www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
23.253.85.69301 Moved Permanently 528 B URL HTTP/1.1 www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
IP 23.253.85.69:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (370)
Hash 531057e59d235782f032aba0b4a7cd52
515293c0a22709aa33e49ada0fa27b0877974ae5
ba94bb2564e370beba7ad1386e2cc6c23783d883e772d521695414c2b5a51640
Analyzer Verdict Alert fortinet Phishing
GET /bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 20:09:17 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Content-Length: 528
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8634
Expires: Fri, 09 Dec 2022 22:33:11 GMT
Date: Fri, 09 Dec 2022 20:09:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5668
Expires: Fri, 09 Dec 2022 21:43:45 GMT
Date: Fri, 09 Dec 2022 20:09:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 20:08:20 GMT
content-type: application/json
age: 57
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2473
Expires: Fri, 09 Dec 2022 20:50:30 GMT
Date: Fri, 09 Dec 2022 20:09:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aVbUYz/jPX+JNL6GfeT6MYpdMXiw4ZESaobA2gTCrhQ2EMIQlwygIEdNMK6es1+FH+rBzQ0Swls=
x-amz-request-id: RMNFDT8XQ4XTJHPC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 19:48:29 GMT
age: 1248
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 20:09:17 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 19:33:13 GMT
age: 2165
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2815
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:18 GMT
Last-Modified: Fri, 09 Dec 2022 19:22:23 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.51.98101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.51.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EQkQNZyGgL84Sw4CJu4yog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tOibNIxVOdjzjqJeYUoLjFHzVnw=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16460
Expires: Sat, 10 Dec 2022 00:43:39 GMT
Date: Fri, 09 Dec 2022 20:09:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16460
Expires: Sat, 10 Dec 2022 00:43:39 GMT
Date: Fri, 09 Dec 2022 20:09:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16460
Expires: Sat, 10 Dec 2022 00:43:39 GMT
Date: Fri, 09 Dec 2022 20:09:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 80275
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:46:15 GMT
age: 55384
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 12:33:36 GMT
age: 27343
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 59453
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 46520
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 46564
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
23.253.85.69404 Not Found 32 kB URL HTTP/1.1 www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
IP 23.253.85.69:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2501), with CRLF, LF line terminators
Hash 0074d6aa3f959e206b1ace6ef71530a0
a10e90945fc069d178d62c1aefab81b7b9f3bfbc
dc7a6c2550addaa3211ba3dc96a6ea7b7a2b7d4b2618b96b3085497629b076f6
Analyzer Verdict Alert fortinet Phishing
GET /bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 20:09:17 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.gico.co.cr/wp-json/>; rel="https://api.w.org/"
X-TEC-API-VERSION: v1
X-TEC-API-ROOT: https://www.gico.co.cr/wp-json/tribe/events/v1/
X-TEC-API-ORIGIN: https://www.gico.co.cr
Set-Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396; path=/
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1
23.253.85.69200 OK 5.3 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1
IP 23.253.85.69:0
File type ASCII text, with very long lines (5305), with no line terminators
Hash ee78f26525b08d4e372b92a1a3ed1d26
b4dbb4706c8a479b3891cbeddf19e162e36bd61a
7fcaa4d432eb8627f0ab7efdc3ce11a4e593f29443fc6bb1888f4955c55f868b
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:45 GMT
Accept-Ranges: bytes
Content-Length: 5305
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.css?ver=1.7.6
23.253.85.69200 OK 3.0 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.css?ver=1.7.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (2996), with no line terminators
Hash e40016819c0cee76171d64700f5cc56f
f9d442bbd3f527e3ed107964b5afdc3f63c26a42
9fd84e091cfddfb8149de5d228510d37bb3cae096acb13c3d037420259a133bc
GET /wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.css?ver=1.7.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 2996
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6
23.253.85.69200 OK 81 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6
IP 23.253.85.69:0
File type Unicode text, UTF-8 text, with very long lines (33376)
Hash 43c4bc05b5e3b0a6684a7c3a52e63590
ed6d95d525a710a82e8b8583e9ba7bce3b2a4722
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:19 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:10 GMT
Accept-Ranges: bytes
Content-Length: 80574
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gico.co.cr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1
23.253.85.69200 OK 2.7 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1
IP 23.253.85.69:0
Hash e6fae855021a88a0067fcc58121c594f
6299ac3987b5e81725781799dad361d19ac3b99d
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:53 GMT
Accept-Ranges: bytes
Content-Length: 2731
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
23.253.85.69200 OK 28 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
IP 23.253.85.69:0
File type ASCII text, with very long lines (27709)
Hash e166554d9568a75420df25df66eee803
188cf85ac6df9b1175d26c527f39826216cce272
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c
GET /wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:32:07 GMT
Accept-Ranges: bytes
Content-Length: 27760
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.7
23.253.85.69200 OK 289 B URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.7
IP 23.253.85.69:0
File type ASCII text, with CR line terminators
Hash 06e5b21cbcff813c4731edf288388ba4
697133e0e3ea0a896f5a45023887d9345304afd0
f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.7 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:54 GMT
Accept-Ranges: bytes
Content-Length: 289
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.8.1
23.253.85.69200 OK 18 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.8.1
IP 23.253.85.69:0
File type Unicode text, UTF-8 text, with very long lines (17923), with no line terminators
Hash 1cbcc9e85ba99c007f519bf1a67feb58
82d238c9b2a1797c0ad785c01309c49dc1f302af
48052f6267b2e21fb086ad26457c715b3b8b5e8c6fcbcdea42589da06b05e9be
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 17925
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-includes/css/dashicons.min.css?ver=5.8.6
23.253.85.69200 OK 59 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/css/dashicons.min.css?ver=5.8.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (58981)
Hash d68d6bf519169d86e155bad0bed833f8
27ba9c67d0e775fc4e6dd62011daf4c3902698fc
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dashicons.min.css?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:10 GMT
Accept-Ranges: bytes
Content-Length: 59016
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0
216.58.207.228200 OK 584 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0
IP 216.58.207.228:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 29141215a6f0f4123de4c69704088ecb
0f8aa369e91da1be8816b55482313d41fdfcaa2c
5b378a9e1bb07a2d3252817c06519a43d5b28ee20682710731f2e9d2eac0a72a
GET /recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 09 Dec 2022 20:09:20 GMT
date: Fri, 09 Dec 2022 20:09:20 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5496e18a30e039b44989d9a0e932d4bc
c5bfb1b9ce711e38d69e78486017f07cc47fe04a
26a3ad286e479cdabfcbb5a9d3fada211c73650628a35c80944b0e7e8aad27e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1
23.253.85.69200 OK 198 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1
IP 23.253.85.69:0
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size 198 kB (198045 bytes)
Hash 8fdf21964b6bd60a1b46eda830ce4de7
4f11c73619006e34bdfdd49eb27e01802ee577cf
1c75b8cb0139f8c0820414597288c45de53329781acd3badb4fcd9cac7dc0dd4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:45 GMT
Accept-Ranges: bytes
Content-Length: 198045
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5
23.253.85.69200 OK 31 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5
IP 23.253.85.69:0
File type ASCII text, with very long lines (30449)
Hash 17d35b1ddb5a58cc19379d19f22b9fdc
29ada89a0d529ff139afc0b58fac96471ece2853
8cdc53975174314cc55ef7ca7ee80afbf80e724452e4b0fc7e4bea1e43ad4f59
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 30611
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/themes/bubulla/assets/css/plugins.css?ver=1.0.6
23.253.85.69200 OK 29 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/css/plugins.css?ver=1.0.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (29027), with CRLF line terminators
Hash f57ebe59dbe8d8bd75435d37249ec85a
8034d7885db8862424faa7ad8fdeca892e170ed1
219874a2386227662b35c23e9224d02837a598ea7b5467b85338141ca3e8074f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/css/plugins.css?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 29186
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.8.1
23.253.85.69200 OK 63 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.8.1
IP 23.253.85.69:0
File type Unicode text, UTF-8 text, with very long lines (62789), with no line terminators
Hash 7892d7349e74e7dd7fae386eda2dded7
bd31f749a68bfffc0ba299d94b5de5d3803d9b9b
37811d4d55ec74751bcaa643b3a9798f1d577ac2910b63c6ca202c2e36544e05
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 62803
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/uploads/js_composer/custom.css?ver=6.0.5
23.253.85.69200 OK 4.3 kB URL HTTP/1.1 www.gico.co.cr/wp-content/uploads/js_composer/custom.css?ver=6.0.5
IP 23.253.85.69:0
File type ASCII text, with CRLF line terminators
Hash d92e6b3d61fbc7e795913f574f0ce6e3
4d981f28ffb37b397ebc3ac6133e70f3988b8e3e
c517b1be11c52584948297e5fe2b131b44163b900c591d4c958d7d0859c5317d
GET /wp-content/uploads/js_composer/custom.css?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 21 Aug 2020 22:00:09 GMT
Accept-Ranges: bytes
Content-Length: 4321
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/themes/bubulla/assets/css/bootstrap-grid.css?ver=1.0
23.253.85.69200 OK 132 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/css/bootstrap-grid.css?ver=1.0
IP 23.253.85.69:0
File type ASCII text, with very long lines (65371)
Size 132 kB (132048 bytes)
Hash 0ab07676629a8552bcf577643d1783b4
bf9e853d04fd510156d976aefcfb7e222bb6d3f9
43eca4c35cb0bf12ed7ac1994621e331c1d52ddef9eed9bf71df9e351d5a7ca2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/css/bootstrap-grid.css?ver=1.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 132048
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24
23.253.85.69200 OK 31 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24
IP 23.253.85.69:0
File type ASCII text, with very long lines (30837)
Hash 269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 31000
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/themes/bubulla/style.css?ver=1.0.6
23.253.85.69200 OK 700 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/style.css?ver=1.0.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (324)
Size 700 kB (699753 bytes)
Hash e3379d1aab626409922b32dafcad7ecc
9141128f04009baa68939f1a3d345386bb048424
4767f859daa15166a94c76edc75a14b6e639755a0abc8d90d0480647917c5fb1
GET /wp-content/themes/bubulla/style.css?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 699753
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/entypo/css/entypo.css?ver=2.7.24
23.253.85.69200 OK 18 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/entypo/css/entypo.css?ver=2.7.24
IP 23.253.85.69:0
Hash 9594655f9fe588ca0ece3ecb666770d7
069db3bd054b0e45d9047c6e080f75fb4da330ba
aabe87d453223c03579e252429384f042b11b54385fec1207050741ed34f4998
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/unyson/framework/static/libs/entypo/css/entypo.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 17583
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/lnr/css/lnr.css?ver=2.7.24
23.253.85.69200 OK 7.4 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/lnr/css/lnr.css?ver=2.7.24
IP 23.253.85.69:0
File type ASCII text, with very long lines (7191)
Hash ec26292e52e5bc20624b029974bd0adf
3756375bb053b0f3f62303597d844f70cef1b5e0
31ca8fc4bb190118851959f282909af4a8f6e782b69dcfbe00094ffc010878b3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/unyson/framework/static/libs/lnr/css/lnr.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 7354
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/linecons/css/linecons.css?ver=2.7.24
23.253.85.69200 OK 151 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/linecons/css/linecons.css?ver=2.7.24
IP 23.253.85.69:0
File type ASCII text, with very long lines (65421)
Size 151 kB (150962 bytes)
Hash 0afc880eee87a9050231d80f2a6b6f9b
42b1e67227ce13db98956e7cbdd8de815d4202f4
ef510109927a4d8a4b23b7a81d7dd72772f9f1d586d5bd0ce87456363fed5e52
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/unyson/framework/static/libs/linecons/css/linecons.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 150962
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6
23.253.85.69200 OK 18 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (15224)
Hash 116c86c56f8db0bb63f15ceda50fdc98
75e308982ecf7cd43644b8b426e6aa1a0b0fbe26
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 18181
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/typcn/css/typcn.css?ver=2.7.24
23.253.85.69200 OK 23 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/typcn/css/typcn.css?ver=2.7.24
IP 23.253.85.69:0
Hash ee24d44ce56c3f963c4560470cf27c03
48ead615cfeb7b7039734d5a61095c4ba1d63bfd
c5deae741af05992589255c23f97b656b9fc732e5561754be87865bb3cec9599
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/unyson/framework/static/libs/typcn/css/typcn.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 22681
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/unycon/unycon.css?ver=2.7.24
23.253.85.69200 OK 37 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/unycon/unycon.css?ver=2.7.24
IP 23.253.85.69:0
Hash bdfa91a5b34d7d79209bf17318efa6f4
a11d2c0206bd2d098d5dc6b0b3b6a273822a657b
13c046ee44f52826410b7f81efc181c744a710583aff41777a7e8eabc784b416
GET /wp-content/plugins/unyson/framework/static/libs/unycon/unycon.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 36875
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/uploads/2018/02/ltx-bubulla-codes.css?ver=1.0.6
23.253.85.69200 OK 1.8 kB URL HTTP/1.1 www.gico.co.cr/wp-content/uploads/2018/02/ltx-bubulla-codes.css?ver=1.0.6
IP 23.253.85.69:0
Hash 773fcb757ab97766e6b906b80bec8150
d37566ecbbd4cdb342e483154a2aa050aa86c37e
664cdc88c8f114e8547c5a6e00a7740a36ffa021c000125bb55637a94f07ec65
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2018/02/ltx-bubulla-codes.css?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 26 Mar 2020 18:05:02 GMT
Accept-Ranges: bytes
Content-Length: 1767
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/themes/bubulla/assets/css/magnific-popup.css?ver=1.1.0
23.253.85.69200 OK 7.0 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/css/magnific-popup.css?ver=1.1.0
IP 23.253.85.69:0
Hash 30b593b71d7672658f89bfea0ab360c9
d6963db6faa9294387bb3175813a61bc3f859437
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/css/magnific-popup.css?ver=1.1.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 6951
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
23.253.85.69200 OK 11 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 23.253.85.69:0
File type ASCII text, with very long lines (11126)
Hash 79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 11224
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
23.253.85.69200 OK 90 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 23.253.85.69:0
File type ASCII text, with very long lines (65447)
Hash 02dd5d04add4759122013c5ab4dc5cc2
a45a56e396ac549b4ff39b696ce9e0c16a7612de
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 89521
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1
23.253.85.69200 OK 9.5 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1
IP 23.253.85.69:0
File type ASCII text, with very long lines (9151)
Hash 2e96f622673104a3fb67ab56f849c073
f4c17ae4709cad9bc997357581f4e30fc4bbee2c
b49498d1142de7f2e16afc2cd4250d2ba30c5df4de5d291f51d7cf69727efdbe
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 9545
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5
23.253.85.69200 OK 992 B URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5
IP 23.253.85.69:0
Hash 787fe4f547a6cb7f4ce4934641085910
c2dee88d5bdfef214ce9c56f71a1df51cda0f328
654aaebdea944313257827be97eb196a8218a2cdfc9ba399db23e2cd4c02bd79
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 992
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1
23.253.85.69200 OK 3.0 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1
IP 23.253.85.69:0
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash 8bc2109ef48cabf7a26b73d7c3536c5f
0e0dfee3a3975eafc3dd55f190d1deb3c6c55d3b
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 3037
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2
23.253.85.69200 OK 15 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2
IP 23.253.85.69:0
File type HTML document, ASCII text, with very long lines (14738)
Hash f4edbe362687b90ce352ea52bf8dea08
d969354cc3e72c89eb55cc1ee136a40c34d8a2db
be1ef55f9d84c0b8f8e71ba9eb7f9276728ff76691b59a6fed4da14388b6a2c8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 15395
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6
23.253.85.69200 OK 16 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (15255)
Hash d175e1165ab5c84a3143148c4a81831c
d3f08bc09805480b76486099f11c1725866605f4
bb901ca87364109a9a9001663c01041a74afd1456c2a129658d532de87800952
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 15450
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6
23.253.85.69200 OK 18 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (18238)
Hash 6b8c8ac0b6717d307ea592c2161f52ec
d415cbc63c2334cee1864fb677c755f708b0bcfc
f4d4a1590381bbddf2197ceae7b0f6ec48ff4e719fe9d6a406e9e0381a191bc0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 18445
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.35200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:11 GMT
expires: Sat, 09 Dec 2023 13:33:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
age: 23770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4
23.253.85.69200 OK 3.3 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4
IP 23.253.85.69:0
File type ASCII text, with very long lines (3252)
Hash 82325c0d35b7a9c63a3eee37615659ce
a3fb49f67fb27d5025f73f205c84e1ae0a9d9cd3
37217cfedb39356d2a0fd317e4a8ee87d225f4364e3afc7473ab5a8e7d97ec64
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 3291
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6
23.253.85.69200 OK 9.3 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (9217)
Hash 6c9e1e29ea9e791a5afbdc73c0f17d37
f7e1b3ae2fe00136a5906d54f2b5bad357226a7b
ab2ffe49133a61b81d5821173010b93ece536ae597ca010c77abc2d318a35a88
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 9278
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5
23.253.85.69200 OK 485 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5
IP 23.253.85.69:0
File type ASCII text, with very long lines (65358)
Size 485 kB (484857 bytes)
Hash 496827eca918d8d4a7d12c6dfc32715f
6b3c201784de091299d175c8009942ebeb553144
bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 484857
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gico.co.cr/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
23.253.85.69200 OK 6.4 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
IP 23.253.85.69:0
File type ASCII text, with very long lines (6406), with no line terminators
Hash 8fe2803a01c9fa77cb1a2618c3552dce
2230dd8f0604e4328e7c2a3f9437a6bf2986f592
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 6406
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
23.253.85.69200 OK 331 B URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
IP 23.253.85.69:0
Hash f0cba76b7742df5f4c51e5b1d106c1a7
ad223c79db3073aa58d3414ddfcf055a48796029
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
GET /wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:32:07 GMT
Accept-Ranges: bytes
Content-Length: 331
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
23.253.85.69200 OK 16 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 23.253.85.69:0
File type Unicode text, UTF-8 text, with very long lines (16323)
Hash 38400d9c6ba7d41239fccfaa9f523558
fe9a1548961441ce82e5399444f2be5408d2644c
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 16470
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
142.250.74.35200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 21724, version 1.0\012- data
Hash c3609c36a150ce088ea4dcab92b7c00b
0c18236a183e962533a4f61bff3ae2581313561a
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
GET /s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 06:53:52 GMT
expires: Sat, 09 Dec 2023 06:53:52 GMT
cache-control: public, max-age=31536000
age: 47729
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
142.250.74.35200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7932, version 1.0\012- data
Hash a7f7eebec745ef48ccf7a3d08c66d84a
2c5f99afe358a3e8570818a99646779aaa607587
6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399
GET /s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7932
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 23:43:50 GMT
expires: Thu, 07 Dec 2023 23:43:50 GMT
cache-control: public, max-age=31536000
age: 159931
last-modified: Wed, 27 Apr 2022 16:10:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.35200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:13 GMT
expires: Sat, 09 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
age: 23768
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gico.co.cr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1
23.253.85.69200 OK 12 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1
IP 23.253.85.69:0
File type HTML document, ASCII text, with very long lines (11862), with no line terminators
Hash 862c82d8373e4d69aa5af6c994389bda
042bb60eee9e7dbffcbd43d529517e562f97f455
d0ba7e2275cddbdf3d2473a60565d950efb8474ba7bda393cc64f56ff39d85ce
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:53 GMT
Accept-Ranges: bytes
Content-Length: 11862
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1
23.253.85.69200 OK 1.8 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1
IP 23.253.85.69:0
File type ASCII text, with very long lines (1668)
Hash d0a6d8547c66b0d7b0172466558d1208
ff93916519c7b9483251f609e4d29f38c30a66e3
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 1834
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1
23.253.85.69200 OK 2.1 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1
IP 23.253.85.69:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash b72c1cbb1530a011a27bd9800f26765a
27b825c5d8255f33b8427a059d4545ebd65e1746
a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 2139
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1
23.253.85.69200 OK 2.9 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1
IP 23.253.85.69:0
File type ASCII text, with very long lines (2938), with no line terminators
Hash 51af5d767f0300f23ecec6298b707395
5eb2d3d937fe0392a974937125d0420666b9396c
9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 2938
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-includes/js/imagesloaded.min.js?ver=4.1.4
23.253.85.69200 OK 5.6 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 23.253.85.69:0
File type ASCII text, with very long lines (5477)
Hash 3a56752b736635bf69cb069b8818cbfd
42e0951fe74bb3f56a30f51291823bcd4a84d76e
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sat, 13 Jun 2020 18:53:27 GMT
Accept-Ranges: bytes
Content-Length: 5629
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1
23.253.85.69200 OK 934 B URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1
IP 23.253.85.69:0
File type ASCII text, with very long lines (934), with no line terminators
Hash ec0187677793456f98473f49d9e9b95f
8c55e0f4a29865e871f3d54be8d480a0665891d9
df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:53 GMT
Accept-Ranges: bytes
Content-Length: 934
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-includes/js/masonry.min.js?ver=4.2.2
23.253.85.69200 OK 24 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/masonry.min.js?ver=4.2.2
IP 23.253.85.69:0
File type ASCII text, with very long lines (23966)
Hash 3b3fc826e58fc554108e4a651c9c7848
76778fd446e2ff2377588a7b4ac4d79f258427c9
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sat, 13 Jun 2020 18:53:27 GMT
Accept-Ranges: bytes
Content-Length: 24138
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
23.253.85.69200 OK 1.8 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP 23.253.85.69:0
File type ASCII text, with very long lines (1626)
Hash cd0eb3406096ff80266e7c9d7d419186
0e3709691bf96233766de30e2fd473b84166c5b6
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 Aug 2016 18:55:30 GMT
Accept-Ranges: bytes
Content-Length: 1819
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0
23.253.85.69200 OK 60 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0
IP 23.253.85.69:0
File type ASCII text, with very long lines (59928)
Hash d247c9568e051b91d27ba6901447e8b0
25fbb66bc92f7538edab6575cf57c4391d7adb17
2c991660c701f37fb337c54edc49d2a0d607881a3dde688e178ed97ec3d23434
GET /wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 60010
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6
23.253.85.69200 OK 3.4 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (3256)
Hash b26f709eebe2d814642a0064c03bdde1
e35668566c85d8cf0de533b8fc06bdd1653faa88
aa6140aec193d9e10ee4afe5e8f2188955869fcd8b0c30be690c34c5e710b00f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 3355
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3
23.253.85.69200 OK 37 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3
IP 23.253.85.69:0
File type ASCII text, with very long lines (32033)
Hash 52795075b9afac9f91e009052a222927
e62fb45a50c2c2cf090dc43eeda429baf3e3cffc
629b2198d95993211a7cd1ae81812bafd2a6b9a1566396e3bcf044ae55f7bc5c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 37045
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4
23.253.85.69200 OK 9.8 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4
IP 23.253.85.69:0
File type ASCII text, with very long lines (9394)
Hash f6e66cff994107cc9934906843970828
d446b100b89ed6d66b22090abf10af694ebd9370
050a6633866e305889a262b41eaba67789b351026d1b88bd0a1e1892b38c4ace
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 9820
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3
23.253.85.69200 OK 2.1 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3
IP 23.253.85.69:0
Hash d439ed819215f6effd1102a775115d7a
7579229e06fe18f44d80e47493cf2a00fb183535
ffb93107a1cfd4deae073d4d0208b5c7e249f42eeba494d468ec46ad52a0f1c3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 2116
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6
23.253.85.69200 OK 43 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6
IP 23.253.85.69:0
File type ASCII text, with CRLF line terminators
Hash 9243086d57b887f55e4517059ca84d29
47a5a6e4a2a74cb5d1dd2b35990abd7eda1709cd
8e93603a513ebf0df6eeb0b6308dfd687bc37deaf71e8631acc5dc63c1ae16ab
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 42673
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2
23.253.85.69200 OK 17 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2
IP 23.253.85.69:0
Hash 5cc0d43e33ab38103f60e4db7812e77c
da7c40d45d5ff75044a5e955ba5bd8fbd9d9daec
390949d883dd16906ee25c7318787789599b9f1ad090675889a322b07dbb5aef
GET /wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 16860
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0
23.253.85.69200 OK 1.3 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0
IP 23.253.85.69:0
File type ASCII text, with very long lines (1343), with no line terminators
Hash 5056cc8b8c300807b47af08ddffd4fea
8472dc4c10fda1fd630f541f215d28ccbcb3348f
8ab0b8c7e1fdfd0829989ab3ea5a575d87e4a153091431b221769e6423947b77
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 1343
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0
23.253.85.69200 OK 128 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0
IP 23.253.85.69:0
File type ASCII text, with very long lines (65270)
Size 128 kB (127934 bytes)
Hash 53fc0155c6c3cb55f34b749325ebb370
a0738b4767a38b90e17792041d648ed621dab2ae
b9c90c601bc81ad71ed8be557ff9b095de5aae947926e84011e2728cf65250a6
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 127934
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0
23.253.85.69200 OK 42 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0
IP 23.253.85.69:0
Hash 5b23ded83b6a631b06040ed574e43dd6
554d5d9da772b0145af586fc73e7e23403aef9d5
c24ed0313cd813b049be4a3d06ccb03f34662b3842b4840a4ee37afc1f6c466c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 41730
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6
23.253.85.69200 OK 13 kB URL HTTP/1.1 www.gico.co.cr/wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (12827), with no line terminators
Hash 11671bd54d836396554c7668b4df527e
8ececb68e45b134bdb41486b402ccc24379f5552
7e4cde317fee330ea93a2244e0581a9e9f338f5885a5e75346edcefe991b2198
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 12827
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-includes/js/wp-embed.min.js?ver=5.8.6
23.253.85.69200 OK 1.4 kB URL HTTP/1.1 www.gico.co.cr/wp-includes/js/wp-embed.min.js?ver=5.8.6
IP 23.253.85.69:0
File type ASCII text, with very long lines (1391)
Hash 905225d5711b559d3092387d5ffbedbd
6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-embed.min.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 04:05:05 GMT
Accept-Ranges: bytes
Content-Length: 1426
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5
23.253.85.69200 OK 21 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5
IP 23.253.85.69:0
File type ASCII text, with very long lines (20382)
Hash 5a627237805ba8fde358e571c3333197
b7365a7674259f505dc10e24e1b06c7e64555ed1
43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 20601
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
23.253.85.69200 OK 77 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 23.253.85.69:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/plugins/unyson/framework/static/libs/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 77160
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: font/woff2
www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.8.1
23.253.85.69200 OK 7.0 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.8.1
IP 23.253.85.69:0
File type ASCII text, with very long lines (7043), with no line terminators
Hash 456663a286a204386735fd775542a59e
0a61620b88f4ae0fa7d71e2c7a014ea2c3ab5749
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 7043
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
www.gico.co.cr/wp-content/uploads/2018/02/logo-gico.png
23.253.85.69200 OK 7.2 kB URL HTTP/1.1 www.gico.co.cr/wp-content/uploads/2018/02/logo-gico.png
IP 23.253.85.69:0
File type PNG image data, 325 x 161, 8-bit/color RGBA, non-interlaced\012- data
Hash d8047e249d5b1f9cff29727948dbe0fe
3c1a36b85cdbb6ef819193c68271a8d00c93bf3d
327cb15e2d3effeb879ac7070a20f01fc9e55deb4e3a956be409d75f37dcb8e9
GET /wp-content/uploads/2018/02/logo-gico.png HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Mon, 30 Mar 2020 21:41:07 GMT
Accept-Ranges: bytes
Content-Length: 7230
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png
www.gico.co.cr/wp-content/uploads/2018/02/top.jpg
23.253.85.69200 OK 258 kB URL HTTP/1.1 www.gico.co.cr/wp-content/uploads/2018/02/top.jpg
IP 23.253.85.69:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x722, components 3\012- data
Size 258 kB (258006 bytes)
Hash 2ba7ece27a668ed1240bcddf997c1a93
936be2fb5bc0a64b04f0409e86b004deb66397e2
fadceb49e37b0e9ec9e4489caf924f7f86883a70f11c17787746973e2cdf3460
GET /wp-content/uploads/2018/02/top.jpg HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 13 Aug 2020 21:48:28 GMT
Accept-Ranges: bytes
Content-Length: 258006
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
23.253.85.69200 OK 77 kB URL HTTP/1.1 www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 23.253.85.69:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 77160
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: font/woff2
www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-192x192.png
23.253.85.69200 OK 1.8 kB URL HTTP/1.1 www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-192x192.png
IP 23.253.85.69:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash f8943f96cb07fed8546182bc731e50a0
9c1893d1da0114c9fbab33dff9ab7e62eb6f68a2
f162144ff07cb21404a5197205f7382209c0bd5f53c91b0335c64da82d5f5c50
GET /wp-content/uploads/2018/02/cropped-icon-1-192x192.png HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 Mar 2020 00:11:43 GMT
Accept-Ranges: bytes
Content-Length: 1763
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-32x32.png
23.253.85.69200 OK 362 B URL HTTP/1.1 www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-32x32.png
IP 23.253.85.69:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash aa81cfcb27cabca7583a71c1c47dd473
fe9821e03e7b1d841ca7012ad0efb14b97ec16aa
4a1aa22c683a9dd74f6c07c0238184b91ca5a00d988e49808e1391555b7c1604
GET /wp-content/uploads/2018/02/cropped-icon-1-32x32.png HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 Mar 2020 00:11:43 GMT
Accept-Ranges: bytes
Content-Length: 362
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png
www.gico.co.cr/?wc-ajax=get_refreshed_fragments
23.253.85.69200 OK 300 B URL HTTP/1.1 www.gico.co.cr/?wc-ajax=get_refreshed_fragments
IP 23.253.85.69:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 86c4cc563340688ca6b88893cb2a57a6
2da3a023d272f168897b669aa1de3e87e0b29aff
c3011c730bf1cb07eb5b7d87c91f9bcd2151f0a5b6b1fd07740c6b999a6561ae
Analyzer Verdict Alert fortinet Phishing
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Access-Control-Allow-Origin: https://www.gico.co.cr
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Robots-Tag: noindex
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 23:37:39 GMT
age: 73907
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:400,200,400i,700%7CBarlow:400,700,700i%7CSacramento:400&subset=latin-ext
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins:400,200,400i,700%7CBarlow:400,700,700i%7CSacramento:400&subset=latin-ext
IP 142.250.74.106:0
GET /css?family=Poppins:400,200,400i,700%7CBarlow:400,700,700i%7CSacramento:400&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 20:09:20 GMT
date: Fri, 09 Dec 2022 20:09:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2