Report - davsasa.go.yj.fr/

Report Overview

Submitted URL
davsasa.go.yj.fr/
IP
185.221.182.254
ASN
#53589 PLANETHOSTER-8
Submitted
2023-04-20 18:37:58
Access
public
Website Title
Final URL
Tags
bancolombia financial phishing suspicious
urlquery detections
Phishing - Bancolombia
Suspicious - Suspicious JS code

Detections

urlquery
19
Network Intrusion Detection
1
Threat Detection Systems
76

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2019-11-29	2023-04-20	330 B	963 B	104.18.32.68
api.ipify.org	3267	2014-10-06	2023-04-20	466 B	213 B	104.237.62.211
davsasa.go.yj.fr	unknown	No data	No data	6.7 kB	2.0 MB	185.221.182.254
ocsp.pki.goog	175	2018-07-01	2023-04-20	666 B	1.4 kB	142.250.74.131
ajax.googleapis.com	12905	2013-08-16	2023-04-20	424 B	32 kB	216.58.207.202
ipinfo.io	8136	2013-12-16	2023-04-20	450 B	1.2 kB	34.117.59.81
sucursalpersonas.transaccionesbancolombia.com	190375	2015-07-24	2023-04-18	919 B	10 kB	162.159.254.116

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-20 18:40:30	medium	Client IP	34.117.59.81	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/
2023-04-20	medium	davsasa.go.yj.fr/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr
2023-04-20	medium	yj.fr

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	davsasa.go.yj.fr/js/FrontFunctions.min.js	28 kB	2023-03-07	2023-12-14
Pretty URL davsasa.go.yj.fr/js/FrontFunctions.min.js IP 185.221.182.254 ASN #53589 PLANETHOSTER-8 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:46 Last Seen2023-12-14 06:56:19 Times Seen27 Hash 5bc5d136b360c62c02758fe9d962c6d9 df943c76f1da2e164f98d6d538d32ef5b767d9a0 3f961962dc4471c881dd809308411177f1201cc7cb7691b24c9bd66bcfde5722 Loading...

	davsasa.go.yj.fr/js/sharedout	387 kB	2023-04-14	2024-03-26
Pretty URL davsasa.go.yj.fr/js/sharedout IP 185.221.182.254 ASN #53589 PLANETHOSTER-8 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 17:35:34 Last Seen2024-03-26 18:13:00 Times Seen40 Hash 70e6fec2872c1da04c85a43cc9172ab9 3322ccc494464725d713246959c1be5262283d7a 612750519a909746f03e92990ba7afd29d238bc22e1e30b11f0fc389f5c7e3a2 Loading...

	davsasa.go.yj.fr/	207 B	2023-04-08	2023-04-20
Pretty URL davsasa.go.yj.fr/ IP 185.221.182.254 ASN #53589 PLANETHOSTER-8 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-08 03:25:51 Last Seen2023-04-20 20:38:02 Times Seen3 Hash 36aaff53f3fedc39a82d995ca2456f6e 4b205244510ffd2d2959aa8fb81031219c4798e7 6e7842db52473bb863ee2d4296bfa302df814cc6a5b51bca763e635b623e8d5d Loading...

	davsasa.go.yj.fr/	200 B	2023-04-08	2023-04-20
Pretty URL davsasa.go.yj.fr/ IP 185.221.182.254 ASN #53589 PLANETHOSTER-8 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-08 03:25:51 Last Seen2023-04-20 20:38:02 Times Seen3 Hash 3718f8046d4c29fe0b912eb46cbef37b 7c16e7b2e0fa50df054ef5cd7bd7f9f850c338a2 830cec794c86d5e72eb7919f917f282788cf02e176e3abc78cad020d0d3502c5 Loading...

	davsasa.go.yj.fr/js/sax.js	1.0 kB	2023-04-20	2023-04-20
Pretty URL davsasa.go.yj.fr/js/sax.js IP 185.221.182.254 ASN #53589 PLANETHOSTER-8 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-20 20:38:02 Last Seen2023-04-20 20:38:02 Times Seen2 Hash 1a31786388c9d79e2cbfcdf9edd7dbf4 240120ef1e568b21339e3864fe41d823b75518a6 8c61dddd56d82adc85d1d310ba61f74f20074607ceb3b769954f88664d114d4e Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 216.58.207.202 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-19 09:19:45 Times Seen138263 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

HTTP Transactions (27)

URL IP Response Size

davsasa.go.yj.fr/

185.221.182.254

200 OK

2.4 kB

URL User Request GET HTTP/1.1
davsasa.go.yj.fr/
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (347)
Size
2.4 kB (2427 bytes)
Hash
03eecfa8f7eed10ba3e51e0da8e1b728
c21f71c825bafdb73635185a3adf91740c541699
0c253a481a6def41331cbd17e3fa7826e512a7048d16d6d81813d15dc7c9fae7

Detections

Analyzer	Verdict	Alert
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:43 GMT
Server: LiteSpeed
last-modified: Wed, 19 Apr 2023 18:04:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-encoding: gzip
x-turbo-charged-by: LiteSpeed
x-tuned-by: N0C
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b710a5ccf93d2cc968b500e1976abe93
0b1c840b92b073938e1d2f2009c6c1df46b86008
0448de4ae1a38bb1101d8d1f573d2be4fe5b7dbb15d231c68fa8d9ae679ecbb7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Apr 2023 18:37:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

216.58.207.202

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
216.58.207.202:443
ASN
#15169 GOOGLE

Requested by
http://davsasa.go.yj.fr/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:74:DC:A1:79:64:AB:97:A4:EA:AB:80:90:A6:E2:B9:D4:16:79:64
ValidityTue, 28 Mar 2023 16:54:33 GMT - Tue, 20 Jun 2023 16:54:32 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Apr 2023 22:48:20 GMT
expires: Thu, 18 Apr 2024 22:48:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 71364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

davsasa.go.yj.fr/index_files/ui.css

185.221.182.254

200 OK

14 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/index_files/ui.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text
Size
14 kB (13471 bytes)
Hash
fdfd9fb641909e3ddc1b7201ce28bddc
6f0de83fd5d2fa726f7d0d4ee323fc3672f3e89f
cbd252e0156b81eb0bb1e0e15c1ae0d28e2b0beb77a35439f9fcd5d7421cb149

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /index_files/ui.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 19 Apr 2023 18:04:46 GMT
Accept-Ranges: bytes
Content-Length: 13471
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=100
Content-Type: text/css

davsasa.go.yj.fr/index_files/jquery-ui.css

185.221.182.254

200 OK

32 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/index_files/jquery-ui.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text, with very long lines (1363)
Size
32 kB (31880 bytes)
Hash
2b936d08a6d742e862a089716f02d90d
6afd4058ec593fbca3c56a423c24a3c47eb87171
c9eeb55f7cf16683b871600ce998b61b1031629097be96069d5741f33adaf6d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /index_files/jquery-ui.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 19 Apr 2023 18:04:45 GMT
Accept-Ranges: bytes
Content-Length: 31880
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=100
Content-Type: text/css

davsasa.go.yj.fr/css/keyboard.css

185.221.182.254

200 OK

492 B

URL GET HTTP/1.1
davsasa.go.yj.fr/css/keyboard.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text
Size
492 B (492 bytes)
Hash
cde47bbdcc48b7a1883bfa6ff9461e1b
df0ffcc2e83ba3da25ffdb9e4dfe70165e1f34a8
612a237e8ee113c28afb5b58bce39eed244dc31b6d2127b45da334edca204b85

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /css/keyboard.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:52 GMT
Accept-Ranges: bytes
Content-Length: 492
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=99
Connection: Keep-Alive
Content-Type: text/css

davsasa.go.yj.fr/index_files/styles.css

185.221.182.254

200 OK

108 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/index_files/styles.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text, with very long lines (360)
Size
108 kB (107884 bytes)
Hash
c494c6c3d19e8742c1938205a3ba5c74
b5324a04a5078674c1acaf22cd204888506b3af7
99863f90b943f88e314cf12dc84b8ed8fd43ee98eb794b7ed0103fde30f3db2f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /index_files/styles.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:46 GMT
Accept-Ranges: bytes
Content-Length: 107884
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=99
Connection: Keep-Alive
Content-Type: text/css

davsasa.go.yj.fr/css/simple-keyboard.css

185.221.182.254

200 OK

2.8 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/css/simple-keyboard.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text
Size
2.8 kB (2790 bytes)
Hash
7ac8b1ce1d4560506b4ddaace5546637
ec9cf772f643b3583aa07012f94715a4c55c22ed
c46e9d5b86e7a9c0405f4edb56d1f7f8a4a463dca80ff9b99b916da39064a233

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /css/simple-keyboard.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:52 GMT
Accept-Ranges: bytes
Content-Length: 2790
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=99
Connection: Keep-Alive
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b710a5ccf93d2cc968b500e1976abe93
0b1c840b92b073938e1d2f2009c6c1df46b86008
0448de4ae1a38bb1101d8d1f573d2be4fe5b7dbb15d231c68fa8d9ae679ecbb7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Apr 2023 18:37:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

davsasa.go.yj.fr/index_files/bootstrap.css

185.221.182.254

200 OK

121 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/index_files/bootstrap.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
assembler source, ASCII text, with very long lines (540)
Size
121 kB (121285 bytes)
Hash
c6f9ca1ff3ae667b37678c65107821c7
12c6ee9d41e6a85ea14766786608f25ddf8e34bb
7d9f6a9826f640a47336522bf22a8f2a745691b0f7b9e28e1c3881ca89cd56f2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /index_files/bootstrap.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 19 Apr 2023 18:04:44 GMT
Accept-Ranges: bytes
Content-Length: 121285
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=100
Content-Type: text/css

davsasa.go.yj.fr/js/FrontFunctions.min.js

185.221.182.254

200 OK

28 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/js/FrontFunctions.min.js
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
Unicode text, UTF-8 text, with very long lines (28360), with no line terminators
Size
28 kB (28367 bytes)
Hash
5bc5d136b360c62c02758fe9d962c6d9
df943c76f1da2e164f98d6d538d32ef5b767d9a0
3f961962dc4471c881dd809308411177f1201cc7cb7691b24c9bd66bcfde5722

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /js/FrontFunctions.min.js HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:47 GMT
Accept-Ranges: bytes
Content-Length: 28367
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Content-Type: application/javascript

davsasa.go.yj.fr/css/bootstrap.min.css

185.221.182.254

200 OK

124 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/css/bootstrap.min.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text, with very long lines (65371)
Size
124 kB (123758 bytes)
Hash
65d518a9dc19eee2880f149ad8696734
473bab8d212a1f5f374dd5fcf66c9882ea0625d2
38c2ceafd2e0319b0249ad97ab59932dd54971afd9422bb5bbff40ab7069d763

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 19 Apr 2023 18:04:47 GMT
Accept-Ranges: bytes
Content-Length: 123758
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=100
Content-Type: text/css

davsasa.go.yj.fr/css/customcarousel.min.css

185.221.182.254

200 OK

1.9 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/css/customcarousel.min.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text, with very long lines (1920)
Size
1.9 kB (1949 bytes)
Hash
507cddc424365cfc443858856b1747fa
74f55054e13021d5b5c6331778e42dc42c80d6d4
f397778bb003ff2d647f5d7d90050f9b50f43622fb02637c8537f159f460bbad

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /css/customcarousel.min.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:47 GMT
Accept-Ranges: bytes
Content-Length: 1949
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Content-Type: text/css

davsasa.go.yj.fr/js/sax.js

185.221.182.254

200 OK

1.0 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/js/sax.js
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text, with CRLF line terminators
Size
1.0 kB (1048 bytes)
Hash
1a31786388c9d79e2cbfcdf9edd7dbf4
240120ef1e568b21339e3864fe41d823b75518a6
8c61dddd56d82adc85d1d310ba61f74f20074607ceb3b769954f88664d114d4e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious JS code
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /js/sax.js HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:47 GMT
Accept-Ranges: bytes
Content-Length: 1048
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=99
Connection: Keep-Alive
Content-Type: application/javascript

davsasa.go.yj.fr/js/sharedout

185.221.182.254

200 OK

122 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/js/sharedout
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
Unicode text, UTF-8 text, with very long lines (65435), with no line terminators
Size
122 kB (122505 bytes)
Hash
f9913c2682c5ccce0b99bc9f02ef20fa
3a3fc45641c9f9a1e30c571746224c53ac1974bf
ba165c25ac95de822b947024c9f5897355a45473dc11a8890592a2fb4aefa101

Detections

Analyzer	Verdict	Alert
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /js/sharedout HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: LiteSpeed
last-modified: Wed, 19 Apr 2023 18:04:48 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-turbo-charged-by: LiteSpeed
x-tuned-by: N0C
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked

davsasa.go.yj.fr/css/default.min.css

185.221.182.254

200 OK

1.3 MB

URL GET HTTP/1.1
davsasa.go.yj.fr/css/default.min.css
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
ASCII text, with very long lines (414)
Size
1.3 MB (1324123 bytes)
Hash
d251cd3c1b1baeb9a5d7a0cd949df9ff
8670da7dc3d5009ac1b16ca49522e870e52128f2
bfa2075724060ece177bc4da6fd5bfa10f0b05eb10fc6d3158ad560e1bbae838

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /css/default.min.css HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 19 Apr 2023 18:04:50 GMT
Accept-Ranges: bytes
Content-Length: 1324123
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=100
Content-Type: text/css

davsasa.go.yj.fr/index_files/imgPublicidad.jpg

185.221.182.254

200 OK

44 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/index_files/imgPublicidad.jpg
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 627x327, components 3\012- data
Size
44 kB (44169 bytes)
Hash
cdf93f00906db92325ebcd535036f8c3
fb0d05b9dd1938a0c1e21e7006a0eef7f66a9176
e1a1946613ce2e000dbc69b8459c9f3afa40b3f190f0f8088f76e8ef8ae6619c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /index_files/imgPublicidad.jpg HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:45 GMT
Accept-Ranges: bytes
Content-Length: 44169
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

davsasa.go.yj.fr/index_files/info.png

185.221.182.254

200 OK

387 B

URL GET HTTP/1.1
davsasa.go.yj.fr/index_files/info.png
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
387 B (387 bytes)
Hash
09c2e3eaa191ec7ac63e73590b472448
ba1a060db2020c45c27b78a979a16976513fbaf2
05f4f47fa82feaff2708307e1ec579ba3027a6409bd2e4b66700faad0fabf657

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /index_files/info.png HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:45 GMT
Accept-Ranges: bytes
Content-Length: 387
Keep-Alive: timeout=10, max=99
Connection: Keep-Alive
Content-Type: image/png

davsasa.go.yj.fr/css/Inter-Regular.woff2

185.221.182.254

200 OK

89 kB

URL GET HTTP/1.1
davsasa.go.yj.fr/css/Inter-Regular.woff2
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
Web Open Font Format (Version 2), TrueType, length 89212, version 1.0\012- data
Size
89 kB (89212 bytes)
Hash
bffaed793493dc46bf0789e2275909ac
21178040c070176c06653b76d42b1e19810c2df0
77ca56870309a85759fb7116aef2119a26e358145e808868543ca1fe16c27720

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /css/Inter-Regular.woff2 HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/css/default.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Last-Modified: Wed, 19 Apr 2023 18:04:51 GMT
Accept-Ranges: bytes
Content-Length: 89212
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=99
Connection: Keep-Alive

davsasa.go.yj.fr/fonts/opensans/OpenSans-Regular.ttf

185.221.182.254

404 Not Found

196 B

URL GET HTTP/1.1
davsasa.go.yj.fr/fonts/opensans/OpenSans-Regular.ttf
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /fonts/opensans/OpenSans-Regular.ttf HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/index_files/styles.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

davsasa.go.yj.fr/fonts/opensans/CIBFontSans-Light.ttf

185.221.182.254

404 Not Found

196 B

URL GET HTTP/1.1
davsasa.go.yj.fr/fonts/opensans/CIBFontSans-Light.ttf
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /fonts/opensans/CIBFontSans-Light.ttf HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/index_files/styles.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 20 Apr 2023 18:37:44 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ipinfo.io/

34.117.59.81

200 OK

716 B

URL GET HTTP/2
ipinfo.io/
IP
34.117.59.81:443
ASN
#15169 GOOGLE

Requested by
http://davsasa.go.yj.fr/
Certificate
IssuerLet's Encrypt
Subject*.host.io
FingerprintEB:33:98:3B:B5:43:E8:22:00:EE:17:5A:81:09:9C:7A:A9:1A:4F:3F
ValidityMon, 27 Mar 2023 11:03:46 GMT - Sun, 25 Jun 2023 11:03:45 GMT

File type
data
Size
716 B (716 bytes)
Hash
8a4668ee74c159951e9105926d55d4c6
e33c812b8892baba08852f063a084cf91ecb8aa9
c305a2d27a407a7ccfea32ffa623015f6cc8433ce5938362f654535e23685680

HTTP Headers

GET / HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://davsasa.go.yj.fr
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: application/json; charset=utf-8
date: Thu, 20 Apr 2023 18:37:44 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/icon-user.png

162.159.254.116

200 OK

447 B

URL GET HTTP/2
sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/icon-user.png
IP
162.159.254.116:443
ASN
#13335 CLOUDFLARENET

Requested by
http://davsasa.go.yj.fr/
Certificate
IssuerDigiCert Inc
Subjectsucursalpersonas.transaccionesbancolombia.com
Fingerprint6B:D6:57:D6:96:B4:28:4E:8A:8E:81:95:35:12:91:2C:79:B6:6B:F5
ValidityFri, 17 Jun 2022 00:00:00 GMT - Thu, 06 Jul 2023 23:59:59 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
447 B (447 bytes)
Hash
0e3457ed5ea858d1e9287ef66dcbbfe4
006c99b62e141ebbc69f6e06cab757995d3f7417
75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83

HTTP Headers

GET /mua/images/icons/icon-user.png HTTP/1.1
Host: sucursalpersonas.transaccionesbancolombia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 20 Apr 2023 18:37:44 GMT
content-type: image/png
content-length: 447
x-frame-options: sameorigin, sameorigin, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 27 Apr 2021 13:04:03 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-content-security-policy: default-src 'self';
content-security-policy: default-src 'self'; script-src 'self' https://cdn.siftscience.com *.medallia.com *.kampyle.com https://checkout.wompi.co https://www.google.com *.googleapis.com api.segment.io *.segment.com *.todo1.com *.cloudbancolombia.com *.newrelic.com bam.nr-data.net *.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com *.medallia.com *.kampyle.com api.segment.io *.segment.com *.todo1.com *.newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com *.hotjar.com *.hotjar.io *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com *.medallia.com *.kampyle.com images-cdn.info https://www.google-analytics.com www.google-analytics.com  https://www.google.com *.gstatic.com *.cloudbancolombia.com *.bancolombia.com *.todo1.com  https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com  *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' *.medallia.com *.kampyle.com 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com  https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com; frame-src 'self' https://checkout.wompi.co *.medallia.com *.kampyle.com https://www.google.com/ https://*.googleapis.com https://*.gstatic.com *.salesforce.com *.force.com *.visualforce.com *.cloudbancolombia.com *.bancolombia.corp *.bancolombia.com *.transaccionesbancolombia.com *.hotjar.com  https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://*.gstatic.com 'self' data:
access-control-allow-origin: https://c.na7.visual.fo.todo1.com
cf-cache-status: HIT
age: 4940
expires: Thu, 20 Apr 2023 22:37:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=A_A__3.uTWBaqedb7XRF5I4jrzPpvmRCycJCaIbUDo8-1682015864-0-AbGmCA7uTD2wVUTfqD4/U1l5imSe7Ny+wHxIVRTt3MujYJEAG4n8JdDy1UWjz7vDTkOuXBg/0eJ/0XFHJuOcaIE=; path=/; expires=Thu, 20-Apr-23 19:07:44 GMT; domain=.transaccionesbancolombia.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7baf8013bb507308-LHR
X-Firefox-Spdy: h2

sucursalpersonas.transaccionesbancolombia.com/mua/images/logo.svg

162.159.254.116

200 OK

2.7 kB

URL GET HTTP/2
sucursalpersonas.transaccionesbancolombia.com/mua/images/logo.svg
IP
162.159.254.116:443
ASN
#13335 CLOUDFLARENET

Requested by
http://davsasa.go.yj.fr/
Certificate
IssuerDigiCert Inc
Subjectsucursalpersonas.transaccionesbancolombia.com
Fingerprint6B:D6:57:D6:96:B4:28:4E:8A:8E:81:95:35:12:91:2C:79:B6:6B:F5
ValidityFri, 17 Jun 2022 00:00:00 GMT - Thu, 06 Jul 2023 23:59:59 GMT

File type
data
Size
2.7 kB (2741 bytes)
Hash
b8775567432b6ea9f362db489ba2ed81
7f00dd0b9cffbb3164e11a566da2eea19b83495e
8bb318254d2d3b4fc8f7bdb0b42303523692027a4dc3b33ec57f8672cd3a420e

HTTP Headers

GET /mua/images/logo.svg HTTP/1.1
Host: sucursalpersonas.transaccionesbancolombia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 20 Apr 2023 18:37:44 GMT
content-type: image/svg+xml
x-frame-options: sameorigin, sameorigin, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 27 Apr 2021 13:04:03 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-content-security-policy: default-src 'self';
content-security-policy: default-src 'self'; script-src 'self' https://cdn.siftscience.com *.medallia.com *.kampyle.com https://checkout.wompi.co https://www.google.com *.googleapis.com api.segment.io *.segment.com *.todo1.com *.cloudbancolombia.com *.newrelic.com bam.nr-data.net *.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com *.medallia.com *.kampyle.com api.segment.io *.segment.com *.todo1.com *.newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com *.hotjar.com *.hotjar.io *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com *.medallia.com *.kampyle.com images-cdn.info https://www.google-analytics.com www.google-analytics.com  https://www.google.com *.gstatic.com *.cloudbancolombia.com *.bancolombia.com *.todo1.com  https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com  *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' *.medallia.com *.kampyle.com 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com  https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com; frame-src 'self' https://checkout.wompi.co *.medallia.com *.kampyle.com https://www.google.com/ https://*.googleapis.com https://*.gstatic.com *.salesforce.com *.force.com *.visualforce.com *.cloudbancolombia.com *.bancolombia.corp *.bancolombia.com *.transaccionesbancolombia.com *.hotjar.com  https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://*.gstatic.com 'self' data:
access-control-allow-origin: https://c.na7.visual.fo.todo1.com
cf-cache-status: HIT
age: 4940
expires: Thu, 20 Apr 2023 22:37:44 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=4R1fkPbUHlxRFhcnkXxkezXyHMFo1Y5JQOwCAyCpMkw-1682015864-0-AdEUNCjxFxL8RwI6bsn9QUPJYodlnaajX+Ey5GmZWU+M1hPDqP1uYSnaP56dtrumKn42GivjfaEuhXKciTZ9LEQ=; path=/; expires=Thu, 20-Apr-23 19:07:44 GMT; domain=.transaccionesbancolombia.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7baf8013bb547308-LHR
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

471 B

URL
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
a838b2ff20092fc7145b6c34b0bf306b
a843efb10786ea6da1ecd0a719a9765b32e23d72
6a67760f5878d7493ddc2873106c78d477e884c6f400ed92e4db5882f531429b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 18:37:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 19 Apr 2023 11:45:34 GMT
Expires: Wed, 26 Apr 2023 11:45:33 GMT
Etag: "a843efb10786ea6da1ecd0a719a9765b32e23d72"
Cache-Control: max-age=493067,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7baf80167ef30b06-OSL

api.ipify.org/?format=json

104.237.62.211

200 OK

21 B

URL GET HTTP/2
api.ipify.org/?format=json
IP
104.237.62.211:443
ASN
#18450 WEBNX

Requested by
http://davsasa.go.yj.fr/
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://davsasa.go.yj.fr
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: http://davsasa.go.yj.fr
content-type: application/json
date: Thu, 20 Apr 2023 18:37:45 GMT
vary: Origin
content-length: 21
X-Firefox-Spdy: h2

davsasa.go.yj.fr/favicon.ico

185.221.182.254

404 Not Found

196 B

URL GET HTTP/1.1
davsasa.go.yj.fr/favicon.ico
IP
185.221.182.254:80
ASN
#53589 PLANETHOSTER-8

Requested by
http://davsasa.go.yj.fr/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
196 B (196 bytes)
Hash
4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b

Detections

Analyzer	Verdict	Alert
openphish	Bancolombia
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: davsasa.go.yj.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://davsasa.go.yj.fr/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 20 Apr 2023 18:37:45 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN