a508adc71d594edbd9

d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd

HTTP Headers

                                        GET /releases/v6.4.0/css/free-v5-font-face.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://personas.hgdsa.com/
Origin: https://personas.hgdsa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:27:10 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
etag: W/"5856e3f07fbc36fc4d430a95a577a87f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 0014cc5ed6f7d7422fe78da5a10aa120.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 1unK6smsyNIsnmRC8ekqfOdc8xbTof0Tf5Q3iLKVl9tqaNEJ5lvsDg==
age: 127980
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bl0VHOl24L9olRP%2FytvcrVdZ4ffnAjp%2BUlbC2SGxJyWXZxQB%2F4tKvplXq3Vi84HQyDcTd%2FxWkO%2B%2BvY83Qz91E4%2BsHEosYivIpetN9CU38rIQ6%2FRoq4onyiA1rskvADNrP3UUQ29SYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91aebcc2d170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

personas.hgdsa.com/panel/mua/js/functions.js

104.21.44.151

200 OK

2599

URL GET HTTP/3

personas.hgdsa.com/panel/mua/js/functions.js
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

ASCII text, with CRLF line terminators

Size

2599
Hash

10164d7e8e6f3beeadc838009452a280

6e4e7ec37e2525ad1c9f2fc97ceb200452551a64

b15561b517f44f96d584a09c97a556e1a6505387e7746393ef46e789fd386ebf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/js/functions.js HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: application/javascript
etag: W/"e4e-5fce05be7624a"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QIQvFcaC67aUpYNxsK5yGGFJ%2Fy1472XNQQhOfvSOHL3nTW7p9hLqXWvwISp8UnWY87kI%2Foe8TA20MB8kYXgy5XDOkntwAyC0XRcQy5qcDisqQ2sCgcXILJyo94WGgsczQhw%2Fogg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbd4067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-font-face.min.css?token=45b9078c9f

172.64.202.28

200 OK

671

URL GET HTTP/2

ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-font-face.min.css?token=45b9078c9f
IP

172.64.202.28:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15

ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (1560)

Size

671
Hash

9e7f9f634ace089bcdacc3fcc5f23ce5

749f4e34ae36352df77b880b490a2c5ee91c9605

af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76

HTTP Headers

                                        GET /releases/v6.4.0/css/free-v4-font-face.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://personas.hgdsa.com/
Origin: https://personas.hgdsa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:27:10 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
etag: W/"9e7f9f634ace089bcdacc3fcc5f23ce5"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7fcc9354bd594831abf31608fb6cde60.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: aP6YqQNiVESeKbQwnxbpiAZSBzbCVJ9oN8oXUQwgk9E8iVrp47qV7w==
age: 127980
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrCqRXdakAa2ZiVj1jFyqlVJ1S9TJeTh1eRiRPTUvaj%2Fj8MGIIYePp3oFqdUpnTbM%2BqisnMaBxJv%2B9jk%2FwqyzUjvXbtU4Fet5XabAw8Jy2ibFwd2ueq3WS8Jx9QmbmVZc8vZY%2BzoSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0b91aeccc4d170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

personas.hgdsa.com/panel/mua/img/logo.svg

104.21.44.151

200 OK

11981

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/logo.svg
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (667)

Size

11981
Hash

c049dccd21049cb237daabdb645ec648

e29af3f65a8312efd3ea4c3b66d4bd86657dde1b

2c7a6ea74a49a6adc3fad622078895e9b2589448214913d8c035764148aca7d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/logo.svg HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/svg+xml
etag: W/"1b6c-5fce05bf4431b"
last-modified: Tue, 30 May 2023 02:57:09 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6NSF6RF9hoRqRD6OD%2F8%2FJogaDbWs6n4O%2BqoUGvVMamxyiCdKH7dwPMIms00YF9ZWZS%2FHcRNzmtvWGCbU4e4EP5sI6LG0egpITGNmjLlhaCf2MX4K3VC%2FEQUQckQkVriNUs44bM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acfbd6067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kit.fontawesome.com/45b9078c9f.js

104.18.22.52

200 OK

11642

URL GET HTTP/2

kit.fontawesome.com/45b9078c9f.js
IP

104.18.22.52:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerDigiCert Inc

Subject*.fontawesome.com

Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E

ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (11213)

Size

11642
Hash

4bd9069d73bafec4f521d96f6906bc88

83fa8c0cd6f47b8853fb2918d94038a266b204c3

25df965d3072c488ae070664d2574e64220e08a3d1a0c1282c8f83bfb80a7bab

HTTP Headers

                                        GET /45b9078c9f.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://personas.hgdsa.com
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:27:10 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F2P77Fk1A8lEpbgAB1wC
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7d0b91ad0b69b517-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

personas.hgdsa.com/panel/mua/js/jquery.jclock-min.js

104.21.44.151

200 OK

3337

URL GET HTTP/3

personas.hgdsa.com/panel/mua/js/jquery.jclock-min.js
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

ASCII text, with very long lines (3485), with no line terminators

Size

3337
Hash

552f8daf31a5ada0cc58457b80523305

87a3070b3d7acf3f83ac22f1a2443199648f02e4

8c97612b3b2289ae2d216af6b4e69fb218d78cc2f6c48e05cabfe8bb3e841fe6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/js/jquery.jclock-min.js HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: application/javascript
etag: W/"d09-5fce05be92c11"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrJZVGU246DRUXdxW%2FjO51FGsjhCFZ4os3YbVm6cQsmBpa8wnrWDFru47WgMk%2FLR8%2FfT3So5lgthRMa3%2Bh5SP9Z3XM6P%2BMu6z3nmEMovi8Y%2F56uR8KS1pxXcChAYixVgZOLFmXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acebd3067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/css/stylesheet.css

104.21.44.151

200 OK

2946

URL GET HTTP/3

personas.hgdsa.com/panel/mua/css/stylesheet.css
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

ASCII text, with very long lines (3126), with no line terminators

Size

2946
Hash

997ae37ceeacbd062fd1936a8cb50332

e37292cc1fdef4d71ac902383f5fba345b8f3749

f34be6d89d1ebb8a52e40ad2c961609bc7f21625c729aea6220d0eb45d15d0da

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/css/stylesheet.css HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: text/css
etag: W/"b82-5fce05be55b55"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNQxi%2F2XRKfcGTmncrAM7SAzwOvwLngtPWdD629XPkA14k0OIRCVUR1E0mzUqYXT%2Bz2hLbTfA%2B2j46izIFokmR9guwtgAfs6pJDecGHw4wv%2BL8vCfBdt9vFxyQm%2BYPD9%2FWav6GQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acebd1067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/js/jquery-3.6.0.min.js

104.21.44.151

200 OK

89501

URL GET HTTP/3

personas.hgdsa.com/panel/mua/js/jquery-3.6.0.min.js
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

ASCII text, with very long lines (65447)

Size

89501
Hash

8fb8fee4fcc3cc86ff6c724154c49c42

b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/js/jquery-3.6.0.min.js HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: application/javascript
etag: W/"15d9d-5fce05be6e06b"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uPnyzJJflXlTDnNJrUMYF%2FxVxNqFk6VjOU4GxA%2FcECMl4zJuBvgsGaKMM42FgrESV6612UFZDlYNmBAgLVfPNufm3EzC8x7VMtidBlpgxcs1zysc7MB5qYavAYaOSBrE6rRXdsA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acebd2067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

images-cdn.info/444/image.gif

54.86.140.52

200 OK

URL GET HTTP/1.1

images-cdn.info/444/image.gif
IP

54.86.140.52:443
ASN

#14618 AMAZON-AES

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoDaddy.com, Inc.

Subjectimages-cdn.info

Fingerprint9B:95:3E:E4:E8:F5:63:C3:BC:A0:E0:3A:CA:BD:74:8D:50:61:82:2E

ValiditySun, 30 Apr 2023 18:08:05 GMT - Fri, 31 May 2024 18:08:05 GMT

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

43
Hash

ad4b0f606e0f8465bc4c4c170b37e1a3

50b30fd5f87c85fe5cba2635cb83316ca71250d7

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

                                        GET /444/image.gif HTTP/1.1
Host: images-cdn.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 00:27:11 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive

personas.hgdsa.com/panel/mua/fonts/opensans/OpenSans-Regular.ttf

104.21.44.151

200 OK

217276

URL GET HTTP/3

personas.hgdsa.com/panel/mua/fonts/opensans/OpenSans-Regular.ttf
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegular1.10;1ASC;OpenSans-R\012- data

Size

217276
Hash

d7d5d4588a9f50c99264bc12e4892a7c

513966e260bb7610d47b2329dba194143831893e

13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/fonts/opensans/OpenSans-Regular.ttf HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/css/stylesheet.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: font/ttf
etag: W/"350bc-5fce05bfe7f4d"
last-modified: Tue, 30 May 2023 02:57:09 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TBkD8mLiCCg1sQQJLtaFMPhdtUrv3LAyWWjLfwy5EXTE%2Belb%2F%2FUsAbnhqNsZoqT8tgsSQAmpsSyQO7H3zpKpK2qTlCbgpwvGJzXV%2F7WNnpC%2Ba%2B9f%2BG%2B7gW7gw%2BTrM7iO2AWOkdQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91b42d1f067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/css/style.css

104.21.44.151

200 OK

6009

URL GET HTTP/3

personas.hgdsa.com/panel/mua/css/style.css
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

ASCII text, with very long lines (6818), with no line terminators

Size

6009
Hash

c336cc87007f639f2b6282f744233afe

1edb56913d600419c86ad0173b7a2a37711c4233

4095ccc9e9de7b596e76cb91ede4f9d80c7bf1115ffd88e043aee2cf366db197

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/css/style.css HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: text/css
etag: W/"1779-5fce05be5ba01"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30IFLzcerR1yQapsRL82qXRe8FCLRpzXfqkzdpy0l36Fue4EppoSFFF0mlV4y1Fs3hNtryRhdRPbKDNBPvb0EX8sOmbrZrydOIoaHCJ6i%2FYxbLjLGZ%2BPo%2FDj2yyWUgOUZO8Y1Bk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91acebd0067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ka-f.fontawesome.com/releases/v6.4.0/css/free.min.css?token=45b9078c9f

172.64.202.28

200 OK

102557

URL GET HTTP/2

ka-f.fontawesome.com/releases/v6.4.0/css/free.min.css?token=45b9078c9f
IP

172.64.202.28:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15

ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65321)

Size

102557
Hash

5febfb939e2fc4ddf14fffae53b72cf0

e0e62217708a9cfd0b78a8574e07a66d95cf1344

fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1

HTTP Headers

                                        GET /releases/v6.4.0/css/free.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://personas.hgdsa.com/
Origin: https://personas.hgdsa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:27:10 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:21 GMT
etag: W/"5febfb939e2fc4ddf14fffae53b72cf0"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee8862e43d7837ef5478becfe2eb7116.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: EgoW2Kl8GrvT-aV9y9__JTWBL3XjOvCLt9H0CsPinAJTqWzd9j5Shw==
age: 127980
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bavfQUs2UebcVoRt3%2BuI%2Bp4FbAFJUUZ%2F6T5fcNSc8RHMeBsqXxcI30ZxLDhSTYuTAZY6ZIB34YknB3EUxKryl4YBcuBk%2B%2FkunNpQcB8n3Z3D52TJ0YukAP53IE13g%2BWjshozD5xGzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0b91aebcbdd170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

personas.hgdsa.com/panel/mua/img/user.png

104.21.44.151

200 OK

447

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/user.png
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data

Size

447
Hash

0e3457ed5ea858d1e9287ef66dcbbfe4

006c99b62e141ebbc69f6e06cab757995d3f7417

75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/user.png HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:11 GMT
content-type: image/png
content-length: 447
etag: "1bf-5fce05bef0a74"
last-modified: Tue, 30 May 2023 02:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GlOgGcmV6%2FGBGWFNssJ4Y0RexAwoP4j481qLNz1%2FGNTrNE3542VkUexO4XVColspyhZaQLrPsV5CEQhnrSiab0Y%2FJ3B56%2FJHvDUCyMQ66lIHe7XDYz3VKKsOy3lqRwq%2B%2BfizVSA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91b42d1e067b-OSL
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/fonts/opensans/CIBFontSans-Light.ttf

104.21.44.151

200 OK

110612

URL GET HTTP/3

personas.hgdsa.com/panel/mua/fonts/opensans/CIBFontSans-Light.ttf
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 33 names, Macintosh, Copyright (c) 2019 by Vasava Studio. All rights reserved.\011CIBFont SansLight1.300;UKWN;CIBFont\012- data

Size

110612
Hash

69096387df83ff65381f8ee25006b0aa

89689ed7f7547a3815d9fa2d0a2c11513480086e

decf1c3cb09b3e38d867e0d5cf648220584404c9cf8d18a6c51bdfa2af5047cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/fonts/opensans/CIBFontSans-Light.ttf HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/css/stylesheet.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:12 GMT
content-type: font/ttf
etag: W/"1b014-5fce05bfd25c4"
last-modified: Tue, 30 May 2023 02:57:09 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvSv2t%2Fw4hDyKIxJ92QBQHI3K4x%2FoP3ZFLXgktJSsA48Na7jwydXrq7LUi3YafR7nPT1hHzpbkHV3m6RgvQKw304zkMWtmd%2F0V9jKOz4SR1h6k3jye7t5rLDUr76iDTjEQAQHXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91b42d20067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/

104.21.44.151

200 OK

6432

URL User Request GET HTTP/2

personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (7832), with no line terminators

Size

6432
Hash

ceb219371a0d2d4dbd2963f4c028f394

b8954f93254c7d210e28882b6b84953ed0543401

35cabb66d5dbd90501abe961a66890d0476046d582b506048d7a861a8b3e92ec

Detections

Analyzer	Verdict	Alert
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/ HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:27:10 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j1qQI6Qi7Pzhj1Sti0rUcYwmLJBqzdvF9utBZ%2BtTojfQdBRhCSYSuX6%2Bi1HozoiY5TuPPZAsfagVynCEpBeujuoxBjvzNJWlIJ%2Fbxp49wSivY0hhBEJoLX1DhHEsKoQDU3aQPiQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0b91a519bdb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-shims.min.css?token=45b9078c9f

172.64.202.28

200 OK

27592

URL GET HTTP/2

ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-shims.min.css?token=45b9078c9f
IP

172.64.202.28:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15

ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (27377)

Size

27592
Hash

5193a6de5225940ae4ef5f7c82126be9

fa2c2bdb52e9923ccf3387c5908459c9d11bff63

425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575

HTTP Headers

                                        GET /releases/v6.4.0/css/free-v4-shims.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://personas.hgdsa.com/
Origin: https://personas.hgdsa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:27:10 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
etag: W/"5193a6de5225940ae4ef5f7c82126be9"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 728b6476f3e2317ec8044d22806d4f94.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: XMj3rrTtsfEj3vAsFxojpS2eTSQnYMKg6-6BfuIMM235RJ_UGFpndg==
age: 84340
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4j8J4BPPHU6kvEt83iItyRuuPZPGftTI5giov5gLCIYKtu45Zc67a45Kk02r2cTzesj8dcRSAqH70qrGG4%2FQsqPDmfMsYc8sI20In1WB9xnjISEiwhoNsraZAbuN1mdbYbMG3kC%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0b91aebcc3d170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

personas.hgdsa.com/panel/mua/img/logo.png

104.21.44.151

200 OK

9489

URL GET HTTP/3

personas.hgdsa.com/panel/mua/img/logo.png
IP

104.21.44.151:443
ASN

#13335 CLOUDFLARENET

Requested by

https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Certificate

IssuerGoogle Trust Services LLC

Subjecthgdsa.com

FingerprintC7:9D:8E:16:F1:D1:3B:50:A8:D3:96:BF:4D:EB:1B:15:7C:4A:87:60

ValidityTue, 30 May 2023 02:18:13 GMT - Mon, 28 Aug 2023 02:18:12 GMT

Magic

PNG image data, 521 x 520, 8-bit/color RGBA, non-interlaced\012- data

Size

9489
Hash

2903c67701750d246b77ee1c1c9188f1

028e6e88d6563e81eb77807c38f401cf5e7f2be0

c2fd3f9e79070fdbcb7ed3270a428a6ecd22ae089ab6e573eb4dfe91079c41fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
quad9	Sinkholed

HTTP Headers

                                        GET /panel/mua/img/logo.png HTTP/1.1
Host: personas.hgdsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://personas.hgdsa.com/panel/mua/user/scis/j6unvhzsitlyrxstpnfun4tssjgejkn7dldp6fxsjfxo/3d/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:27:12 GMT
content-type: image/png
content-length: 9489
etag: "2511-5fce05bf2e7b2"
last-modified: Tue, 30 May 2023 02:57:09 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lj0RWz8Md5OmgFRlbC3FBB6IPmf2SXGDYWZ%2FcpOleu%2FfJ0FXdA6JU%2F1Dc5tTKkHfsg7fdHEF6FevCY%2FpPV2a688hay5Psd0s0wPoxg2DRLh1w6FlxhfswWIIsnqgnbdr46sTOB8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0b91b74daf067b-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

#1 JS:Script (size: 0)

#2 JS:Script (size: 11642)

#3 JS:Script (size: 89501)

#4 JS:Script (size: 3337)

#5 JS:Script (size: 73)

#6 JS:Script (size: 3662)

HTTP Transactions (24)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections