Report - www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC

Report Overview

Submitted URL
www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
IP
23.253.85.69
ASN
#33070 RMH-14
Submitted
2022-12-09 20:09:29
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
92

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	60 kB	34.120.237.76
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	421 B	1.2 kB	216.58.207.228
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	460 B	746 B	142.250.74.106
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	142.250.74.131
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	49 kB	142.250.74.35
www.gico.co.cr	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	53 kB	3.3 MB	23.253.85.69
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.149.51.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	Phishing
2022-12-09	medium	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	Phishing
2022-12-09	medium	www.gico.co.cr/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.7	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.8.1	Phishing
2022-12-09	medium	www.gico.co.cr/wp-includes/css/dashicons.min.css?ver=5.8.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/css/plugins.css?ver=1.0.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.8.1	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/css/bootstrap-grid.css?ver=1.0	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/entypo/css/entypo.css?ver=2.7.24	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/lnr/css/lnr.css?ver=2.7.24	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/linecons/css/linecons.css?ver=2.7.24	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/typcn/css/typcn.css?ver=2.7.24	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/uploads/2018/02/ltx-bubulla-codes.css?ver=1.0.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/css/magnific-popup.css?ver=1.1.0	Phishing
2022-12-09	medium	www.gico.co.cr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5	Phishing
2022-12-09	medium	www.gico.co.cr/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1	Phishing
2022-12-09	medium	www.gico.co.cr/wp-includes/js/imagesloaded.min.js?ver=4.1.4	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1	Phishing
2022-12-09	medium	www.gico.co.cr/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-includes/js/wp-embed.min.js?ver=5.8.6	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5	Phishing
2022-12-09	medium	www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.8.1	Phishing
2022-12-09	medium	www.gico.co.cr/?wc-ajax=get_refreshed_fragments	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (54)

	URL	Size	First Seen	Last Seen
	www.gico.co.cr/wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0	128 kB	2023-03-07	2024-04-22
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:30 Last Seen2024-04-22 11:13:55 Times Seen3295 Hash 53fc0155c6c3cb55f34b749325ebb370 a0738b4767a38b90e17792041d648ed621dab2ae b9c90c601bc81ad71ed8be557ff9b095de5aae947926e84011e2728cf65250a6 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0	1.3 kB	2023-03-08	2024-02-28
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:02 Last Seen2024-02-28 12:00:26 Times Seen50 Hash 5056cc8b8c300807b47af08ddffd4fea 8472dc4c10fda1fd630f541f215d28ccbcb3348f 8ab0b8c7e1fdfd0829989ab3ea5a575d87e4a153091431b221769e6423947b77 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6	13 kB	2023-03-09	2024-01-10
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2024-01-10 06:24:52 Times Seen3 Hash 11671bd54d836396554c7668b4df527e 8ececb68e45b134bdb41486b402ccc24379f5552 7e4cde317fee330ea93a2244e0581a9e9f338f5885a5e75346edcefe991b2198 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&co=aHR0cHM6Ly93d3cuZ2ljby5jby5jcjo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=efde8br3qae7	69 B	2023-03-07	2024-04-25
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&co=aHR0cHM6Ly93d3cuZ2ljby5jby5jcjo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=efde8br3qae7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-25 08:47:03 Times Seen99455 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4	3.3 kB	2023-03-07	2024-04-23
Pretty URL www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:09 Last Seen2024-04-23 04:24:16 Times Seen641 Hash 82325c0d35b7a9c63a3eee37615659ce a3fb49f67fb27d5025f73f205c84e1ae0a9d9cd3 37217cfedb39356d2a0fd317e4a8ee87d225f4364e3afc7473ab5a8e7d97ec64 Loading...

	www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1	1.8 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-25 08:48:30 Times Seen21596 Hash d0a6d8547c66b0d7b0172466558d1208 ff93916519c7b9483251f609e4d29f38c30a66e3 3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	135 B	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-04-25 08:48:28 Times Seen26590 Hash 3f82b089cf163a5417b3edb4687151f7 28436f92ab540ff08b12fdefddc7da67ba0f04f7 5ba9af6f12e99663f8f04285ef3d4ffd4cdbca820bccbc2dda9c40f805b5a850 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	167 B	2023-03-09	2023-03-11
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-11 13:53:43 Times Seen1 Hash 0f9fe7085577ec559ac6861634679a87 3220409e2299497ca4c546799f0d77d33c581283 b8ff8e151673618c26c4a0a1fea293cd4561b75a6aabeb6986d4980546e1214a Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	294 B	2023-03-09	2023-03-11
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-11 13:53:44 Times Seen1 Hash c8cfa61321bc4d7dd30ed2a7167737ea 5f96254acdfd3be9fd57f9d1100eee01fcbb6228 f23e3e9a8c3c158b823479412549d487e41dfa9d3aeb87e804e72650ba4e786e Loading...

	www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1	2.9 kB	2023-03-07	2024-04-22
Pretty URL www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2024-04-22 16:48:45 Times Seen3003 Hash 51af5d767f0300f23ecec6298b707395 5eb2d3d937fe0392a974937125d0420666b9396c 9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b Loading...

	www.gico.co.cr/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1	934 B	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:48 Last Seen2024-04-25 07:52:27 Times Seen1933 Hash ec0187677793456f98473f49d9e9b95f 8c55e0f4a29865e871f3d54be8d480a0665891d9 df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b Loading...

	www.gico.co.cr/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b	1.8 kB	2023-03-07	2024-04-24
Pretty URL www.gico.co.cr/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:32 Last Seen2024-04-24 21:08:14 Times Seen6649 Hash cd0eb3406096ff80266e7c9d7d419186 0e3709691bf96233766de30e2fd473b84166c5b6 c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	2.1 kB	2023-03-09	2023-03-11
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-11 13:53:43 Times Seen1 Hash 26e1740f50a488eee667e0e6e8b56695 1eb1fb3ad14bb5cc3c0f2b5ac10a4be01366029a 0ccba61a866a50521fb6fc2002c205557a28c44118d9ee0b8be4bb09eb0fdfa9 Loading...

	www.gico.co.cr/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6	18 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 04:54:54 Times Seen12590 Hash 116c86c56f8db0bb63f15ceda50fdc98 75e308982ecf7cd43644b8b426e6aa1a0b0fbe26 def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7 Loading...

	www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1	9.5 kB	2023-03-07	2024-04-20
Pretty URL www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:36 Last Seen2024-04-20 18:59:05 Times Seen1750 Hash 2e96f622673104a3fb67ab56f849c073 f4c17ae4709cad9bc997357581f4e30fc4bbee2c b49498d1142de7f2e16afc2cd4250d2ba30c5df4de5d291f51d7cf69727efdbe Loading...

	www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1	3.0 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-25 04:54:53 Times Seen5919 Hash 8bc2109ef48cabf7a26b73d7c3536c5f 0e0dfee3a3975eafc3dd55f190d1deb3c6c55d3b 8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4	9.8 kB	2023-03-08	2024-04-20
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:02 Last Seen2024-04-20 17:18:54 Times Seen110 Hash f6e66cff994107cc9934906843970828 d446b100b89ed6d66b22090abf10af694ebd9370 050a6633866e305889a262b41eaba67789b351026d1b88bd0a1e1892b38c4ace Loading...

	www.gico.co.cr/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5	21 kB	2023-03-07	2024-04-21
Pretty URL www.gico.co.cr/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:03 Last Seen2024-04-21 14:32:35 Times Seen2012 Hash 5a627237805ba8fde358e571c3333197 b7365a7674259f505dc10e24e1b06c7e64555ed1 43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf Loading...

	www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js	409 kB	2023-03-08	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash b2507198388fcc94ca9e94ed4c5561c5 8853fc86f1c616bd20a73e3e24442036fd90fd2f 02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0 Loading...

	www.gico.co.cr/wp-includes/js/masonry.min.js?ver=4.2.2	24 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/masonry.min.js?ver=4.2.2 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2024-04-25 07:52:27 Times Seen15267 Hash 3b3fc826e58fc554108e4a651c9c7848 76778fd446e2ff2377588a7b4ac4d79f258427c9 e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3	37 kB	2023-03-08	2024-04-20
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:02 Last Seen2024-04-20 17:18:55 Times Seen149 Hash 52795075b9afac9f91e009052a222927 e62fb45a50c2c2cf090dc43eeda429baf3e3cffc 629b2198d95993211a7cd1ae81812bafd2a6b9a1566396e3bcf044ae55f7bc5c Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2	17 kB	2023-03-08	2024-01-13
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:01:18 Last Seen2024-01-13 16:34:44 Times Seen17 Hash 5cc0d43e33ab38103f60e4db7812e77c da7c40d45d5ff75044a5e955ba5bd8fbd9d9daec 390949d883dd16906ee25c7318787789599b9f1ad090675889a322b07dbb5aef Loading...

	www.gico.co.cr/wp-includes/js/jquery/jquery.min.js?ver=3.6.0	90 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 04:54:53 Times Seen31823 Hash 02dd5d04add4759122013c5ab4dc5cc2 a45a56e396ac549b4ff39b696ce9e0c16a7612de bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea Loading...

	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6	16 kB	2023-03-08	2023-10-20
Pretty URL www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:34:53 Last Seen2023-10-20 06:12:32 Times Seen21 Hash d175e1165ab5c84a3143148c4a81831c d3f08bc09805480b76486099f11c1725866605f4 bb901ca87364109a9a9001663c01041a74afd1456c2a129658d532de87800952 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	128 B	2023-03-09	2023-03-11
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-11 13:53:44 Times Seen1 Hash 21823b172cffdfc93f615defb1ce1f06 4ff0420e668e305f8cc74d0a6d45de044a5a2ccd 9a97c82de4d1bf8cdb5d490859c413fa36ad57f709a4bbcf50d9d6e02558da0f Loading...

	www.gico.co.cr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1	12 kB	2023-03-07	2024-04-19
Pretty URL www.gico.co.cr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:09 Last Seen2024-04-19 15:34:19 Times Seen2426 Hash 862c82d8373e4d69aa5af6c994389bda 042bb60eee9e7dbffcbd43d529517e562f97f455 d0ba7e2275cddbdf3d2473a60565d950efb8474ba7bda393cc64f56ff39d85ce Loading...

	www.gico.co.cr/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0	16 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-25 08:07:38 Times Seen1694 Hash 38400d9c6ba7d41239fccfaa9f523558 fe9a1548961441ce82e5399444f2be5408d2644c 293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b Loading...

	www.gico.co.cr/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0	331 B	2023-03-07	2024-04-24
Pretty URL www.gico.co.cr/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:26 Last Seen2024-04-24 23:48:40 Times Seen1170 Hash f0cba76b7742df5f4c51e5b1d106c1a7 ad223c79db3073aa58d3414ddfcf055a48796029 b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&co=aHR0cHM6Ly93d3cuZ2ljby5jby5jcjo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=efde8br3qae7	37 kB	2023-03-09	2023-03-09
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&co=aHR0cHM6Ly93d3cuZ2ljby5jby5jcjo0NDM.&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=efde8br3qae7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-09 00:24:07 Times Seen1 Hash 1f153f59260d8617094f37b3a0915891 5d93e3865b5e64cd2fca3431bb674db704983d3d 04a1fe0844fe8b423cf74e21d3c468f2b4b2100bf6d4e8d6a9b33be345b0cfe1 Loading...

	www.gico.co.cr/wp-includes/js/imagesloaded.min.js?ver=4.1.4	5.6 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/imagesloaded.min.js?ver=4.1.4 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:40 Last Seen2024-04-25 06:13:10 Times Seen30967 Hash 3a56752b736635bf69cb069b8818cbfd 42e0951fe74bb3f56a30f51291823bcd4a84d76e ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0	60 kB	2023-03-07	2024-04-22
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:16 Last Seen2024-04-22 15:06:55 Times Seen1608 Hash d247c9568e051b91d27ba6901447e8b0 25fbb66bc92f7538edab6575cf57c4391d7adb17 2c991660c701f37fb337c54edc49d2a0d607881a3dde688e178ed97ec3d23434 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2	15 kB	2023-03-08	2024-04-20
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:02 Last Seen2024-04-20 17:18:55 Times Seen167 Hash f4edbe362687b90ce352ea52bf8dea08 d969354cc3e72c89eb55cc1ee136a40c34d8a2db be1ef55f9d84c0b8f8e71ba9eb7f9276728ff76691b59a6fed4da14388b6a2c8 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	145 B	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:22 Last Seen2024-04-25 08:48:28 Times Seen3481 Hash 09c7a3dbfcd65973e5cbdb48c5460c07 086b7a4ac6632ec06f2f0e68f4ff3fcfc9a1c71c d81a9dc0c33559bfacc014a5216f454c40183312addc9623d3da987650cd56f3 Loading...

	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6	18 kB	2023-03-08	2024-01-27
Pretty URL www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:34:53 Last Seen2024-01-27 07:42:15 Times Seen76 Hash 6b8c8ac0b6717d307ea592c2161f52ec d415cbc63c2334cee1864fb677c755f708b0bcfc f4d4a1590381bbddf2197ceae7b0f6ec48ff4e719fe9d6a406e9e0381a191bc0 Loading...

	www.google.com/recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0	884 B	2023-03-09	2023-03-11
Pretty URL www.google.com/recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0 IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-11 13:53:43 Times Seen1 Hash db41dc86632fb22495fb886110302f40 27ea970de41f829c905a562ca5266e9d2a98f4a8 d1233574749a2c9eaf073536010713897ee8cf42dc828775dff6e8b061a85389 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	152 B	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-25 08:48:28 Times Seen19910 Hash b8c40bf7c92768058d743847cccdb147 4fbbbcb2dda4d05e2e58bf43330c559b4165fc0b 7872ff233c7b2bfa962f491d0575e71f0b0b487bc63899ff4c72c7c9d5197688 Loading...

	www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6	9.3 kB	2023-03-09	2024-02-13
Pretty URL www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2024-02-13 04:12:48 Times Seen3 Hash 6c9e1e29ea9e791a5afbdc73c0f17d37 f7e1b3ae2fe00136a5906d54f2b5bad357226a7b ab2ffe49133a61b81d5821173010b93ece536ae597ca010c77abc2d318a35a88 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	125 B	2023-03-07	2024-04-08
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:44:09 Last Seen2024-04-08 17:30:56 Times Seen59 Hash 1ef245d4853d38b62fe48ab830efe40c 92f9e3a2a69e1bf5d2720cd781e8fd5a015f6391 1b422dabd9f63ce748d66bcc14fa0ff0d914db3687f810f21475a31b0b295098 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6	3.4 kB	2023-03-08	2024-04-20
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:03:02 Last Seen2024-04-20 17:18:54 Times Seen116 Hash b26f709eebe2d814642a0064c03bdde1 e35668566c85d8cf0de533b8fc06bdd1653faa88 aa6140aec193d9e10ee4afe5e8f2188955869fcd8b0c30be690c34c5e710b00f Loading...

	www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1	2.1 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-25 08:48:30 Times Seen22393 Hash b72c1cbb1530a011a27bd9800f26765a 27b825c5d8255f33b8427a059d4545ebd65e1746 a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6	43 kB	2023-03-09	2023-03-11
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-11 13:53:43 Times Seen1 Hash 9243086d57b887f55e4517059ca84d29 47a5a6e4a2a74cb5d1dd2b35990abd7eda1709cd 8e93603a513ebf0df6eeb0b6308dfd687bc37deaf71e8631acc5dc63c1ae16ab Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3	2.1 kB	2023-03-08	2024-02-14
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:01:18 Last Seen2024-02-14 03:49:14 Times Seen9 Hash d439ed819215f6effd1102a775115d7a 7579229e06fe18f44d80e47493cf2a00fb183535 ffb93107a1cfd4deae073d4d0208b5c7e249f42eeba494d468ec46ad52a0f1c3 Loading...

	www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0	42 kB	2023-03-07	2024-04-24
Pretty URL www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:32 Last Seen2024-04-24 19:09:55 Times Seen1379 Hash 5b23ded83b6a631b06040ed574e43dd6 554d5d9da772b0145af586fc73e7e23403aef9d5 c24ed0313cd813b049be4a3d06ccb03f34662b3842b4840a4ee37afc1f6c466c Loading...

	www.gico.co.cr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 06:13:12 Times Seen68612 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	259 B	2023-03-09	2023-03-11
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-11 13:53:43 Times Seen1 Hash a47699898cab47dbe16fd5b463cf7138 3380e42a7d44ef99a5b03dd12d9c4fb955e2200e 5d65e20637d3ec84a9731920901c343e13ede0cfa97af21647b375b64b28dbfe Loading...

	www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC	1.6 kB	2023-03-07	2024-03-13
Pretty URL www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:22 Last Seen2024-03-13 20:51:38 Times Seen39 Hash b6be661b692e1cf52a715d67e81a22ce 96fd5b7e283dfb580b69f6fc97b05a22bb6f1dce f4b27c4d9819711ff54fcdddd8e4b2b83d46df6f294bbaabae30c9cabfead130 Loading...

	www.gico.co.cr/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7	6.4 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-04-25 08:07:38 Times Seen3662 Hash 8fe2803a01c9fa77cb1a2618c3552dce 2230dd8f0604e4328e7c2a3f9437a6bf2986f592 e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7 Loading...

	www.gico.co.cr/wp-includes/js/wp-embed.min.js?ver=5.8.6	1.4 kB	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-includes/js/wp-embed.min.js?ver=5.8.6 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:18 Last Seen2024-04-25 08:07:38 Times Seen6876 Hash 905225d5711b559d3092387d5ffbedbd 6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Loading...

	www.gico.co.cr/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5	992 B	2023-03-07	2024-04-25
Pretty URL www.gico.co.cr/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5 IP 23.253.85.69 ASN #33070 RMH-14 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:51 Last Seen2024-04-25 08:48:30 Times Seen6812 Hash 787fe4f547a6cb7f4ce4934641085910 c2dee88d5bdfef214ce9c56f71a1df51cda0f328 654aaebdea944313257827be97eb196a8218a2cdfc9ba399db23e2cd4c02bd79 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5bd210fff45cf96ffcf0bb9123070d51	16 kB	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash 5bd210fff45cf96ffcf0bb9123070d51 09f3615c3096b1c7b413dbe39439be8f82d1eeef 0d4559ba47020dfb3d3229a79fae241152a0337f86a9c8a01bd5add41c1753b7 Loading...

	#2 Eval - 7546d586009a38cbd29272d8183762c3	22 kB	2023-03-09	2023-03-12
Pretty Observations First Seen2023-03-09 00:24:07 Last Seen2023-03-12 19:55:36 Times Seen1 Hash 7546d586009a38cbd29272d8183762c3 e35dc799522a20296da1dd4315233920c56565eb 1e57965e8a5bd539beb3a9b7a4bcf5e4e50ed39340958c494ba819e8f7dd7631 Loading...

	#3 Eval - a67bad065c725f1d42d6eb83f626f676	64 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash a67bad065c725f1d42d6eb83f626f676 ecd1fed4bbaacbf771ba634b4616d2bebcba57cb cc158dc49db31ac40a09769c14f1e96ce12d8ee44ddb54a5321c32cd0536ef78 Loading...

	#4 Eval - 0d2fca76a746941a17fa7dcf80dfc0c2	22 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash 0d2fca76a746941a17fa7dcf80dfc0c2 a4d2a22237d8b10b7b611764266911ef1933bbd7 2ed176c7f9d5b3c8ca6ccdb0e994b6ddc34944c41fc4db7451fd7a3d27fed6f1 Loading...

	#5 Eval - c9257e927ccf8069f3dcfb01c9234d09	22 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash c9257e927ccf8069f3dcfb01c9234d09 921955c8df691f30a12542510f33856a4cb972cb 9bb0c662c12831d4a6a9d504b2534e28f08b91591da1303a05ad2b3e12a6e49e Loading...

HTTP Transactions (100)

URL IP Response Size

www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC

23.253.85.69

301 Moved Permanently

528 B

URL HTTP/1.1
www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (370)
Size
528 B (528 bytes)
Hash
531057e59d235782f032aba0b4a7cd52
515293c0a22709aa33e49ada0fa27b0877974ae5
ba94bb2564e370beba7ad1386e2cc6c23783d883e772d521695414c2b5a51640

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 20:09:17 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Content-Length: 528
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8634
Expires: Fri, 09 Dec 2022 22:33:11 GMT
Date: Fri, 09 Dec 2022 20:09:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5668
Expires: Fri, 09 Dec 2022 21:43:45 GMT
Date: Fri, 09 Dec 2022 20:09:17 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 20:08:20 GMT
content-type: application/json
age: 57
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2473
Expires: Fri, 09 Dec 2022 20:50:30 GMT
Date: Fri, 09 Dec 2022 20:09:17 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: aVbUYz/jPX+JNL6GfeT6MYpdMXiw4ZESaobA2gTCrhQ2EMIQlwygIEdNMK6es1+FH+rBzQ0Swls=
x-amz-request-id: RMNFDT8XQ4XTJHPC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 19:48:29 GMT
age: 1248
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 20:09:17 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 19:33:13 GMT
age: 2165
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2815
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:18 GMT
Last-Modified: Fri, 09 Dec 2022 19:22:23 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.51.98

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.51.98:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EQkQNZyGgL84Sw4CJu4yog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tOibNIxVOdjzjqJeYUoLjFHzVnw=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16460
Expires: Sat, 10 Dec 2022 00:43:39 GMT
Date: Fri, 09 Dec 2022 20:09:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16460
Expires: Sat, 10 Dec 2022 00:43:39 GMT
Date: Fri, 09 Dec 2022 20:09:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16460
Expires: Sat, 10 Dec 2022 00:43:39 GMT
Date: Fri, 09 Dec 2022 20:09:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5188 bytes)
Hash
fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 80275
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5169 bytes)
Hash
06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:46:15 GMT
age: 55384
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12748 bytes)
Hash
730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 12:33:36 GMT
age: 27343
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 59453
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 46520
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 46564
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

23.253.85.69

404 Not Found

32 kB

URL HTTP/1.1
www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2501), with CRLF, LF line terminators
Size
32 kB (31487 bytes)
Hash
0074d6aa3f959e206b1ace6ef71530a0
a10e90945fc069d178d62c1aefab81b7b9f3bfbc
dc7a6c2550addaa3211ba3dc96a6ea7b7a2b7d4b2618b96b3085497629b076f6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 20:09:17 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.gico.co.cr/wp-json/>; rel="https://api.w.org/"
X-TEC-API-VERSION: v1
X-TEC-API-ROOT: https://www.gico.co.cr/wp-json/tribe/events/v1/
X-TEC-API-ORIGIN: https://www.gico.co.cr
Set-Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396; path=/
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1

23.253.85.69

200 OK

5.3 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (5305), with no line terminators
Size
5.3 kB (5305 bytes)
Hash
ee78f26525b08d4e372b92a1a3ed1d26
b4dbb4706c8a479b3891cbeddf19e162e36bd61a
7fcaa4d432eb8627f0ab7efdc3ce11a4e593f29443fc6bb1888f4955c55f868b

HTTP Headers

GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:45 GMT
Accept-Ranges: bytes
Content-Length: 5305
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.css?ver=1.7.6

23.253.85.69

200 OK

3.0 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.css?ver=1.7.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (2996), with no line terminators
Size
3.0 kB (2996 bytes)
Hash
e40016819c0cee76171d64700f5cc56f
f9d442bbd3f527e3ed107964b5afdc3f63c26a42
9fd84e091cfddfb8149de5d228510d37bb3cae096acb13c3d037420259a133bc

HTTP Headers

GET /wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.css?ver=1.7.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 2996
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6

23.253.85.69

200 OK

81 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text, with very long lines (33376)
Size
81 kB (80574 bytes)
Hash
43c4bc05b5e3b0a6684a7c3a52e63590
ed6d95d525a710a82e8b8583e9ba7bce3b2a4722
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:19 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:10 GMT
Accept-Ranges: bytes
Content-Length: 80574
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gico.co.cr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1

23.253.85.69

200 OK

2.7 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
2.7 kB (2731 bytes)
Hash
e6fae855021a88a0067fcc58121c594f
6299ac3987b5e81725781799dad361d19ac3b99d
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:53 GMT
Accept-Ranges: bytes
Content-Length: 2731
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0

23.253.85.69

200 OK

28 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (27709)
Size
28 kB (27760 bytes)
Hash
e166554d9568a75420df25df66eee803
188cf85ac6df9b1175d26c527f39826216cce272
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c

HTTP Headers

GET /wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:32:07 GMT
Accept-Ranges: bytes
Content-Length: 27760
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.7

23.253.85.69

200 OK

289 B

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.7
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with CR line terminators
Size
289 B (289 bytes)
Hash
06e5b21cbcff813c4731edf288388ba4
697133e0e3ea0a896f5a45023887d9345304afd0
f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.7 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:54 GMT
Accept-Ranges: bytes
Content-Length: 289
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.8.1

23.253.85.69

200 OK

18 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text, with very long lines (17923), with no line terminators
Size
18 kB (17925 bytes)
Hash
1cbcc9e85ba99c007f519bf1a67feb58
82d238c9b2a1797c0ad785c01309c49dc1f302af
48052f6267b2e21fb086ad26457c715b3b8b5e8c6fcbcdea42589da06b05e9be

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 17925
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-includes/css/dashicons.min.css?ver=5.8.6

23.253.85.69

200 OK

59 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/css/dashicons.min.css?ver=5.8.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (58981)
Size
59 kB (59016 bytes)
Hash
d68d6bf519169d86e155bad0bed833f8
27ba9c67d0e775fc4e6dd62011daf4c3902698fc
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/dashicons.min.css?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:10 GMT
Accept-Ranges: bytes
Content-Length: 59016
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0

216.58.207.228

200 OK

584 B

URL HTTP/2
www.google.com/recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (884), with no line terminators
Size
584 B (584 bytes)
Hash
29141215a6f0f4123de4c69704088ecb
0f8aa369e91da1be8816b55482313d41fdfcaa2c
5b378a9e1bb07a2d3252817c06519a43d5b28ee20682710731f2e9d2eac0a72a

HTTP Headers

GET /recaptcha/api.js?render=6LfDodIZAAAAAIpTom1Xl20y9eP7GX5W8wV8XG3_&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 09 Dec 2022 20:09:20 GMT
date: Fri, 09 Dec 2022 20:09:20 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5496e18a30e039b44989d9a0e932d4bc
c5bfb1b9ce711e38d69e78486017f07cc47fe04a
26a3ad286e479cdabfcbb5a9d3fada211c73650628a35c80944b0e7e8aad27e0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1

23.253.85.69

200 OK

198 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size
198 kB (198045 bytes)
Hash
8fdf21964b6bd60a1b46eda830ce4de7
4f11c73619006e34bdfdd49eb27e01802ee577cf
1c75b8cb0139f8c0820414597288c45de53329781acd3badb4fcd9cac7dc0dd4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:45 GMT
Accept-Ranges: bytes
Content-Length: 198045
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5

23.253.85.69

200 OK

31 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (30449)
Size
31 kB (30611 bytes)
Hash
17d35b1ddb5a58cc19379d19f22b9fdc
29ada89a0d529ff139afc0b58fac96471ece2853
8cdc53975174314cc55ef7ca7ee80afbf80e724452e4b0fc7e4bea1e43ad4f59

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 30611
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/themes/bubulla/assets/css/plugins.css?ver=1.0.6

23.253.85.69

200 OK

29 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/css/plugins.css?ver=1.0.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (29027), with CRLF line terminators
Size
29 kB (29186 bytes)
Hash
f57ebe59dbe8d8bd75435d37249ec85a
8034d7885db8862424faa7ad8fdeca892e170ed1
219874a2386227662b35c23e9224d02837a598ea7b5467b85338141ca3e8074f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/css/plugins.css?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 29186
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.8.1

23.253.85.69

200 OK

63 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text, with very long lines (62789), with no line terminators
Size
63 kB (62803 bytes)
Hash
7892d7349e74e7dd7fae386eda2dded7
bd31f749a68bfffc0ba299d94b5de5d3803d9b9b
37811d4d55ec74751bcaa643b3a9798f1d577ac2910b63c6ca202c2e36544e05

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 62803
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/uploads/js_composer/custom.css?ver=6.0.5

23.253.85.69

200 OK

4.3 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/uploads/js_composer/custom.css?ver=6.0.5
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with CRLF line terminators
Size
4.3 kB (4321 bytes)
Hash
d92e6b3d61fbc7e795913f574f0ce6e3
4d981f28ffb37b397ebc3ac6133e70f3988b8e3e
c517b1be11c52584948297e5fe2b131b44163b900c591d4c958d7d0859c5317d

HTTP Headers

GET /wp-content/uploads/js_composer/custom.css?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 21 Aug 2020 22:00:09 GMT
Accept-Ranges: bytes
Content-Length: 4321
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/themes/bubulla/assets/css/bootstrap-grid.css?ver=1.0

23.253.85.69

200 OK

132 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/css/bootstrap-grid.css?ver=1.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (65371)
Size
132 kB (132048 bytes)
Hash
0ab07676629a8552bcf577643d1783b4
bf9e853d04fd510156d976aefcfb7e222bb6d3f9
43eca4c35cb0bf12ed7ac1994621e331c1d52ddef9eed9bf71df9e351d5a7ca2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/css/bootstrap-grid.css?ver=1.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 132048
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24

23.253.85.69

200 OK

31 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 31000
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/themes/bubulla/style.css?ver=1.0.6

23.253.85.69

200 OK

700 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/style.css?ver=1.0.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (324)
Size
700 kB (699753 bytes)
Hash
e3379d1aab626409922b32dafcad7ecc
9141128f04009baa68939f1a3d345386bb048424
4767f859daa15166a94c76edc75a14b6e639755a0abc8d90d0480647917c5fb1

HTTP Headers

GET /wp-content/themes/bubulla/style.css?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 699753
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/entypo/css/entypo.css?ver=2.7.24

23.253.85.69

200 OK

18 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/entypo/css/entypo.css?ver=2.7.24
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text
Size
18 kB (17583 bytes)
Hash
9594655f9fe588ca0ece3ecb666770d7
069db3bd054b0e45d9047c6e080f75fb4da330ba
aabe87d453223c03579e252429384f042b11b54385fec1207050741ed34f4998

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/unyson/framework/static/libs/entypo/css/entypo.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 17583
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/lnr/css/lnr.css?ver=2.7.24

23.253.85.69

200 OK

7.4 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/lnr/css/lnr.css?ver=2.7.24
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (7191)
Size
7.4 kB (7354 bytes)
Hash
ec26292e52e5bc20624b029974bd0adf
3756375bb053b0f3f62303597d844f70cef1b5e0
31ca8fc4bb190118851959f282909af4a8f6e782b69dcfbe00094ffc010878b3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/unyson/framework/static/libs/lnr/css/lnr.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 7354
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/linecons/css/linecons.css?ver=2.7.24

23.253.85.69

200 OK

151 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/linecons/css/linecons.css?ver=2.7.24
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (65421)
Size
151 kB (150962 bytes)
Hash
0afc880eee87a9050231d80f2a6b6f9b
42b1e67227ce13db98956e7cbdd8de815d4202f4
ef510109927a4d8a4b23b7a81d7dd72772f9f1d586d5bd0ce87456363fed5e52

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/unyson/framework/static/libs/linecons/css/linecons.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 150962
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6

23.253.85.69

200 OK

18 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (15224)
Size
18 kB (18181 bytes)
Hash
116c86c56f8db0bb63f15ceda50fdc98
75e308982ecf7cd43644b8b426e6aa1a0b0fbe26
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 18181
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/typcn/css/typcn.css?ver=2.7.24

23.253.85.69

200 OK

23 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/typcn/css/typcn.css?ver=2.7.24
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text
Size
23 kB (22681 bytes)
Hash
ee24d44ce56c3f963c4560470cf27c03
48ead615cfeb7b7039734d5a61095c4ba1d63bfd
c5deae741af05992589255c23f97b656b9fc732e5561754be87865bb3cec9599

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/unyson/framework/static/libs/typcn/css/typcn.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 22681
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/unycon/unycon.css?ver=2.7.24

23.253.85.69

200 OK

37 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/unycon/unycon.css?ver=2.7.24
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
37 kB (36875 bytes)
Hash
bdfa91a5b34d7d79209bf17318efa6f4
a11d2c0206bd2d098d5dc6b0b3b6a273822a657b
13c046ee44f52826410b7f81efc181c744a710583aff41777a7e8eabc784b416

HTTP Headers

GET /wp-content/plugins/unyson/framework/static/libs/unycon/unycon.css?ver=2.7.24 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 36875
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/uploads/2018/02/ltx-bubulla-codes.css?ver=1.0.6

23.253.85.69

200 OK

1.8 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/uploads/2018/02/ltx-bubulla-codes.css?ver=1.0.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text
Size
1.8 kB (1767 bytes)
Hash
773fcb757ab97766e6b906b80bec8150
d37566ecbbd4cdb342e483154a2aa050aa86c37e
664cdc88c8f114e8547c5a6e00a7740a36ffa021c000125bb55637a94f07ec65

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/uploads/2018/02/ltx-bubulla-codes.css?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 26 Mar 2020 18:05:02 GMT
Accept-Ranges: bytes
Content-Length: 1767
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/themes/bubulla/assets/css/magnific-popup.css?ver=1.1.0

23.253.85.69

200 OK

7.0 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/css/magnific-popup.css?ver=1.1.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
7.0 kB (6951 bytes)
Hash
30b593b71d7672658f89bfea0ab360c9
d6963db6faa9294387bb3175813a61bc3f859437
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/css/magnific-popup.css?ver=1.1.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 6951
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

23.253.85.69

200 OK

11 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (11126)
Size
11 kB (11224 bytes)
Hash
79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 11224
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

23.253.85.69

200 OK

90 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (65447)
Size
90 kB (89521 bytes)
Hash
02dd5d04add4759122013c5ab4dc5cc2
a45a56e396ac549b4ff39b696ce9e0c16a7612de
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 89521
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1

23.253.85.69

200 OK

9.5 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (9151)
Size
9.5 kB (9545 bytes)
Hash
2e96f622673104a3fb67ab56f849c073
f4c17ae4709cad9bc997357581f4e30fc4bbee2c
b49498d1142de7f2e16afc2cd4250d2ba30c5df4de5d291f51d7cf69727efdbe

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:20 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 9545
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5

23.253.85.69

200 OK

992 B

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
992 B (992 bytes)
Hash
787fe4f547a6cb7f4ce4934641085910
c2dee88d5bdfef214ce9c56f71a1df51cda0f328
654aaebdea944313257827be97eb196a8218a2cdfc9ba399db23e2cd4c02bd79

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 992
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1

23.253.85.69

200 OK

3.0 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
HTML document, ASCII text, with very long lines (3037), with no line terminators
Size
3.0 kB (3037 bytes)
Hash
8bc2109ef48cabf7a26b73d7c3536c5f
0e0dfee3a3975eafc3dd55f190d1deb3c6c55d3b
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 3037
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2

23.253.85.69

200 OK

15 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
HTML document, ASCII text, with very long lines (14738)
Size
15 kB (15395 bytes)
Hash
f4edbe362687b90ce352ea52bf8dea08
d969354cc3e72c89eb55cc1ee136a40c34d8a2db
be1ef55f9d84c0b8f8e71ba9eb7f9276728ff76691b59a6fed4da14388b6a2c8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/modernizr-2.6.2.min.js?ver=2.6.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 15395
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6

23.253.85.69

200 OK

16 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (15255)
Size
16 kB (15450 bytes)
Hash
d175e1165ab5c84a3143148c4a81831c
d3f08bc09805480b76486099f11c1725866605f4
bb901ca87364109a9a9001663c01041a74afd1456c2a129658d532de87800952

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax.min.js?ver=1.12.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 15450
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6

23.253.85.69

200 OK

18 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (18238)
Size
18 kB (18445 bytes)
Hash
6b8c8ac0b6717d307ea592c2161f52ec
d415cbc63c2334cee1864fb677c755f708b0bcfc
f4d4a1590381bbddf2197ceae7b0f6ec48ff4e719fe9d6a406e9e0381a191bc0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/advanced-backgrounds/assets/vendor/jarallax/jarallax-video.min.js?ver=1.12.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 18445
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.35

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:11 GMT
expires: Sat, 09 Dec 2023 13:33:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
age: 23770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4

23.253.85.69

200 OK

3.3 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (3252)
Size
3.3 kB (3291 bytes)
Hash
82325c0d35b7a9c63a3eee37615659ce
a3fb49f67fb27d5025f73f205c84e1ae0a9d9cd3
37217cfedb39356d2a0fd317e4a8ee87d225f4364e3afc7473ab5a8e7d97ec64

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/advanced-backgrounds/assets/vendor/object-fit-images/ofi.min.js?ver=3.2.4 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 3291
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6

23.253.85.69

200 OK

9.3 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (9217)
Size
9.3 kB (9278 bytes)
Hash
6c9e1e29ea9e791a5afbdc73c0f17d37
f7e1b3ae2fe00136a5906d54f2b5bad357226a7b
ab2ffe49133a61b81d5821173010b93ece536ae597ca010c77abc2d318a35a88

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/advanced-backgrounds/assets/awb/awb.min.js?ver=1.7.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:30:06 GMT
Accept-Ranges: bytes
Content-Length: 9278
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5

23.253.85.69

200 OK

485 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (65358)
Size
485 kB (484857 bytes)
Hash
496827eca918d8d4a7d12c6dfc32715f
6b3c201784de091299d175c8009942ebeb553144
bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 484857
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:09:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gico.co.cr/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7

23.253.85.69

200 OK

6.4 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (6406), with no line terminators
Size
6.4 kB (6406 bytes)
Hash
8fe2803a01c9fa77cb1a2618c3552dce
2230dd8f0604e4328e7c2a3f9437a6bf2986f592
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7

HTTP Headers

GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 6406
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0

23.253.85.69

200 OK

331 B

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
331 B (331 bytes)
Hash
f0cba76b7742df5f4c51e5b1d106c1a7
ad223c79db3073aa58d3414ddfcf055a48796029
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608

HTTP Headers

GET /wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:32:07 GMT
Accept-Ranges: bytes
Content-Length: 331
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

23.253.85.69

200 OK

16 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Unicode text, UTF-8 text, with very long lines (16323)
Size
16 kB (16470 bytes)
Hash
38400d9c6ba7d41239fccfaa9f523558
fe9a1548961441ce82e5399444f2be5408d2644c
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:29:11 GMT
Accept-Ranges: bytes
Content-Length: 16470
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2

142.250.74.35

200 OK

22 kB

URL HTTP/2
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21724, version 1.0\012- data
Size
22 kB (21724 bytes)
Hash
c3609c36a150ce088ea4dcab92b7c00b
0c18236a183e962533a4f61bff3ae2581313561a
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

HTTP Headers

GET /s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 06:53:52 GMT
expires: Sat, 09 Dec 2023 06:53:52 GMT
cache-control: public, max-age=31536000
age: 47729
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2

142.250.74.35

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7932, version 1.0\012- data
Size
7.9 kB (7932 bytes)
Hash
a7f7eebec745ef48ccf7a3d08c66d84a
2c5f99afe358a3e8570818a99646779aaa607587
6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7932
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 23:43:50 GMT
expires: Thu, 07 Dec 2023 23:43:50 GMT
cache-control: public, max-age=31536000
age: 159931
last-modified: Wed, 27 Apr 2022 16:10:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.35

200 OK

7.8 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:13 GMT
expires: Sat, 09 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
age: 23768
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gico.co.cr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1

23.253.85.69

200 OK

12 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
HTML document, ASCII text, with very long lines (11862), with no line terminators
Size
12 kB (11862 bytes)
Hash
862c82d8373e4d69aa5af6c994389bda
042bb60eee9e7dbffcbd43d529517e562f97f455
d0ba7e2275cddbdf3d2473a60565d950efb8474ba7bda393cc64f56ff39d85ce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:53 GMT
Accept-Ranges: bytes
Content-Length: 11862
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1

23.253.85.69

200 OK

1.8 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (1668)
Size
1.8 kB (1834 bytes)
Hash
d0a6d8547c66b0d7b0172466558d1208
ff93916519c7b9483251f609e4d29f38c30a66e3
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 1834
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1

23.253.85.69

200 OK

2.1 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (2139), with no line terminators
Size
2.1 kB (2139 bytes)
Hash
b72c1cbb1530a011a27bd9800f26765a
27b825c5d8255f33b8427a059d4545ebd65e1746
a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 2139
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1

23.253.85.69

200 OK

2.9 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (2938), with no line terminators
Size
2.9 kB (2938 bytes)
Hash
51af5d767f0300f23ecec6298b707395
5eb2d3d937fe0392a974937125d0420666b9396c
9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 2938
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-includes/js/imagesloaded.min.js?ver=4.1.4

23.253.85.69

200 OK

5.6 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (5477)
Size
5.6 kB (5629 bytes)
Hash
3a56752b736635bf69cb069b8818cbfd
42e0951fe74bb3f56a30f51291823bcd4a84d76e
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sat, 13 Jun 2020 18:53:27 GMT
Accept-Ranges: bytes
Content-Length: 5629
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1

23.253.85.69

200 OK

934 B

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (934), with no line terminators
Size
934 B (934 bytes)
Hash
ec0187677793456f98473f49d9e9b95f
8c55e0f4a29865e871f3d54be8d480a0665891d9
df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:01:53 GMT
Accept-Ranges: bytes
Content-Length: 934
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-includes/js/masonry.min.js?ver=4.2.2

23.253.85.69

200 OK

24 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/masonry.min.js?ver=4.2.2
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (23966)
Size
24 kB (24138 bytes)
Hash
3b3fc826e58fc554108e4a651c9c7848
76778fd446e2ff2377588a7b4ac4d79f258427c9
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

HTTP Headers

GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sat, 13 Jun 2020 18:53:27 GMT
Accept-Ranges: bytes
Content-Length: 24138
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

23.253.85.69

200 OK

1.8 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (1626)
Size
1.8 kB (1819 bytes)
Hash
cd0eb3406096ff80266e7c9d7d419186
0e3709691bf96233766de30e2fd473b84166c5b6
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 Aug 2016 18:55:30 GMT
Accept-Ranges: bytes
Content-Length: 1819
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0

23.253.85.69

200 OK

60 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (59928)
Size
60 kB (60010 bytes)
Hash
d247c9568e051b91d27ba6901447e8b0
25fbb66bc92f7538edab6575cf57c4391d7adb17
2c991660c701f37fb337c54edc49d2a0d607881a3dde688e178ed97ec3d23434

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/jquery.nicescroll.js?ver=3.7.6.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 60010
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6

23.253.85.69

200 OK

3.4 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (3256)
Size
3.4 kB (3355 bytes)
Hash
b26f709eebe2d814642a0064c03bdde1
e35668566c85d8cf0de533b8fc06bdd1653faa88
aa6140aec193d9e10ee4afe5e8f2188955869fcd8b0c30be690c34c5e710b00f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/jquery.matchHeight.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 3355
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3

23.253.85.69

200 OK

37 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (32033)
Size
37 kB (37045 bytes)
Hash
52795075b9afac9f91e009052a222927
e62fb45a50c2c2cf090dc43eeda429baf3e3cffc
629b2198d95993211a7cd1ae81812bafd2a6b9a1566396e3bcf044ae55f7bc5c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/bootstrap.min.js?ver=4.1.3 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 37045
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4

23.253.85.69

200 OK

9.8 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (9394)
Size
9.8 kB (9820 bytes)
Hash
f6e66cff994107cc9934906843970828
d446b100b89ed6d66b22090abf10af694ebd9370
050a6633866e305889a262b41eaba67789b351026d1b88bd0a1e1892b38c4ace

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/scrollreveal.js?ver=3.3.4 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 9820
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3

23.253.85.69

200 OK

2.1 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
2.1 kB (2116 bytes)
Hash
d439ed819215f6effd1102a775115d7a
7579229e06fe18f44d80e47493cf2a00fb183535
ffb93107a1cfd4deae073d4d0208b5c7e249f42eeba494d468ec46ad52a0f1c3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/parallax.min.js?ver=1.1.3 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 2116
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6

23.253.85.69

200 OK

43 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with CRLF line terminators
Size
43 kB (42673 bytes)
Hash
9243086d57b887f55e4517059ca84d29
47a5a6e4a2a74cb5d1dd2b35990abd7eda1709cd
8e93603a513ebf0df6eeb0b6308dfd687bc37deaf71e8631acc5dc63c1ae16ab

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/scripts.js?ver=1.0.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 42673
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2

23.253.85.69

200 OK

17 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
17 kB (16860 bytes)
Hash
5cc0d43e33ab38103f60e4db7812e77c
da7c40d45d5ff75044a5e955ba5bd8fbd9d9daec
390949d883dd16906ee25c7318787789599b9f1ad090675889a322b07dbb5aef

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/waypoint.js?ver=1.6.2 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 16860
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0

23.253.85.69

200 OK

1.3 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (1343), with no line terminators
Size
1.3 kB (1343 bytes)
Hash
5056cc8b8c300807b47af08ddffd4fea
8472dc4c10fda1fd630f541f215d28ccbcb3348f
8ab0b8c7e1fdfd0829989ab3ea5a575d87e4a153091431b221769e6423947b77

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/map-style.js?ver=1.0.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 1343
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0

23.253.85.69

200 OK

128 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (65270)
Size
128 kB (127934 bytes)
Hash
53fc0155c6c3cb55f34b749325ebb370
a0738b4767a38b90e17792041d648ed621dab2ae
b9c90c601bc81ad71ed8be557ff9b095de5aae947926e84011e2728cf65250a6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/swiper.min.js?ver=4.5.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 127934
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0

23.253.85.69

200 OK

42 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text
Size
42 kB (41730 bytes)
Hash
5b23ded83b6a631b06040ed574e43dd6
554d5d9da772b0145af586fc73e7e23403aef9d5
c24ed0313cd813b049be4a3d06ccb03f34662b3842b4840a4ee37afc1f6c466c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/jquery.magnific-popup.js?ver=1.1.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 41730
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6

23.253.85.69

200 OK

13 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (12827), with no line terminators
Size
13 kB (12827 bytes)
Hash
11671bd54d836396554c7668b4df527e
8ececb68e45b134bdb41486b402ccc24379f5552
7e4cde317fee330ea93a2244e0581a9e9f338f5885a5e75346edcefe991b2198

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/bubulla/assets/js/pace.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Oct 2021 00:22:28 GMT
Accept-Ranges: bytes
Content-Length: 12827
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-includes/js/wp-embed.min.js?ver=5.8.6

23.253.85.69

200 OK

1.4 kB

URL HTTP/1.1
www.gico.co.cr/wp-includes/js/wp-embed.min.js?ver=5.8.6
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (1391)
Size
1.4 kB (1426 bytes)
Hash
905225d5711b559d3092387d5ffbedbd
6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/wp-embed.min.js?ver=5.8.6 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 04:05:05 GMT
Accept-Ranges: bytes
Content-Length: 1426
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5

23.253.85.69

200 OK

21 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (20382)
Size
21 kB (20601 bytes)
Hash
5a627237805ba8fde358e571c3333197
b7365a7674259f505dc10e24e1b06c7e64555ed1
43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 20601
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript

www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

23.253.85.69

200 OK

77 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/plugins/unyson/framework/static/libs/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.gico.co.cr/wp-content/plugins/unyson/framework/static/libs/font-awesome/css/font-awesome.min.css?ver=2.7.24
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Oct 2021 03:31:56 GMT
Accept-Ranges: bytes
Content-Length: 77160
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: font/woff2

www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.8.1

23.253.85.69

200 OK

7.0 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.8.1
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
ASCII text, with very long lines (7043), with no line terminators
Size
7.0 kB (7043 bytes)
Hash
456663a286a204386735fd775542a59e
0a61620b88f4ae0fa7d71e2c7a014ea2c3ab5749
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.8.1 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Mar 2022 00:04:46 GMT
Accept-Ranges: bytes
Content-Length: 7043
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css

www.gico.co.cr/wp-content/uploads/2018/02/logo-gico.png

23.253.85.69

200 OK

7.2 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/uploads/2018/02/logo-gico.png
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
PNG image data, 325 x 161, 8-bit/color RGBA, non-interlaced\012- data
Size
7.2 kB (7230 bytes)
Hash
d8047e249d5b1f9cff29727948dbe0fe
3c1a36b85cdbb6ef819193c68271a8d00c93bf3d
327cb15e2d3effeb879ac7070a20f01fc9e55deb4e3a956be409d75f37dcb8e9

HTTP Headers

GET /wp-content/uploads/2018/02/logo-gico.png HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Mon, 30 Mar 2020 21:41:07 GMT
Accept-Ranges: bytes
Content-Length: 7230
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png

www.gico.co.cr/wp-content/uploads/2018/02/top.jpg

23.253.85.69

200 OK

258 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/uploads/2018/02/top.jpg
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x722, components 3\012- data
Size
258 kB (258006 bytes)
Hash
2ba7ece27a668ed1240bcddf997c1a93
936be2fb5bc0a64b04f0409e86b004deb66397e2
fadceb49e37b0e9ec9e4489caf924f7f86883a70f11c17787746973e2cdf3460

HTTP Headers

GET /wp-content/uploads/2018/02/top.jpg HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 13 Aug 2020 21:48:28 GMT
Accept-Ranges: bytes
Content-Length: 258006
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg

www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

23.253.85.69

200 OK

77 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.gico.co.cr/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.5
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Fri, 27 Mar 2020 23:20:49 GMT
Accept-Ranges: bytes
Content-Length: 77160
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: font/woff2

www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-192x192.png

23.253.85.69

200 OK

1.8 kB

URL HTTP/1.1
www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-192x192.png
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1763 bytes)
Hash
f8943f96cb07fed8546182bc731e50a0
9c1893d1da0114c9fbab33dff9ab7e62eb6f68a2
f162144ff07cb21404a5197205f7382209c0bd5f53c91b0335c64da82d5f5c50

HTTP Headers

GET /wp-content/uploads/2018/02/cropped-icon-1-192x192.png HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 Mar 2020 00:11:43 GMT
Accept-Ranges: bytes
Content-Length: 1763
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png

www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-32x32.png

23.253.85.69

200 OK

362 B

URL HTTP/1.1
www.gico.co.cr/wp-content/uploads/2018/02/cropped-icon-1-32x32.png
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
362 B (362 bytes)
Hash
aa81cfcb27cabca7583a71c1c47dd473
fe9821e03e7b1d841ca7012ad0efb14b97ec16aa
4a1aa22c683a9dd74f6c07c0238184b91ca5a00d988e49808e1391555b7c1604

HTTP Headers

GET /wp-content/uploads/2018/02/cropped-icon-1-32x32.png HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:22 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 Mar 2020 00:11:43 GMT
Accept-Ranges: bytes
Content-Length: 362
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png

www.gico.co.cr/?wc-ajax=get_refreshed_fragments

23.253.85.69

200 OK

300 B

URL HTTP/1.1
www.gico.co.cr/?wc-ajax=get_refreshed_fragments
IP
23.253.85.69:0
ASN
#33070 RMH-14

File type
JSON data\012- , ASCII text, with no line terminators
Size
300 B (300 bytes)
Hash
86c4cc563340688ca6b88893cb2a57a6
2da3a023d272f168897b669aa1de3e87e0b29aff
c3011c730bf1cb07eb5b7d87c91f9bcd2151f0a5b6b1fd07740c6b999a6561ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: www.gico.co.cr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://www.gico.co.cr
Connection: keep-alive
Referer: https://www.gico.co.cr/bell_billing_update/bell.php?myBell-LoginSCMYH1P0HGL4LQEKDUSKKOOWFAK1P3U6Q8HR0X3XPKIODU1O813L8ZYDKVKFJNLCA4CTOWNX9WZ-en_CA=8OWR789UHV19VTNP9FZXM3C634C7QRP77OPZAHX3Q9UBXMRJRWP1YQZZ2GWOPNIILFMMEZA348DKMIXPH-credentials=?GQ9RFOVR5SLEKMNV3H3L64D8WY5O2S1M3Y3L1N26QXYYTLAHU1ULNGX9CPZ07CNVAV3FW21T7N60CFC
Cookie: PHPSESSID=9336065c856d610a3b9ad96a14a2f396
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 20:09:21 GMT
Server: Apache
Access-Control-Allow-Origin: https://www.gico.co.cr
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Robots-Tag: noindex
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src http: data: 'unsafe-inline' 'unsafe-eval';
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7801 bytes)
Hash
8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 23:37:39 GMT
age: 73907
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins:400,200,400i,700%7CBarlow:400,700,700i%7CSacramento:400&subset=latin-ext

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Poppins:400,200,400i,700%7CBarlow:400,700,700i%7CSacramento:400&subset=latin-ext
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Poppins:400,200,400i,700%7CBarlow:400,700,700i%7CSacramento:400&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gico.co.cr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 20:09:20 GMT
date: Fri, 09 Dec 2022 20:09:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (54)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations