Report - www.credfacilsalvador.com.br/online-banking/login.php

Report Overview

Submitted URL
www.credfacilsalvador.com.br/online-banking/login.php
IP
108.167.188.133
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-01-31 03:36:10
Access
Website Title
Final URL
Tags
union_bank financial phishing
urlquery detections
Phishing - Union Bank

Detections

urlquery
41
Network Intrusion Detection
1
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	431 B	6.9 kB	104.17.25.14
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	384 B	21 kB	142.250.74.110
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-13T07:25:00Z	428 B	947 B	104.18.10.207
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.4 kB	2.7 kB	93.184.220.29
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	1.8 kB	66 kB	216.58.207.227
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.88.101.41
www.credfacilsalvador.com.br	unknown	2019-05-31T10:05:44Z	2023-02-03T23:42:43Z	12 kB	5.7 MB	108.167.188.133
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.4 kB	4.9 kB	142.250.74.131
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	403 B	34 kB	142.250.74.42
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	847 B	5.0 kB	142.250.74.35
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	70 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	421 B	90 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-31 03:36:14	high	108.167.188.133	Client IP	ETPRO PHISHING Union Bank of the Philippines Phish Landing Page 2022-02-15

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	www.credfacilsalvador.com.br/online-banking/login.php	The Union Bank of the Philippines

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/login.php	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/script.js	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/api.js	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/sdk.js(1)	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/bundle.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/base.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/14.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/7.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/saved_resource(1).html	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/recaptcha__en.js.download	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/saved_resource.html	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/components.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	www.credfacilsalvador.com.br/online-banking/unionbank_files/12.1bf376f9696bfb8874af.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	www.credfacilsalvador.com.br/online-banking/script.js	393 B	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/script.js IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:23 Last Seen2023-08-17 17:35:39 Times Seen26 Hash 6a2e6dbb7e1b3f957d2cb45fb492668e f2680b4bf9b43296032575e74c6f522073c088b2 953ff524a462191b00e7966089eb722ce2f7d32334c603ebe06298b2ae5ba958 Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/12.1bf376f9696bfb8874af.js	398 kB	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/12.1bf376f9696bfb8874af.js IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen32 Hash b3ff7069fb30087eb69bf18b3cfc5b35 4cf232bd57407c61bb5138d17da5aded1d96219b bc4c57fdfb845c45382334a2ea04b63a21fea8f4a42ec56ce4e05bb948160cb1 Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/api.js	708 B	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/api.js IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen40 Hash a14455948d94f9a9ed0255ddffdc1eef cd95e227eb30c684473c1e26101bfbe1ce8f3137 e88fe96181aaff74f1fae525dab9641052853f643711f87e2307ed1cca4266b1 Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 05:46:19 Times Seen37111737 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/7.1bf376f9696bfb8874af.js	1.3 MB	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/7.1bf376f9696bfb8874af.js IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen32 Hash 507063643ab7d92bb142e5d95e8569c6 bf12da9b7e9cd816cfe4c31e28500e10a783e55b f716f9ec048441e37bfaed734ca9fbbd3ac496b736f684dbcb1b736978ed38e8 Loading...

	www.credfacilsalvador.com.br/online-banking/login.php	603 B	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/login.php IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen23 Hash 125f1d997065c052e3cca3c96f62370f 2f05e9985574278754d59addf2e5b10d90e316a2 d2e58df91b33affa22f9ddbd3c244d177b9ca5f1a69d25a39b0ed34d41d0b3fe Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html	10 kB	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen21 Hash c4a6c9740d64f6b1635d72e9ebf66125 653722c36a050c05acd3fa29cbd3e04c437a2e53 c44bd95de33218ef62725bebe71e05235ce9574749dcf8c7c1dc6cc0e03fb72c Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js	93 kB	2023-03-07	2024-04-27
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-27 03:11:02 Times Seen23406 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/sdk.js(1)	3.2 kB	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/sdk.js(1) IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen38 Hash bed46e0f7a43ef971658bde3da164aea d4a3512ba6112886f55def602aad237dc2709501 3f6cfb2a107314566e4293ba29234e305a8d9e35dd8670fb41cbacc78f3bf22f Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/components.1bf376f9696bfb8874af.js	1.3 MB	2023-03-07	2023-08-17
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/components.1bf376f9696bfb8874af.js IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen27 Hash 490e2962a5e8dcb1ffa51d2ea4dab1c2 b3ae0abe5c59da07be938923e05e2da53ee2685a 24573626435ac4aef93f207169afee030de75f86bad78d86a48962ac3e988e25 Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html	68 B	2023-03-07	2024-04-06
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2024-04-06 19:22:00 Times Seen41 Hash e9b901c2efdf825332443f6125ac235a 50b0a91ce79f263c8a802096158cdbacd2660474 be65c20e36b71b50d335c36ef1cddb3c181f666c3e8daf543d0bddf27b207519 Loading...

	www.credfacilsalvador.com.br/online-banking/unionbank_files/recaptcha__en.js.download	1 B	2023-03-07	2024-04-27
Pretty URL www.credfacilsalvador.com.br/online-banking/unionbank_files/recaptcha__en.js.download IP 108.167.188.133 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-27 01:54:12 Times Seen68923 Hash 68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b Loading...

HTTP Transactions (69)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4755
Expires: Tue, 31 Jan 2023 04:55:13 GMT
Date: Tue, 31 Jan 2023 03:35:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2629
Expires: Tue, 31 Jan 2023 04:19:47 GMT
Date: Tue, 31 Jan 2023 03:35:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 02:43:15 GMT
content-type: application/json
age: 3163
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19396
Expires: Tue, 31 Jan 2023 08:59:14 GMT
Date: Tue, 31 Jan 2023 03:35:58 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: aYEAgTvirVGF/puutn62QmifdHGS7diAIqVEK+KUCCAuiAcGbJbPqIM5XAQkwyVKKw30lQKD3C0=
x-amz-request-id: SYBJ4S5MHGSDGJVT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 02:51:00 GMT
age: 2698
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 03:35:58 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 02:49:04 GMT
age: 2814
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3361
Expires: Tue, 31 Jan 2023 04:31:59 GMT
Date: Tue, 31 Jan 2023 03:35:58 GMT
Connection: keep-alive

push.services.mozilla.com/

52.88.101.41

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.88.101.41:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fOupsl93OJqgyxhPjdBMFg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +RoPns9ppc7LBWEt8sHWCioBNlU=

www.credfacilsalvador.com.br/online-banking/login.php

108.167.188.133

200 OK

8.5 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/login.php
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1470), with CRLF line terminators
Size
8.5 kB (8511 bytes)
Hash
07bb4c32b5d1dcfd2f0bbc19b65e2324
23eaa7a47b3f9e2587e1c7da0dd5461eac6a95f8
fb47e8af31664535ce6a5bf2232cea271fce793e088b093227f5c43e4fa3369a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
openphish	The Union Bank of the Philippines
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ETPRO PHISHING Union Bank of the Philippines Phish Landing Page 2022-02-15

HTTP Headers

GET /online-banking/login.php HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Content-Length: 8511
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

104.17.25.14

200 OK

5.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
troff or preprocessor input, ASCII text, with very long lines (372)
Size
5.9 kB (5884 bytes)
Hash
aa712f2a9ab349290ddbc871138b13ba
2be3765114dbce70c84786dd7d2838c7edce486c
84dce905b67560d91a9993771337d6e5946c7f1e502b5bf06fb0ef6d34b97b57

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 03:35:59 GMT
content-type: text/css; charset=utf-8
content-length: 5884
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-9226"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 982555
expires: Sun, 21 Jan 2024 03:35:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yCP4MdFA7JoQTNJtqQMxSNveoM8dnnQoCWP%2FdTSMdzEfkvolBC3bcotSfTIMxdahcc9hMoKDkLQUIqi4x2QvV5dcRxqZo8AuFCDkThVvIY5NLH9Hg1dQ5Yime2ax6Eq1mlCM6YjH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 791f66838d73b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.credfacilsalvador.com.br/online-banking/script.js

108.167.188.133

200 OK

210 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/script.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
210 B (210 bytes)
Hash
7fc44b302d965a8942e3995ab61398f7
29ff2ae99f7cbaa592d66a08770b479ca323ea0f
101f8e0b59294b76959c7ccd61922d7d0ce1dee999368a7c5ece5265fe1e9504

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/script.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 210
Keep-Alive: timeout=5, max=75
Content-Type: application/javascript

www.credfacilsalvador.com.br/online-banking/style.css

108.167.188.133

200 OK

21 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/style.css
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
1a60c330fb42841e8dcf3cd507a70bfc
9ba9c8d18f6be7851b4d88e3b608a9979f56a083
7fa5a93246b84491c51c9c8b4493d30518932a2bb45d67df757bc8a332b1f2d1

HTTP Headers

GET /online-banking/style.css HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Content-Length: 21
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:35:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

142.250.74.42

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32089)
Size
33 kB (33018 bytes)
Hash
bf899cc5ba60c522341e4d712a5246bf
2c92c54c9919c8b81b4e77a97bfd4d8f202e1a6a
4f8b9bf1630c24cf17444ec093052451c370c9371212db74b4bf8b4fd71a2817

HTTP Headers

GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33018
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 00:39:30 GMT
expires: Thu, 25 Jan 2024 00:39:30 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 528989
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:35:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.credfacilsalvador.com.br/online-banking/unionbank_files/api.js

108.167.188.133

200 OK

477 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/api.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (708), with no line terminators
Size
477 B (477 bytes)
Hash
46dd665b0ba594a9516d197417ae615c
ee09935166c1cbc3193004c8d1c554d537db3e8d
948c88110e9c152ca42ac39a9c727f1e23b011856566aaddb5fa0f706daeca76

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/api.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 477
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: application/javascript

www.credfacilsalvador.com.br/online-banking/unionbank_files/1.1bf376f9696bfb8874af.css

108.167.188.133

200 OK

507 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/1.1bf376f9696bfb8874af.css
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (741)
Size
507 B (507 bytes)
Hash
8355c2815071703949f6f77c0a163552
693c79916cf643fde93d71196f0a1543d722e7d7
43f7c0815454e21b47984b4fc23736b5b739c88931649d5f8be83fa3a2f9c3c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/1.1bf376f9696bfb8874af.css HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 507
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css

www.credfacilsalvador.com.br/online-banking/unionbank_files/sdk.js(1)

108.167.188.133

200 OK

3.2 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/sdk.js(1)
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (2088)
Size
3.2 kB (3224 bytes)
Hash
bed46e0f7a43ef971658bde3da164aea
d4a3512ba6112886f55def602aad237dc2709501
3f6cfb2a107314566e4293ba29234e305a8d9e35dd8670fb41cbacc78f3bf22f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/sdk.js(1) HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: bytes
Content-Length: 3224
Keep-Alive: timeout=5, max=75

www.credfacilsalvador.com.br/online-banking/unionbank_files/12.1bf376f9696bfb8874af.css

108.167.188.133

200 OK

200 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/12.1bf376f9696bfb8874af.css
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
200 B (200 bytes)
Hash
c4f781837ac655ab868f76ebd0aa001c
1d792cae3ea99a6ccfc76761672ecac9f6ce47c3
2982815644bab9c7ebbec9a3e5adb18288054b91ca05e85c189f5e592778ea5a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/12.1bf376f9696bfb8874af.css HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 200
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/css

www.credfacilsalvador.com.br/online-banking/unionbank_files/7.1bf376f9696bfb8874af.css

108.167.188.133

200 OK

715 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/7.1bf376f9696bfb8874af.css
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (3822)
Size
715 B (715 bytes)
Hash
5241ea8c1293687fb9c9a2a24ac7e260
96d0d1f0f86c70336a41a4df5efc168252ccb386
ff522cd6f32d7ae5ca664d4a556698f246c53402ebbbb90b24267b80b7837ce2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/7.1bf376f9696bfb8874af.css HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 715
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/css

www.credfacilsalvador.com.br/online-banking/unionbank_files/bundle.1bf376f9696bfb8874af.js

108.167.188.133

200 OK

315 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/bundle.1bf376f9696bfb8874af.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (32811), with LF, NEL line terminators
Size
315 kB (314950 bytes)
Hash
cc9cd77af9d22ab02b21e0e353cee305
a3816dc16b71e2ee0ae04e8ce5183e6a8ac8d75b
6c44945b68392252b124c1aa27d58f3dffb3a9be1dffa30f9f02929eeb6120b8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/bundle.1bf376f9696bfb8874af.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript

www.credfacilsalvador.com.br/online-banking/unionbank_files/base.1bf376f9696bfb8874af.js

108.167.188.133

200 OK

376 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/base.1bf376f9696bfb8874af.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (57168)
Size
376 kB (376154 bytes)
Hash
999e24eb80bbe390ce4ee1d2a44e3f77
12911ffde30bbc0a0dd12b9dbd0c605a75052b5f
bbf313489078afe76b46fd1a4bc6f32efb6d8451b8a792d3f72c5149c5c7d8fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/base.1bf376f9696bfb8874af.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript

www.credfacilsalvador.com.br/online-banking/unionbank_files/bundle.1bf376f9696bfb8874af.css

108.167.188.133

200 OK

172 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/bundle.1bf376f9696bfb8874af.css
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (750)
Size
172 kB (172050 bytes)
Hash
85f8f614f549f5e5696f6a250ac8d3fb
947626215e726e8627d6141de904603b2fa77ec7
6153ae938d47148fcf4816df0e41d7a5e3e1f691bbb258096a8d7b7d9dea9c87

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/bundle.1bf376f9696bfb8874af.css HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

www.credfacilsalvador.com.br/online-banking/unionbank_files/14.1bf376f9696bfb8874af.js

108.167.188.133

200 OK

175 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/14.1bf376f9696bfb8874af.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (38258)
Size
175 kB (174763 bytes)
Hash
747880c10aa43e31c33f7df9a635a34d
2232702948834a28d8d01a9f330acef7570dea32
812d41daef42907e02640d777030c0e114033d92f210cac154a03ada43751ecd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/14.1bf376f9696bfb8874af.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:00 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
2648db12984a09f2dec69b7d2047f187
b52d9496452542d8f1127d4b77c27e22107c34a1
1439e26d15f854c1f1ddd1b37e37846107a83eafd38945da4d48709052f638b0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5385
Cache-Control: max-age=88971
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:00 GMT
Etag: "63d73022-118"
Expires: Wed, 01 Feb 2023 04:18:51 GMT
Last-Modified: Mon, 30 Jan 2023 02:49:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9307
Expires: Tue, 31 Jan 2023 06:11:07 GMT
Date: Tue, 31 Jan 2023 03:36:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9307
Expires: Tue, 31 Jan 2023 06:11:07 GMT
Date: Tue, 31 Jan 2023 03:36:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9307
Expires: Tue, 31 Jan 2023 06:11:07 GMT
Date: Tue, 31 Jan 2023 03:36:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9307
Expires: Tue, 31 Jan 2023 06:11:07 GMT
Date: Tue, 31 Jan 2023 03:36:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9307
Expires: Tue, 31 Jan 2023 06:11:07 GMT
Date: Tue, 31 Jan 2023 03:36:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11129 bytes)
Hash
2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lJril-pCQ3MCMoVEFu3kmDuv4T1ABYMFJTuC5dbwxGe1_ydrbUkt8Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 03:40:12 GMT
age: 86148
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: v9Wphg34UGE5kkZ9RKBcphcpPuCn54oVyepzTW5rZ3J9nkL9J501PA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 22:03:23 GMT
age: 19957
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6844 bytes)
Hash
976dda397f9292a498ca9db5599c0378
dad9e9c3462907a2475046aee36d57f8309cd44e
7ed9ccf2ff75ca53f5ba56a1d2127e0f09b0ae941cad8b042e8df01ad01e614b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6844
x-amzn-requestid: 0542cf46-5045-459f-a35f-f6c0d3f5f7b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flZsxH0YIAMF9ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86feb-692d50f710a131df2ee49aa8;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6bbFjAsd03GN8zzBnAFBm7xA8igZ_xHJsOHzw7nwNgRxiWUDLPGjpQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:53:29 GMT
age: 6151
etag: "dad9e9c3462907a2475046aee36d57f8309cd44e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5903 bytes)
Hash
42a648f9d34d8fb703f0b80a52e0deec
7ccefd66211d249ae5266c3b6ae3375a19e5cb6d
a57f8792e8caa2a31045a141d019f53f51b633d5d04baebdae97387740c6639d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5903
x-amzn-requestid: f6fca787-17c1-4edd-9ab0-a00e2fccc7a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboufGeSoAMF-1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d487f6-58be6bdc5e3e767e1ea47b86;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZKuBcZgC6yolu1QcaXZKAIIDynG3Zywq1d7sWI8Jlq3ULwlr6XlhWQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 13:04:11 GMT
age: 52309
etag: "7ccefd66211d249ae5266c3b6ae3375a19e5cb6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9987 bytes)
Hash
2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hDjKAMYoVwHdCqS8t08PrWyfQQLiWaosXbi3FOJY8BeV0yAFCGziGw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:58:16 GMT
age: 5864
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
2648db12984a09f2dec69b7d2047f187
b52d9496452542d8f1127d4b77c27e22107c34a1
1439e26d15f854c1f1ddd1b37e37846107a83eafd38945da4d48709052f638b0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5385
Cache-Control: max-age=88971
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:00 GMT
Etag: "63d73022-118"
Expires: Wed, 01 Feb 2023 04:18:51 GMT
Last-Modified: Mon, 30 Jan 2023 02:49:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc569de21-1642-45cb-a849-06e0eb6ce398.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6660 bytes)
Hash
932f9938c0cf6a0073ade7aa5fbe63ee
10b2c53728e16614bc96fbce22e98a135e8fdc16
25c6402614ad4f04d35ea2512b613a5c239609ce03886a22b1a89d62ddf344f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc569de21-1642-45cb-a849-06e0eb6ce398.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6660
x-amzn-requestid: d1b88b8f-d5c5-4da3-b93a-ade94338e746
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRa8DFMaIAMF2Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d071e6-1fa8a996195c9b3406399769;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:03:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Fv1ghBaLh1tZCjCKJYBmZmWVBAsxZCQ5XPZK6KEUXc-iH0Y5dSFVw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:05 GMT
age: 20875
etag: "10b2c53728e16614bc96fbce22e98a135e8fdc16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.credfacilsalvador.com.br/online-banking/unionbank_files/7.1bf376f9696bfb8874af.js

108.167.188.133

200 OK

473 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/7.1bf376f9696bfb8874af.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (39616)
Size
473 kB (472929 bytes)
Hash
79bdbfed0da12fdd5767150368c7e116
dba44150859e662469bff17cd3d4b22ee17ef825
7450e7ad70a0768efe4f9dd087726b89f72ec95f67e698a268b89b319c6da915

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/7.1bf376f9696bfb8874af.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

www.credfacilsalvador.com.br/online-banking/unionbank_files/77bcca0a353436ad0ea0.png

108.167.188.133

200 OK

84 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/77bcca0a353436ad0ea0.png
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 3509 x 2482, 8-bit/color RGBA, non-interlaced\012- data
Size
84 kB (84281 bytes)
Hash
b64412453cb5996f63de49d397617504
d908c3f17df3c7c1287438c1f2690e43dd3e91d5
98beb0e665f5d2724b955f00a4b80a0c5db2ba5bb8830054482a75c4384eedaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/77bcca0a353436ad0ea0.png HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:00 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: bytes
Content-Length: 84281
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png

www.credfacilsalvador.com.br/online-banking/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png

108.167.188.133

200 OK

7.1 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 140 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
7.1 kB (7050 bytes)
Hash
6c52619633aaf102bd2a577e2688fa86
83296c14c2b7c884714936baf650d47325aaf894
032cf6c781dfb488e0e19248594759087e8c2d9a18d356b977b8da35a7b20649

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:00 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: bytes
Content-Length: 7050
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png

www.credfacilsalvador.com.br/online-banking/unionbank_files/1200px-Unionbank_2018_logo.svg.png

108.167.188.133

200 OK

21 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/1200px-Unionbank_2018_logo.svg.png
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1200 x 368, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20846 bytes)
Hash
70f65465e7c6d090d9277be5ce120b45
8ce111118f53f497079d066a4216f61b72347b87
2e916e6e4167cd80e0f126a9d67f8c4f40af081e5d28e56516fbe492700f5fc8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/1200px-Unionbank_2018_logo.svg.png HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:00 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: bytes
Content-Length: 20846
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.credfacilsalvador.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 106440
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.credfacilsalvador.com.br/online-banking/unionbank_files/saved_resource(1).html

108.167.188.133

200 OK

148 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/saved_resource(1).html
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
148 B (148 bytes)
Hash
2e564a3905e8c87687ee0bd0b05ee76a
41e908564ec62189439e245c46b4e3efc2eebd5c
25125843e939ebb13040693deab070e1301d8cd4cbb364fef81d99788bc800c4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/saved_resource(1).html HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:00 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 148
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html

www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html

108.167.188.133

200 OK

10 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10169)
Size
10 kB (10343 bytes)
Hash
4b710e1dcd2eb6f34b2dbdedcc2e217a
55403eed78c3b8f951fcc8f4561e49a0940c0848
1905caf8bf5d38feec9e358f236af1d41787fcbcd81a427fcfaaa256fbfee476

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/anchor.html HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:00 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10343
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.credfacilsalvador.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 570414
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.credfacilsalvador.com.br/online-banking/unionbank_files/styles__ltr.css

108.167.188.133

200 OK

28 kB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/styles__ltr.css
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (50696), with no line terminators
Size
28 kB (27902 bytes)
Hash
3f79eb5a523ac4d005c6619509340050
b87f0bc72c29a28c63c707a8f83c937123b3e5df
8e84b941aebcc46d950ca61c4594fca9cabcd06b6c9745885ae5dbb0c00f24da

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/styles__ltr.css HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:01 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4fa4e3a6c0ea0d843f6f77af6a290fca
965944af181e8d47677e5b428e8a3233c942cf99
801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6411
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:01 GMT
Last-Modified: Tue, 31 Jan 2023 01:49:10 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

www.credfacilsalvador.com.br/online-banking/unionbank_files/recaptcha__en.js.download

108.167.188.133

200 OK

21 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/recaptcha__en.js.download
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
1a60c330fb42841e8dcf3cd507a70bfc
9ba9c8d18f6be7851b4d88e3b608a9979f56a083
7fa5a93246b84491c51c9c8b4493d30518932a2bb45d67df757bc8a332b1f2d1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/recaptcha__en.js.download HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:01 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Content-Length: 21
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.credfacilsalvador.com.br/online-banking/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download

108.167.188.133

200 OK

21 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
1a60c330fb42841e8dcf3cd507a70bfc
9ba9c8d18f6be7851b4d88e3b608a9979f56a083
7fa5a93246b84491c51c9c8b4493d30518932a2bb45d67df757bc8a332b1f2d1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:01 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Content-Length: 21
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 31 Jan 2023 01:46:59 GMT
expires: Tue, 31 Jan 2023 03:46:59 GMT
cache-control: public, max-age=7200
age: 6542
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,700|Open+Sans:300

142.250.74.74

200 OK

89 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,700|Open+Sans:300
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (18530)
Size
89 kB (89202 bytes)
Hash
62eb5bfb082e56b674dfc9cd818ec90b
2a1f6461088e061c7e9e498ba1bccd776371d3c8
eef814554a094eef70102886e4ea6920548eb76b2b362874433f1204d86e88f4

HTTP Headers

GET /css?family=Roboto:400,700|Open+Sans:300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 31 Jan 2023 03:36:00 GMT
date: Tue, 31 Jan 2023 03:36:00 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4fa4e3a6c0ea0d843f6f77af6a290fca
965944af181e8d47677e5b428e8a3233c942cf99
801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5025
Cache-Control: max-age=100851
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 03:36:01 GMT
Etag: "63d75ff3-1d7"
Expires: Wed, 01 Feb 2023 07:36:52 GMT
Last-Modified: Mon, 30 Jan 2023 06:13:07 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

www.credfacilsalvador.com.br/online-banking/unionbank_files/favicon.ico

108.167.188.133

200 OK

21 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/favicon.ico
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
1a60c330fb42841e8dcf3cd507a70bfc
9ba9c8d18f6be7851b4d88e3b608a9979f56a083
7fa5a93246b84491c51c9c8b4493d30518932a2bb45d67df757bc8a332b1f2d1

HTTP Headers

GET /online-banking/unionbank_files/favicon.ico HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:01 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Content-Length: 21
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL HTTP/1.1
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.credfacilsalvador.com.br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15344
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 24 Jan 2023 21:13:42 GMT
Expires: Wed, 24 Jan 2024 21:13:42 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT
Content-Type: font/woff2
Age: 541339

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/1.1
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.credfacilsalvador.com.br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 28 Jan 2023 00:20:38 GMT
Expires: Sun, 28 Jan 2024 00:20:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT
Content-Type: font/woff2
Age: 270923

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.35

200 OK

2.2 kB

URL HTTP/2
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 18:48:55 GMT
expires: Tue, 31 Jan 2023 18:48:55 GMT
cache-control: public, max-age=604800
age: 550026
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
4926634f3217cdd97e97202504c0c3b7
f7ea00d740096e4e17e8d884b177d47004bea11e
4dc4be86e5dfd0ab45d7c2235760fe07f49bbfabf1c108c8ddae955aa5760a91

HTTP Headers

GET /recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Tue, 31 Jan 2023 03:36:01 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.credfacilsalvador.com.br/online-banking/unionbank_files/saved_resource.html

108.167.188.133

200 OK

148 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/saved_resource.html
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
148 B (148 bytes)
Hash
2e564a3905e8c87687ee0bd0b05ee76a
41e908564ec62189439e245c46b4e3efc2eebd5c
25125843e939ebb13040693deab070e1301d8cd4cbb364fef81d99788bc800c4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/saved_resource.html HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/unionbank_files/anchor.html
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:01 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 148
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html

www.credfacilsalvador.com.br/online-banking/unionbank_files/background.png

108.167.188.133

200 OK

4.0 MB

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/background.png
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 2054 x 1297, 8-bit/color RGB, non-interlaced\012- data
Size
4.0 MB (4034936 bytes)
Hash
b96ca6c086ae1da6eb5a5d1de5e0f3ad
a122544b2c6afd43e071ea3590cc4b37c05316b8
6aa4661e2ad0927c9c8bcadea3e57a5642798572f44a7bd411d12a4b3815be30

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /online-banking/unionbank_files/background.png HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:36:00 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: bytes
Content-Length: 4034936
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/png

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3acb4fe3-f1dd-417b-ac1c-9269bcff18d1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12906 bytes)
Hash
cbc9f50b0a96fb69fa2e948aa3125413
e7f13a6e81263e73ac5777959d63b567f50848d5
2e3411687a31211dbf0aa732f8d93a3c5a4748afb264e695d36782700c8e8b5d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3acb4fe3-f1dd-417b-ac1c-9269bcff18d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 12906
x-amzn-requestid: 4d09cdf1-2b4b-4f72-a313-caf6660774d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsLoHaHIAMF1uQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d22717-7074bd5202e3aced21ac49e3;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:09:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZkPnGMNVHQUSKvsqXZajTFA6FiOiZvSXHU6QN8zbCrSXKKmSdCWVqQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 22:47:13 GMT
age: 17334
etag: "e7f13a6e81263e73ac5777959d63b567f50848d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.credfacilsalvador.com.br/online-banking/unionbank_files/components.1bf376f9696bfb8874af.js

108.167.188.133

200 OK

0 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/components.1bf376f9696bfb8874af.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/components.1bf376f9696bfb8874af.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.10.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 03:36:00 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 03/12/2022 14:32:07
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: d59b1bc690982b057c0e17bb58696d82
cdn-cache: HIT
cf-cache-status: HIT
age: 1587476
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 791f66893fb30b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.credfacilsalvador.com.br/online-banking/unionbank_files/12.1bf376f9696bfb8874af.js

108.167.188.133

200 OK

0 B

URL HTTP/1.1
www.credfacilsalvador.com.br/online-banking/unionbank_files/12.1bf376f9696bfb8874af.js
IP
108.167.188.133:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /online-banking/unionbank_files/12.1bf376f9696bfb8874af.js HTTP/1.1
Host: www.credfacilsalvador.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.credfacilsalvador.com.br/online-banking/login.php
Cookie: PHPSESSID=cb6f2739f7e744f4e7c6f262dd87a559

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 03:35:59 GMT
Server: Apache
Last-Modified: Sun, 24 Apr 2022 15:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL