br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button
172.67.215.79301 Moved Permanently 426 B URL User Request GET HTTP/2 br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button
IP 172.67.215.79:443
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 130923bcd88540be36e37873b975f539
1f7ae2a356a470c75ac57278711c2202b1152f3c
914c785c09fd3b5a4fb037416917647dc043ac1577f68c2e425dcee68f89eaff
Analyzer Verdict Alert fortinet Phishing
GET /d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 25 May 2023 10:25:54 GMT
content-type: text/html; charset=iso-8859-1
location: http://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYsQn2lZjSTyN%2BkbgnQxJKDSjJ5lV5imzxdlIsUX696GwZt%2B2DcEfZfM5LIsz%2BIoZ%2Fb5%2BEU%2F4tzNrUwmuwQw98Niq9TQExGoTIRWs60uj7GUISdPhT6Gg%2FzgIa52PBn9uUB7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccd13b8d9bf0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
br2.3-1.services/d/mua/img/error.jpg
172.67.215.79200 OK 5.4 kB URL GET HTTP/3 br2.3-1.services/d/mua/img/error.jpg
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 195x194, components 3\012- data
Hash 845eeed3b61d4c19ed0059c42fa7fc2e
ace747921c0b92d8451a1562759c867296c31b44
f68c633109e951014c6c401f878be7196c8894f6723215afb18388dbbbb83f1d
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /d/mua/img/error.jpg HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: image/jpeg
content-length: 5363
etag: "14f3-5e17e6c0bd9e5"
last-modified: Wed, 15 Jun 2022 15:46:18 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYpjCTd3jW3aVddQqdff%2BBpkK2R1wzyrI3xLrbuCltwxGPP0OK1uNzBubQHKNShgK3VpvQC3ACfEXh%2BJtNIu4mI2WFLIAmRvvAJCpc5QqK0GDMX6pKARUFv3qfusU0mmXmsy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be190b1bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/img/con-a.gif
172.67.215.79200 OK 2.7 kB URL GET HTTP/3 br2.3-1.services/d/mua/img/con-a.gif
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type GIF image data, version 89a, 105 x 45\012- data
Hash f872304fe2a107a6173de48cb5933423
1b56bc602990ab48a25e40f07bfc1521c4235918
37f886a70c0f7e4dbf8b28312144c971b1da50ebae35b3527656703c8e7c8475
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /d/mua/img/con-a.gif HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: image/gif
content-length: 2716
etag: "a9c-5c583dd6452de"
last-modified: Thu, 24 Jun 2021 14:30:29 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQWjm0%2F832ZDBdq61Rvvax9UnL0J9RIocxkIoak1%2Fsf7%2BleHOTTCqZvQOUN2LotBzcYeRPjkLNrC38Qw3KRto0avfPn2oaG6mlcV0TUWoxFvARZYGsSOz5RpKKPjITh7ZlPF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be29121bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/img/info.jpg
172.67.215.79200 OK 3.4 kB URL GET HTTP/3 br2.3-1.services/d/mua/img/info.jpg
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 62x61, components 3\012- data
Hash 72f07f88a708281bb165235fb88649ee
d2e7284036b30a170dc68c2ad476d664234ed66c
13df691e5ad1109013261983ff6272aa37353f3b28525a9e8b0b29355a1ebec4
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /d/mua/img/info.jpg HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: image/jpeg
content-length: 3438
etag: "d6e-5e16ee581097a"
last-modified: Tue, 14 Jun 2022 21:14:56 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HwWrmYYwn4h%2F1qI%2BSq6gDkpgX1ptQpTWfxmbzlQujCvqGGLyeH3NNi4GRrXtnnm%2BDD%2F%2Bi9SgfnF18LMRZHvqHQ9VQMLc7oXofZ%2BFF9aMd3irIjvNJekm8a238auxA6NGdyXA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be290f1bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/img/logo.svg
172.67.215.79200 OK 2.5 kB URL GET HTTP/3 br2.3-1.services/d/mua/img/logo.svg
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (667)
Hash c049dccd21049cb237daabdb645ec648
e29af3f65a8312efd3ea4c3b66d4bd86657dde1b
2c7a6ea74a49a6adc3fad622078895e9b2589448214913d8c035764148aca7d0
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
fortinet Phishing
GET /d/mua/img/logo.svg HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: image/svg+xml
etag: W/"1b6c-5e154ddeab39d"
last-modified: Mon, 13 Jun 2022 14:11:40 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rrofI1ht6hyTMuoCqBVDRF3KjoCRLYm1IZDcG2nQf%2FInZlyVZfW2EkI5oSpG5NLXXFQtok%2BCpot0my2wqieNduL7lz4TLvmoT9kiADsfq7YAlGDJ3KbmmDlYyw6d9sE8kEa4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be08fa1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-font-face.min.css?token=45b9078c9f
172.64.203.28200 OK 1.1 kB URL GET HTTP/2 ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-font-face.min.css?token=45b9078c9f
IP 172.64.203.28:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15
ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (1560)
Hash 9e7f9f634ace089bcdacc3fcc5f23ce5
749f4e34ae36352df77b880b490a2c5ee91c9605
af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76
GET /releases/v6.4.0/css/free-v4-font-face.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://br2.3-1.services/
Origin: https://br2.3-1.services
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
etag: W/"9e7f9f634ace089bcdacc3fcc5f23ce5"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db92535f619848d07c0f5eb965b50adc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 8icUlBARBRO1trarbLEMWjin5Nn_oB-IIPSfRKg6bMWcYkFttUJN-w==
age: 19969
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Af1ougRhvJR%2FaUPC8vK6y5zJv3atEhfrEHlZy87HCYTdc3J0DAmQ%2Fu6udQS9uXpjSPD%2BeLq97pxra1%2F3rokPLR%2FgqiIO%2BgZezWtzBGxjdP6e9t6EAMA1WQMfSJNZ05c0AeWcN0tRHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccd13bf78224165-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
br2.3-1.services/d/mua/img/logo.png
172.67.215.79200 OK 9.5 kB URL GET HTTP/3 br2.3-1.services/d/mua/img/logo.png
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type PNG image data, 521 x 520, 8-bit/color RGBA, non-interlaced\012- data
Hash 2903c67701750d246b77ee1c1c9188f1
028e6e88d6563e81eb77807c38f401cf5e7f2be0
c2fd3f9e79070fdbcb7ed3270a428a6ecd22ae089ab6e573eb4dfe91079c41fb
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /d/mua/img/logo.png HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: image/png
content-length: 9489
etag: "2511-5d4eabfb95521"
last-modified: Thu, 06 Jan 2022 14:33:07 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GP7VzRK%2BhEQxU2HvgMqRBMV0OwjA74ce2UECw5skb12bdM8AZSR8EBKRYWSyEpNvi1Dan%2BGOD5%2FHG13qsD5VT8RB6ByLWxQj98ekLqGKKqwahGiTZOaXpnW5LKQGQKfN6DrQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13c31e171bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/img/lock.png
172.67.215.79200 OK 465 B URL GET HTTP/3 br2.3-1.services/d/mua/img/lock.png
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash e1fbae1c7cbb958401b23cc26991631b
51fc2948568be9ac415bb8d48171534c674d309d
022574e92ba7b69dd3e8f5da1882b053a893b97cf6bfe441753799dcc91655b6
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /d/mua/img/lock.png HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: image/png
content-length: 465
etag: "1d1-5e1672736e0fc"
last-modified: Tue, 14 Jun 2022 12:00:39 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y9TB0z2S3Z684ToTE%2BIOBFcQ0zS06nDKZcxlzOvPdV7fGCknhNO3KBiubI4bfsyx9Yor9Zftxqn2oUqrSM19OY5fxB3MfYOE%2BJduCdoxutHnxWBTdVUNAq5NHvYhF64eaBsq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13c09bae1bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
172.67.215.79200 OK 8.4 kB URL User Request GET HTTP/3 br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
IP 172.67.215.79:443
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (10101), with no line terminators
Hash 1fa191fa86e102b3b5bafcd229e699c0
f48f7db5e595e5c78a7011030e7ace3c00fcd7de
388457bb751d7eaff8c201c3b9a04b5fd2e597f60fed4d33b447fcb40df39c45
Analyzer Verdict Alert fortinet Phishing
GET /d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/ HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:54 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LtPSHOGUJ25jUk2uTrcQ6FLLQ%2F62Xctd7DEzInav%2BkOwnWFR2uz9O7hW1T7bgURhM3HuHAV89E6wx6qhypLxaHnodcuz%2FTlRnt4txOc%2F2q6PmSCBVTvccodrbiS2y58wbz8p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccd13baad691bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-shims.min.css?token=45b9078c9f
172.64.203.28200 OK 28 kB URL GET HTTP/2 ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-shims.min.css?token=45b9078c9f
IP 172.64.203.28:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15
ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (27377)
Hash 5193a6de5225940ae4ef5f7c82126be9
fa2c2bdb52e9923ccf3387c5908459c9d11bff63
425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575
GET /releases/v6.4.0/css/free-v4-shims.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://br2.3-1.services/
Origin: https://br2.3-1.services
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
etag: W/"5193a6de5225940ae4ef5f7c82126be9"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3c40a0775e2798dc9f20a237d0225e44.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: bZ8dorcumrjly3vc-lMWps2TimOiYCYfOIS-4yL_oSRuBHCrae28OA==
age: 19969
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Bes3liK0Zt%2BrXITuB7rvgBGeS87A3%2Ff7iSLKSYWRQtVgNd5LKU5eoh4Ru3ct%2BERihqd6Csfw5m0b4cjVpheRPeRSB9kcVy4RwYnPI6AAE8044nNbT0odK%2FFrWKL%2FuK3Fpu%2Ftk7hdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccd13bf78204165-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
br2.3-1.services/d/mua/js/jquery.jclock-min.js
172.67.215.79200 OK 3.3 kB URL GET HTTP/3 br2.3-1.services/d/mua/js/jquery.jclock-min.js
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type ASCII text, with very long lines (3485), with no line terminators
Hash 552f8daf31a5ada0cc58457b80523305
87a3070b3d7acf3f83ac22f1a2443199648f02e4
8c97612b3b2289ae2d216af6b4e69fb218d78cc2f6c48e05cabfe8bb3e841fe6
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
fortinet Phishing
GET /d/mua/js/jquery.jclock-min.js HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: application/javascript
etag: W/"d09-5c5831592d104"
last-modified: Thu, 24 Jun 2021 13:34:36 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9h8i%2FIHTJhZ76LRq15g5%2Bzu5bmIkE1sQqVNSGw5xm43jZ9rE6%2BVoVP4iufWKTpsqZo0NVZrMkFdc3V1EoMA6KzWdn2dM92BQVCYWnAx6AoK0DA75sSrKcNOvIB7Fdim663ak"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be08f81bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/js/functions.js
172.67.215.79200 OK 3.7 kB URL GET HTTP/3 br2.3-1.services/d/mua/js/functions.js
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type ASCII text, with very long lines (3882), with no line terminators
Hash b8c7a345d8f138cb36fae067adeba673
cbc5efeb3a227c7998c3c30288eca75bf9977673
35fbed899f30b0207c06f9af89e9e3ef37a1a9f98e666ca148da563d551ad0e4
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
fortinet Phishing
GET /d/mua/js/functions.js HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: application/javascript
etag: W/"e4e-5e1990f44be4b"
last-modified: Thu, 16 Jun 2022 23:33:05 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hVMfwfiZFmfy0v5fbJgOZEIEO0l%2FKq71eb%2F1GhGvNEAunP%2Fi8cnj7wNxAlQ%2FPpZBqmE8JJ8gRcY3U0lYg6AERFRw5Zc%2FNUAaKrw27LT3HzlESsR0cRb50%2FxHavK6gPasYAto"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be08f91bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ka-f.fontawesome.com/releases/v6.4.0/css/free.min.css?token=45b9078c9f
172.64.203.28200 OK 103 kB URL GET HTTP/2 ka-f.fontawesome.com/releases/v6.4.0/css/free.min.css?token=45b9078c9f
IP 172.64.203.28:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15
ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (65321)
Size 103 kB (102557 bytes)
Hash 5febfb939e2fc4ddf14fffae53b72cf0
e0e62217708a9cfd0b78a8574e07a66d95cf1344
fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1
GET /releases/v6.4.0/css/free.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://br2.3-1.services/
Origin: https://br2.3-1.services
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:21 GMT
etag: W/"5febfb939e2fc4ddf14fffae53b72cf0"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7fcc9354bd594831abf31608fb6cde60.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: CmbiAG0witLsoO0WU_Z85xSCSrLLD5jicOiKmu4LefuDj3wl_wqfXw==
age: 19969
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=if8%2B4au0xGICwOVWcuOj9sXBSFGC0e9P671HtlO2TlsAZjYXvuc4vsZ0jE1yVQv7CWVtUGE7LLxPsgEUoUXlwrH7wxnCeN7qNZrkHilMCjqfuNRLSDXW6Oio3Jyprh5vSbxDUKgPrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccd13bf68194165-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
br2.3-1.services/d/mua/js/jquery-3.6.0.min.js
172.67.215.79200 OK 90 kB URL GET HTTP/3 br2.3-1.services/d/mua/js/jquery-3.6.0.min.js
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
fortinet Phishing
GET /d/mua/js/jquery-3.6.0.min.js HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: application/javascript
etag: W/"15d9d-5c945fa21d180"
last-modified: Wed, 11 Aug 2021 10:21:10 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MclBPGztuC6eSbWiX8g3eCdexh935xfuaixQoMa%2FzpdxERlnzIkP%2BHEBuKVOJNp0J4GwrtzjFXcRg3Su%2B%2F8MFfnUf77I2zELybjXbY6EbcVT0kMB5HCGtGjBEcNz1W818s98"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be08f61bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ka-f.fontawesome.com/releases/v6.4.0/css/free-v5-font-face.min.css?token=45b9078c9f
172.64.203.28200 OK 823 B URL GET HTTP/2 ka-f.fontawesome.com/releases/v6.4.0/css/free-v5-font-face.min.css?token=45b9078c9f
IP 172.64.203.28:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint49:14:F2:7A:2C:AE:36:01:38:B7:F7:3D:DB:44:3E:3F:5C:FB:6B:15
ValidityFri, 12 Aug 2022 00:00:00 GMT - Sat, 12 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (845), with no line terminators
Hash 2294fec50bebe1dc04d4936722c3c08e
05902d67eb724a4569ceeadb7b4e1eef75c0efee
1a0aefc152cf12c1e6ea5027b3449b301fddc172a581b382ff69216cd2c26781
GET /releases/v6.4.0/css/free-v5-font-face.min.css?token=45b9078c9f HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://br2.3-1.services/
Origin: https://br2.3-1.services
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
etag: W/"5856e3f07fbc36fc4d430a95a577a87f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 6dcc614055ae7b26eae9b754199e9f94.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: zvURHL8MHFxFxR9nufmzhIN5J5g09ON5Qbm2x95MF4qcEJlHSdWqMg==
age: 19969
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CgJaX9ZUGjS80WSHPxHK4cydBoNSPMpfacuzZosbdiJmOaXhohLfuHex4X44jZ75gT2d6cbrvZmysXUsszEhCU3Ax%2FdNYWEi8LeitnhckBB6uSReHnUlkiRLTONHxszRAp9EWtPhZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13bf681d4165-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
images-cdn.info/444/image.gif
54.86.140.52200 OK 43 B URL GET HTTP/1.1 images-cdn.info/444/image.gif
IP 54.86.140.52:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoDaddy.com, Inc.
Subjectimages-cdn.info
Fingerprint9B:95:3E:E4:E8:F5:63:C3:BC:A0:E0:3A:CA:BD:74:8D:50:61:82:2E
ValiditySun, 30 Apr 2023 18:08:05 GMT - Fri, 31 May 2024 18:08:05 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /444/image.gif HTTP/1.1
Host: images-cdn.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 May 2023 10:25:55 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
br2.3-1.services/d/mua/fonts/opensans/CIBFontSans-Light.ttf
172.67.215.79200 OK 111 kB URL GET HTTP/3 br2.3-1.services/d/mua/fonts/opensans/CIBFontSans-Light.ttf
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 33 names, Macintosh, Copyright (c) 2019 by Vasava Studio. All rights reserved.\011CIBFont SansLight1.300;UKWN;CIBFont\012- data
Size 111 kB (110612 bytes)
Hash 69096387df83ff65381f8ee25006b0aa
89689ed7f7547a3815d9fa2d0a2c11513480086e
decf1c3cb09b3e38d867e0d5cf648220584404c9cf8d18a6c51bdfa2af5047cc
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
fortinet Phishing
GET /d/mua/fonts/opensans/CIBFontSans-Light.ttf HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/css/stylesheet.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: font/ttf
etag: W/"1b014-5c58324aacbc5"
last-modified: Thu, 24 Jun 2021 13:38:50 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bLGpzLY78x0MsN5rem6%2BO3cKd9iJ0BKRICo48%2BfWg7DqZtsKQyJNu7Okg5VDNZhiZFtjYy9yOB431d7YTvV%2BnP95UDwBMK%2BmEhVOZJZ%2F9s3Zu3UQ6Ak8HiEEhWzh5kLSiLK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13c09bb01bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
172.67.215.79301 Moved Permanently 8.4 kB URL User Request GET HTTP/1.1 br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
IP 172.67.215.79:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/ HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 25 May 2023 10:25:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 25 May 2023 11:25:54 GMT
Location: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=40TcybY64gP9w%2FvMEQ0x%2BU9vlL0ID83vuLrYN7YDfGuOaDoeyjIXKU7F1BsV6GcE9qtVfUa%2B%2Fl2jQlCqdQJlnifo9XxgB8vSTHJE44yKG8%2B8YtHzoJq2xbRDm7Gnj3F8M8Dc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ccd13ba497e0b65-OSL
alt-svc: h2=":443"; ma=60
kit.fontawesome.com/45b9078c9f.js
104.18.22.52200 OK 11 kB URL GET HTTP/2 kit.fontawesome.com/45b9078c9f.js
IP 104.18.22.52:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (11018)
Hash 46718f089e12e17bd2807cc2b8bf6bfb
dc5970ab5f46c72ef6fb8c80bce20eff184ae915
a24ec9deb5a81c70bdfdb743dd49f8c75ce7b3d30d75d0d1fd9b8a69b87774b1
GET /45b9078c9f.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://br2.3-1.services
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 10:25:54 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F2JCdgxMqfxKwYAb_uWC
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7ccd13be2ef50b45-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
br2.3-1.services/d/mua/css/stylesheet.css
172.67.215.79200 OK 2.9 kB URL GET HTTP/3 br2.3-1.services/d/mua/css/stylesheet.css
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type ASCII text, with very long lines (3126), with no line terminators
Hash 997ae37ceeacbd062fd1936a8cb50332
e37292cc1fdef4d71ac902383f5fba345b8f3749
f34be6d89d1ebb8a52e40ad2c961609bc7f21625c729aea6220d0eb45d15d0da
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /d/mua/css/stylesheet.css HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: text/css
etag: W/"b82-5e1560fba9d58"
last-modified: Mon, 13 Jun 2022 15:37:10 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dCdWAofY9UdlFvKjPc9iYYj%2F8eTDTju7qokEzruKUPLhYHqxMkygxaRUaUIwgB2bPsqPbDsyFoVLynTp67%2B6bHNQRf8txJN9A9rwMopJfS4ns0nF4uG0PJC5bAW2UcxOSAnu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be08f11bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/fonts/opensans/OpenSans-Regular.ttf
172.67.215.79200 OK 217 kB URL GET HTTP/3 br2.3-1.services/d/mua/fonts/opensans/OpenSans-Regular.ttf
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegular1.10;1ASC;OpenSans-R\012- data
Size 217 kB (217276 bytes)
Hash d7d5d4588a9f50c99264bc12e4892a7c
513966e260bb7610d47b2329dba194143831893e
13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
fortinet Phishing
GET /d/mua/fonts/opensans/OpenSans-Regular.ttf HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/css/stylesheet.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: font/ttf
etag: W/"350bc-5c5832684c4e6"
last-modified: Thu, 24 Jun 2021 13:39:21 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYFQhh3MWw0yTk23dWNzk63Xfe32BKAKZSdPDCQpJMv%2FIni19YWBV1IR3djyu%2Fl6fjMzoe6%2BBMX3W1MU%2BsvLcVbFAXyf2OvrTGyu4ynM8s858AoXWJn9cv9GWI95wk6UCbym"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13c09baf1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
br2.3-1.services/d/mua/css/style.css
172.67.215.79200 OK 6.0 kB URL GET HTTP/3 br2.3-1.services/d/mua/css/style.css
IP 172.67.215.79:443
Requested by https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Certificate IssuerGoogle Trust Services LLC
Subject3-1.services
FingerprintA8:22:CA:72:B4:2A:26:11:DA:1C:DB:0D:C4:C9:30:37:48:17:42:14
ValidityWed, 24 May 2023 20:30:49 GMT - Tue, 22 Aug 2023 20:30:48 GMT
File type ASCII text, with very long lines (6818), with no line terminators
Hash c336cc87007f639f2b6282f744233afe
1edb56913d600419c86ad0173b7a2a37711c4233
4095ccc9e9de7b596e76cb91ede4f9d80c7bf1115ffd88e043aee2cf366db197
Analyzer Verdict Alert urlquery phishing Phishing - Bancolombia
GET /d/mua/css/style.css HTTP/1.1
Host: br2.3-1.services
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br2.3-1.services/d/mua/VALIDATEPASS/scis/j6UnVHZsitlYrxStPNFUN4TsSjgEJkN7dlDp6FXSjFxO/3D/no-back-button/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 May 2023 10:25:55 GMT
content-type: text/css
etag: W/"1779-5e180de131766"
last-modified: Wed, 15 Jun 2022 18:41:21 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wBGbu8EwjUxw8V0kFFcbHywUcKT5KwQN%2FoDGKtwGuj%2BLLHLgNL3%2FryykjmCwWvZnfil7psU5AJuggYsliy15MY5yp%2FTylGc9Zz09IjGvDWV1iBfoyZJBN8Fw8PT%2BfQBIjS8z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccd13be08ed1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400