Report - activacionesbancolombiacreditospremiun.brizy.site/

Report Overview

Visited public
2023-11-25 00:46:04
Tags
bancolombia financial phishing
URL
activacionesbancolombiacreditospremiun.brizy.site/
Finishing URL
activacionesbancolombiacreditospremiun.brizy.site/
IP / ASN
76.223.88.217
#16509 AMAZON-02
Title
Bancolombia Sucursal Virtual Personas
Phishing - Bancolombia

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
activacionesbancolombiacreditospremiun.brizy.site	unknown	unknown	No data	No data	506 B	3.6 kB	13.248.211.84
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-11-24 05:10:16	445 B	31 kB	151.101.130.137
fonts.bunny.net	unknown	1999-11-22	2022-03-21 08:38:02	2023-11-24 05:09:53	800 B	2.9 kB	194.242.11.186
b-cloud.b-cdn.net	451504	2016-04-25	2021-02-03 07:26:15	2023-11-24 19:42:10	2.0 kB	846 kB	194.242.11.186
cloud-1de12d.b-cdn.net	unknown	2016-04-25	2023-07-30 17:48:27	2023-11-24 04:12:33	502 B	6.3 kB	194.242.11.186
letonia369server369.tech	unknown	unknown	No data	No data	7.0 kB	386 kB	62.72.62.111
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-11-24 07:39:09	2.3 kB	9.7 kB	142.250.74.35
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	1.4 kB	71 kB	142.250.74.132
sucursalpersonas.transaccionesbancolombia.com	190375	2015-06-26	2015-07-24 23:04:19	2023-11-24 16:29:43	957 B	15 kB	162.159.255.116
a-cloud.b-cdn.net	529626	2016-04-25	2021-08-23 17:38:08	2023-11-24 19:42:10	497 B	6.3 kB	194.242.11.186
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-24 06:48:00	507 B	9.0 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-24	medium	activacionesbancolombiacreditospremiun.brizy.site/	Bancolombia

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	activacionesbancolombiacreditospremiun.brizy.site/	ScriptElement	104 B	2023-03-07	2025-03-30
Pretty URL activacionesbancolombiacreditospremiun.brizy.site/ IP 13.248.211.84 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:25 Last Seen2025-03-30 11:03 Times Seen364 Hash ca52c62d963ac40ea2fabec74eb7807f 63bbf430d0f5335a6590c49d7d52578133d5f38b b51951eec6669e007453f4f7a215e705010a2d7b908db083ec06ee4cb25ddf30 Loading...

	letonia369server369.tech/script.php?tok=kronox2023	ScriptElement	11 kB	2023-11-25	2023-11-25
Pretty URL letonia369server369.tech/script.php?tok=kronox2023 IP 62.72.62.111 ASN #5427 PTGi International Carrier Services, Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-25 01:41 Last Seen2023-11-25 01:46 Times Seen2 Hash 779e859ec0d5417cfc291a5d7435be64 cc5e2093646cad28afe969c6d9058a884f87e309 3899b42004be2ca04d3f7109e8436344fc15e8d8ae34564ea90251d3cf2fa4f7 Loading...

	letonia369server369.tech/js/jquery.jclockNew.js?_=1700873150648	ScriptElement	7.8 kB	2023-03-07	2025-05-08
Pretty URL letonia369server369.tech/js/jquery.jclockNew.js?_=1700873150648 IP 62.72.62.111 ASN #5427 PTGi International Carrier Services, Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-08 21:51 Times Seen212 Hash d5bd855b1a1ae610dab2f426107bc101 f3172d1d3ce6a90da44554d3c0d7bbc9910134a0 c6abf874d8228e1e37ece02cbd25c86ac1d64200331f7b91b085885eaa5e3074 Loading...

	www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 13:01 Times Seen4636046 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61&co=aHR0cHM6Ly9zdWN1cnNhbHBlcnNvbmFzLnRyYW5zYWNjaW9uZXNiYW5jb2xvbWJpYS5jb206NDQz&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=4yhdhbrfak9x	ScriptElement	69 B	2023-03-07	2025-05-09
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61&co=aHR0cHM6Ly9zdWN1cnNhbHBlcnNvbmFzLnRyYW5zYWNjaW9uZXNiYW5jb2xvbWJpYS5jb206NDQz&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=4yhdhbrfak9x IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 12:56 Times Seen116174 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/group-jq.min.js	ScriptElement	104 kB	2023-06-24	2024-09-19
Pretty URL b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/group-jq.min.js IP 194.242.11.186 ASN #34989 ServeTheWorld AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-24 12:54 Last Seen2024-09-19 22:21 Times Seen242 Hash 382784ac4f4421222995f4d3d6b37e8b 833dc03f9dd6724ec5ad551b211586bb717755e2 ab453409a32214d7e65505f6eab9564c70e757fc9af096b4dfd62bad306eda02 Loading...

	b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/preview.min.js	ScriptElement	443 kB	2023-11-11	2024-08-20
Pretty URL b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/preview.min.js IP 194.242.11.186 ASN #34989 ServeTheWorld AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-11 01:06 Last Seen2024-08-20 20:02 Times Seen23 Hash 141407a668be08799efff88909bfe3e3 d2b6f6d2a4a76157d79dffbaabbd4a402deadd07 cf972ef9735e35230405eef76cf0fbce56f26e7a53a7c4b21956fdb00f981a49 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61&co=aHR0cHM6Ly9zdWN1cnNhbHBlcnNvbmFzLnRyYW5zYWNjaW9uZXNiYW5jb2xvbWJpYS5jb206NDQz&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=4yhdhbrfak9x	ScriptElement	54 kB	2024-08-20	2024-08-20
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61&co=aHR0cHM6Ly9zdWN1cnNhbHBlcnNvbmFzLnRyYW5zYWNjaW9uZXNiYW5jb2xvbWJpYS5jb206NDQz&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=4yhdhbrfak9x IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:01 Last Seen2024-08-20 18:01 Times Seen1 Hash 864e913f46fe20e83bb31efaf112309a 4101a77f07cada29385e25bee897cc0e81fb6f35 465759f1623310af755b841c5519f58a7997087eabd66a6ea6a3bf5e050518ba Loading...

	code.jquery.com/jquery-3.7.0.min.js	ScriptElement	88 kB	2023-05-12	2025-05-09
Pretty URL code.jquery.com/jquery-3.7.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-12 23:07 Last Seen2025-05-09 04:01 Times Seen5996 Hash e6c2415c0ace414e5153670314ce99a9 5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6 d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8 Loading...

	letonia369server369.tech/_home.php?_=1700873150649	ScriptElement	4.6 kB	2023-06-20	2024-08-21
Pretty URL letonia369server369.tech/_home.php?_=1700873150649 IP 62.72.62.111 ASN #5427 PTGi International Carrier Services, Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-20 02:58 Last Seen2024-08-21 08:32 Times Seen6 Hash e50d2973580e53d016771cc94433da06 fb7170f81e27e7a1f5ed8de343e79d881049fe08 bfa16e6478d3bc893da9e254466ad1a6dc77f5f850692c215baa24ee4143d9ed Loading...

HTTP Transactions (33)

URL IP Response Size

activacionesbancolombiacreditospremiun.brizy.site/

13.248.211.84

200 OK

3.1 kB

URL User Request GET HTTP/2
activacionesbancolombiacreditospremiun.brizy.site/
IP
13.248.211.84:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subject*.brizy.site
Fingerprint31:73:FA:45:40:C2:3F:11:AE:7D:66:FD:6B:E3:B8:56:28:22:88:F6
ValiditySat, 15 Apr 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (8348)
Size
3.1 kB (3094 bytes)
Hash
971083b293bbed52454ed46869801f4f
d6bb348070391a6d06c35930f64a5ae3f6931246
bad1c9f4026fd64692845ee5363f8a2186e9464b4b8456495c923d7459a19ab1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bancolombia

HTTP Headers

GET / HTTP/1.1
Host: activacionesbancolombiacreditospremiun.brizy.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 25 Nov 2023 00:45:46 GMT
content-type: text/html; charset=UTF-8
content-length: 3094
x-brizy-preview: 1
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 9829109 5832113
age: 43379
via: 1.1 varnish (Varnish/6.2)
x-cache: HIT
x-cache-hits: 341
pragma: no-cache
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.7.0.min.js

151.101.130.137

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.7.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
30 kB (30308 bytes)
Hash
e6c2415c0ace414e5153670314ce99a9
5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

HTTP Headers

GET /jquery-3.7.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-155a6"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 25 Nov 2023 00:45:47 GMT
age: 6070947
x-served-by: cache-lga13623-LGA, cache-bma1667-BMA
x-cache: HIT, HIT
x-cache-hits: 73, 57708
x-timer: S1700873147.458803,VS0,VE0
vary: Accept-Encoding
content-length: 30308
X-Firefox-Spdy: h2

a-cloud.b-cdn.net/images/cropped-favicon-192x192.png

194.242.11.186

200 OK

5.2 kB

URL GET HTTP/2
a-cloud.b-cdn.net/images/cropped-favicon-192x192.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.2 kB (5170 bytes)
Hash
eab0a1e085d75f8a2c7e533da2fb6dea
b02cd286e0fade446f14c1c122d40faaded4ea47
a7a05115479692b0a78fb2cafcecdbcee9774742117f1ee8bf19f604f96a4744

HTTP Headers

GET /images/cropped-favicon-192x192.png HTTP/1.1
Host: a-cloud.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:47 GMT
content-type: image/webp
content-length: 5170
server: BunnyCDN-NO1-830
cdn-pullzone: 465925
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
last-modified: Tue, 31 Oct 2023 21:28:55 GMT
x-bo-server: DE-264
x-downloadsize: 36913
x-bo-origindownloadtime: 531
x-bo-processingtime: 0
x-bo-compressionratio: 85.99%
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 21:28:55
cdn-edgestorageid: 830
link: <https://www.brizy.cloud/images/cropped-favicon-192x192.png>; rel="canonical"
cdn-status: 200
cdn-requestid: b79646ecea01f406762bc993f2b537e1
cdn-cache: HIT
X-Firefox-Spdy: h2

fonts.bunny.net/css?family=Overpass:100,100italic,200,200italic,300,300italic,regular,italic,600,600italic,700,700italic,800,800italic,900,900italic|Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic&subset=arabic,bengali,cyrillic,cyrillic-ext,devanagari,greek,greek-ext,gujarati,hebrew,khmer,korean,latin-ext,tamil,telugu,thai,vietnamese&display=swap

194.242.11.186

200 OK

2.0 kB

URL GET HTTP/2
fonts.bunny.net/css?family=Overpass:100,100italic,200,200italic,300,300italic,regular,italic,600,600italic,700,700italic,800,800italic,900,900italic|Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic&subset=arabic,bengali,cyrillic,cyrillic-ext,devanagari,greek,greek-ext,gujarati,hebrew,khmer,korean,latin-ext,tamil,telugu,thai,vietnamese&display=swap
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerLet's Encrypt
Subjectfonts.bunny.net
FingerprintDE:8E:DD:36:41:BD:57:62:70:98:7E:53:BE:EF:71:86:67:A8:68:58
ValidityMon, 16 Oct 2023 05:08:36 GMT - Sun, 14 Jan 2024 05:08:35 GMT

File type
ASCII text
Size
2.0 kB (1959 bytes)
Hash
c33693edea623c285508557ae596222a
77647c6b4251739ee8a3312328a0cbc57e13181c
1a74212d88a33b796d0a8068e7bd6e1d2acb9a4ef5305c2ac68beec657076d18

HTTP Headers

GET /css?family=Overpass:100,100italic,200,200italic,300,300italic,regular,italic,600,600italic,700,700italic,800,800italic,900,900italic|Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic&subset=arabic,bengali,cyrillic,cyrillic-ext,devanagari,greek,greek-ext,gujarati,hebrew,khmer,korean,latin-ext,tamil,telugu,thai,vietnamese&display=swap HTTP/1.1
Host: fonts.bunny.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:47 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
server: BunnyCDN-NO1-830
cdn-pullzone: 781720
cdn-uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000
last-modified: Tue, 05 Sep 2023 16:05:37 GMT
x-do-app-origin: 1fb91846-e6b7-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 09/05/2023 16:05:37
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 177753dd6a2b94c897051d18cad8c876
cdn-cache: STALE
content-encoding: br
X-Firefox-Spdy: h2

b-cloud.b-cdn.net/fonts/europa-bold.otf

194.242.11.186

200 OK

70 kB

URL GET HTTP/2
b-cloud.b-cdn.net/fonts/europa-bold.otf
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
OpenType font data\012- data
Size
70 kB (70044 bytes)
Hash
25f126bc5d17a77fd9ea3dbf22974daa
05e12b987cbfdeae0ce798cc8b30a8b79723b66c
6e64aec446bfc5fb3f7ea819a9c6643881e30175c87a39dafcb395adafcc5b83

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/europa-bold.otf HTTP/1.1
Host: b-cloud.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://activacionesbancolombiacreditospremiun.brizy.site
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:47 GMT
content-type: application/vnd.oasis.opendocument.formula-template
content-length: 70044
server: BunnyCDN-NO1-830
cdn-pullzone: 246147
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "25f126bc5d17a77fd9ea3dbf22974daa"
last-modified: Fri, 14 Apr 2023 13:50:51 GMT
x-amz-id-2: JryFO6ykz0a/h2G5pNfq1XNEFxCKgyy4jzxx7ybWUD0MDCleaWEE3VoDzr83ITaNuBJqUMQSAJk=
x-amz-request-id: P7CBF8JQJXH20TSN
x-amz-server-side-encryption: AES256
x-amz-version-id: oyWdvT05AY6JnIAYIh6W7aGniCbSquZW
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 21:28:57
cdn-edgestorageid: 830
link: <https://s3.amazonaws.com/brizy.cloud/fonts/europa-bold.otf>; rel="canonical"
cdn-status: 200
cdn-requestid: d30aa4274393953f88bef4c95f219091
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cloud-1de12d.b-cdn.net/images/cropped-favicon-192x192.png

194.242.11.186

200 OK

5.2 kB

URL GET HTTP/2
cloud-1de12d.b-cdn.net/images/cropped-favicon-192x192.png
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.2 kB (5170 bytes)
Hash
eab0a1e085d75f8a2c7e533da2fb6dea
b02cd286e0fade446f14c1c122d40faaded4ea47
a7a05115479692b0a78fb2cafcecdbcee9774742117f1ee8bf19f604f96a4744

HTTP Headers

GET /images/cropped-favicon-192x192.png HTTP/1.1
Host: cloud-1de12d.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:47 GMT
content-type: image/webp
content-length: 5170
server: BunnyCDN-NO1-830
cdn-pullzone: 1532501
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
last-modified: Fri, 28 Jul 2023 10:58:50 GMT
x-bo-server: ASB-206
x-downloadsize: 36913
x-bo-origindownloadtime: 3
x-bo-processingtime: 1
x-bo-compressionratio: 85.99%
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/28/2023 10:58:50
cdn-edgestorageid: 830
link: <https://www.brizy.cloud/images/cropped-favicon-192x192.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 33be1731dfa58aa40426bd9f4eff3fed
cdn-cache: HIT
X-Firefox-Spdy: h2

letonia369server369.tech/script.php?tok=kronox2023

62.72.62.111

200 OK

5.6 kB

URL GET HTTP/2
letonia369server369.tech/script.php?tok=kronox2023
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (430)
Size
5.6 kB (5584 bytes)
Hash
779e859ec0d5417cfc291a5d7435be64
cc5e2093646cad28afe969c6d9058a884f87e309
3899b42004be2ca04d3f7109e8436344fc15e8d8ae34564ea90251d3cf2fa4f7

HTTP Headers

GET /script.php?tok=kronox2023 HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.1.22
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:47 GMT
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Nov 2023 00:45:47 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

letonia369server369.tech/css/styles.css

62.72.62.111

200 OK

15 kB

URL GET HTTP/2
letonia369server369.tech/css/styles.css
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (360)
Size
15 kB (14720 bytes)
Hash
f6e40a2d702590c4d467be69ae238112
f736964327eeb514b94fc49c96ab49e0046216a8
2c1b32d98585fee04a38eb732834e0ccc33952800b6077064a197555cff4b551

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /css/styles.css HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: text/css
last-modified: Mon, 20 Nov 2023 18:51:46 GMT
etag: "1a782-655baac2-3aa6606b09c50853;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14720
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

letonia369server369.tech/css/bootstrap.css

62.72.62.111

200 OK

17 kB

URL GET HTTP/2
letonia369server369.tech/css/bootstrap.css
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
assembler source, ASCII text, with very long lines (540)
Size
17 kB (16697 bytes)
Hash
1fc3bdfa418d0c8cb81c936148903e6d
e09cc2b94bb717dfcff66f0a24303eff7b37cccf
5e7aacc05a5cfe4d2fa8407d5a885b9c2511e0213fb5abd0599cdef3f0e0e524

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: text/css
last-modified: Mon, 20 Nov 2023 18:51:40 GMT
etag: "1d9e0-655baabc-aa247ae55f74fa3c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 16697
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

letonia369server369.tech/css/keyboard_util.css

62.72.62.111

200 OK

489 B

URL GET HTTP/2
letonia369server369.tech/css/keyboard_util.css
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
assembler source, ASCII text
Size
489 B (489 bytes)
Hash
8ea63a514078251ab46debcd6a7937d8
a8ff91b7fce7a83e7c639298626b6f93aad55b9e
70f1cd5b6038df19e8cf82b14c9835eeaf8f679d731d698d2fe5b96c140109af

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /css/keyboard_util.css HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: text/css
last-modified: Mon, 20 Nov 2023 18:51:44 GMT
etag: "62d-655baac0-82490c0892d82895;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 489
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

letonia369server369.tech/css/jquery-ui.css

62.72.62.111

200 OK

5.7 kB

URL GET HTTP/2
letonia369server369.tech/css/jquery-ui.css
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1363)
Size
5.7 kB (5671 bytes)
Hash
2b936d08a6d742e862a089716f02d90d
6afd4058ec593fbca3c56a423c24a3c47eb87171
c9eeb55f7cf16683b871600ce998b61b1031629097be96069d5741f33adaf6d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /css/jquery-ui.css HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: text/css
last-modified: Mon, 20 Nov 2023 18:51:44 GMT
etag: "7c88-655baac0-a4c91fc94c4413d2;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5671
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

letonia369server369.tech/css/ui.css

62.72.62.111

200 OK

2.8 kB

URL GET HTTP/2
letonia369server369.tech/css/ui.css
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text
Size
2.8 kB (2770 bytes)
Hash
fc4114c8fc5f70052eb79403116ba4c1
803d15f0eeb878417048c8fc28db4c53bec0f2ed
0265a31c7bea01a32328e09245aad8cf38ba3316a13e93080697b35e338f35b4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /css/ui.css HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: text/css
last-modified: Mon, 20 Nov 2023 18:51:48 GMT
etag: "34ab-655baac4-b78510bc36843f47;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2770
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

letonia369server369.tech/css/showLoadingBank.css

62.72.62.111

200 OK

490 B

URL GET HTTP/2
letonia369server369.tech/css/showLoadingBank.css
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text
Size
490 B (490 bytes)
Hash
125f60fcd67294148b1d2ed53cccd197
bdac6f2fb1d137592e7d696c1e64f3f2cb41ac7c
d27f74e5b0aff4b16fd133bd8c42458a400acde162b92211d642c76381c11e5e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /css/showLoadingBank.css HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: text/css
last-modified: Mon, 20 Nov 2023 18:51:44 GMT
etag: "75f-655baac0-68c1bf4f65a64ff1;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 490
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

letonia369server369.tech/css/stylesheet.css

62.72.62.111

200 OK

184 B

URL GET HTTP/2
letonia369server369.tech/css/stylesheet.css
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text
Size
184 B (184 bytes)
Hash
9f0c41693174c65f2817410c62e7b7c0
4b353d309a9a37b3b062bf580d698b0a59ac2d30
70b12b4ea441b91094cc36e8b1ddc40fe4eeee8f7541fe3504abc1693c650ec8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /css/stylesheet.css HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: text/css
last-modified: Mon, 20 Nov 2023 18:51:48 GMT
etag: "3ef-655baac4-2498082754d86670;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 184
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

letonia369server369.tech/_home.php?_=1700873150649

62.72.62.111

200 OK

1.8 kB

URL GET HTTP/2
letonia369server369.tech/_home.php?_=1700873150649
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (563)
Size
1.8 kB (1817 bytes)
Hash
e50d2973580e53d016771cc94433da06
fb7170f81e27e7a1f5ed8de343e79d881049fe08
bfa16e6478d3bc893da9e254466ad1a6dc77f5f850692c215baa24ee4143d9ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /_home.php?_=1700873150649 HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-powered-by: PHP/8.1.22
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-length: 1817
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/group-jq.min.js

194.242.11.186

200 OK

39 kB

URL GET HTTP/2
b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/group-jq.min.js
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
39 kB (39148 bytes)
Hash
382784ac4f4421222995f4d3d6b37e8b
833dc03f9dd6724ec5ad551b211586bb717755e2
ab453409a32214d7e65505f6eab9564c70e757fc9af096b4dfd62bad306eda02

HTTP Headers

GET /builds/free/270-cloud/editor/js/group-jq.min.js HTTP/1.1
Host: b-cloud.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:47 GMT
content-type: application/javascript
server: BunnyCDN-NO1-830
cdn-pullzone: 246147
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31919000
etag: W/"382784ac4f4421222995f4d3d6b37e8b"
last-modified: Wed, 08 Nov 2023 11:50:26 GMT
x-amz-id-2: 0Dr1oFxPUWA9tGtycirfQ1HycZ41bBiUGYKzzNC3qhvwi7hnYQ+3r9a21HkK2excCoUgEnopMTQ=
x-amz-request-id: Z5NCK0W1DAYHFFPS
x-amz-server-side-encryption: AES256
x-amz-version-id: JNhmdH1_CAuKFJL8voAveXw2P4LIqh8p
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2023 12:10:06
cdn-edgestorageid: 830
link: <https://s3.amazonaws.com/brizy.cloud/builds/free/270-cloud/editor/js/group-jq.min.js>; rel="canonical"
cdn-status: 200
cdn-requestid: cfac22e2dbd6a3de7e5c5e8ca154a8f1
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
17f1cdfaa238256063010b7b63166517
bdb5304e7769ef29087bfb7d40327e7d7794d65c
0f92a09ceaa491ac945c80eae6850ed6f0625abb0a25d74d4f7ea93e274aeeba

HTTP Headers

GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sat, 25 Nov 2023 00:45:49 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
17f1cdfaa238256063010b7b63166517
bdb5304e7769ef29087bfb7d40327e7d7794d65c
0f92a09ceaa491ac945c80eae6850ed6f0625abb0a25d74d4f7ea93e274aeeba

HTTP Headers

GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sat, 25 Nov 2023 00:45:49 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1620 bytes)
Hash
4e5bd05a00e180239a4b9ddc15b72acb
f3a2fdb9f8eef5bffee77fc32ad8cee6179a0d00
79ebb512c39e7bd6d28d64e1dd20f0a851e6a034edd8e140233ed6bebb75a312

HTTP Headers

GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sat, 25 Nov 2023 00:45:49 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
17f1cdfaa238256063010b7b63166517
bdb5304e7769ef29087bfb7d40327e7d7794d65c
0f92a09ceaa491ac945c80eae6850ed6f0625abb0a25d74d4f7ea93e274aeeba

HTTP Headers

GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sat, 25 Nov 2023 00:45:49 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
17f1cdfaa238256063010b7b63166517
bdb5304e7769ef29087bfb7d40327e7d7794d65c
0f92a09ceaa491ac945c80eae6850ed6f0625abb0a25d74d4f7ea93e274aeeba

HTTP Headers

GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__es.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sat, 25 Nov 2023 00:45:49 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

letonia369server369.tech/img/publi_home.jpg

62.72.62.111

200 OK

169 kB

URL GET HTTP/3
letonia369server369.tech/img/publi_home.jpg
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2023:07:11 09:06:12], baseline, precision 8, 627x327, components 3\012- data
Size
169 kB (169362 bytes)
Hash
a99cc54fba52371335da34c02933a9c4
fbac05354abaad301b83e4268b62f23280108b7b
0b6f497c7aae9ad88f351ac5c260ed01e3a3051c4602b3724121901a33f42a70

HTTP Headers

GET /img/publi_home.jpg HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: image/jpeg
last-modified: Mon, 20 Nov 2023 18:52:23 GMT
etag: "29592-655baae7-76ac9f82bb65dc2e;;;"
accept-ranges: bytes
content-length: 169362
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

letonia369server369.tech/fonts/opensans/OpenSans-Regular.ttf

62.72.62.111

200 OK

82 kB

URL GET HTTP/3
letonia369server369.tech/fonts/opensans/OpenSans-Regular.ttf
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegular1.10;1ASC;OpenSans-R\012- data
Size
82 kB (82320 bytes)
Hash
d7d5d4588a9f50c99264bc12e4892a7c
513966e260bb7610d47b2329dba194143831893e
13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/opensans/OpenSans-Regular.ttf HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://activacionesbancolombiacreditospremiun.brizy.site
DNT: 1
Connection: keep-alive
Referer: https://letonia369server369.tech/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: application/x-font-ttf
last-modified: Mon, 20 Nov 2023 18:52:05 GMT
etag: "350bc-655baad5-b81b213c8865068f;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 82320
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
access-control-allow-origin: *

letonia369server369.tech/fonts/opensans/CIBFontSans-Light.ttf

62.72.62.111

200 OK

52 kB

URL GET HTTP/3
letonia369server369.tech/fonts/opensans/CIBFontSans-Light.ttf
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 33 names, Macintosh, Copyright (c) 2019 by Vasava Studio. All rights reserved.\011CIBFont SansLight1.300;UKWN;CIBFont\012- data
Size
52 kB (52282 bytes)
Hash
69096387df83ff65381f8ee25006b0aa
89689ed7f7547a3815d9fa2d0a2c11513480086e
decf1c3cb09b3e38d867e0d5cf648220584404c9cf8d18a6c51bdfa2af5047cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/opensans/CIBFontSans-Light.ttf HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://activacionesbancolombiacreditospremiun.brizy.site
DNT: 1
Connection: keep-alive
Referer: https://letonia369server369.tech/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: application/x-font-ttf
last-modified: Mon, 20 Nov 2023 18:52:02 GMT
etag: "1b014-655baad2-7f143d512a0b97c4;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 52282
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
access-control-allow-origin: *

letonia369server369.tech/fonts/iconfont/icon_font_bc.ttf?61jkgi

62.72.62.111

200 OK

19 kB

URL GET HTTP/3
letonia369server369.tech/fonts/iconfont/icon_font_bc.ttf?61jkgi
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icon_font_bc\012- data
Size
19 kB (19098 bytes)
Hash
8c9559a3d94688605d1d5e1cf68d5ae0
5c2b8fb865aefcc42f119542faa12bcaeaefbb3a
ad0f43b7fd52d2f1574ba930c85ce401f95d69e21ad997ffe8e7ad98fec2ffda

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/iconfont/icon_font_bc.ttf?61jkgi HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://activacionesbancolombiacreditospremiun.brizy.site
DNT: 1
Connection: keep-alive
Referer: https://letonia369server369.tech/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: application/x-font-ttf
last-modified: Mon, 20 Nov 2023 18:51:54 GMT
etag: "7ce8-655baaca-7e1d8fe0ec7c84bb;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19098
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
access-control-allow-origin: *

fonts.googleapis.com/css?family=Open+Sans:400italic,400,700&subset=latin,cyrillic

142.250.74.106

200 OK

8.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400italic,400,700&subset=latin,cyrillic
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (8632), with no line terminators
Size
8.4 kB (8416 bytes)
Hash
c423927974723320551e2710e161bf29
610f60207a294e27eed54e28eaf747e333c1347e
be785c89bb514a8bf9054662da8e01b6ef5a8a47876be4a6f55344979a946935

HTTP Headers

GET /css?family=Open+Sans:400italic,400,700&subset=latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 00:45:47 GMT
date: Sat, 25 Nov 2023 00:45:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/anchor?ar=1&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61&co=aHR0cHM6Ly9zdWN1cnNhbHBlcnNvbmFzLnRyYW5zYWNjaW9uZXNiYW5jb2xvbWJpYS5jb206NDQz&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=4yhdhbrfak9x

142.250.74.132

200 OK

62 kB

URL GET HTTP/2
www.google.com/recaptcha/api2/anchor?ar=1&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61&co=aHR0cHM6Ly9zdWN1cnNhbHBlcnNvbmFzLnRyYW5zYWNjaW9uZXNiYW5jb2xvbWJpYS5jb206NDQz&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=4yhdhbrfak9x
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (53601)
Size
62 kB (62339 bytes)
Hash
457f7ec8b2d9b804e4a866a7351c3f11
381d73f9e289ad5f0e8735dcf44ea65d2535e58b
7056e1df852444b4e913ac0cd71007b9b6aa33444cd43c11e9040e65e81f2314

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61&co=aHR0cHM6Ly9zdWN1cnNhbHBlcnNvbmFzLnRyYW5zYWNjaW9uZXNiYW5jb2xvbWJpYS5jb206NDQz&hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=4yhdhbrfak9x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Nov 2023 00:45:48 GMT
content-security-policy: script-src 'nonce-g3_02N8bW14pnOhIuKMO2A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sucursalpersonas.transaccionesbancolombia.com/mua/images/logo.svg

162.159.255.116

200 OK

7.0 kB

URL GET HTTP/2
sucursalpersonas.transaccionesbancolombia.com/mua/images/logo.svg
IP
162.159.255.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerGlobalSign nv-sa
Subjectsucursalpersonas.transaccionesbancolombia.com
FingerprintD8:00:F5:0F:45:1E:A2:21:06:04:06:AF:14:F3:56:C7:B1:EF:94:24
ValidityMon, 26 Jun 2023 15:16:02 GMT - Sat, 27 Jul 2024 15:16:01 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7158), with no line terminators
Size
7.0 kB (7020 bytes)
Hash
25dd9ab906a1090c8148571c89804ff1
9bcc8fa0be2694bb947a3205d19424eba45c3993
801fb30278b9eedb6a6c1e9c87b6cb2c5d03765ed74d2e75fc931e52b998707b

HTTP Headers

GET /mua/images/logo.svg HTTP/1.1
Host: sucursalpersonas.transaccionesbancolombia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://letonia369server369.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:48 GMT
content-type: image/svg+xml
x-frame-options: sameorigin, sameorigin, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 27 Apr 2021 13:04:03 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-content-security-policy: default-src 'self';
content-security-policy: default-src 'self'; script-src 'self' static.cloudflareinsights.com *.medallia.com *.kampyle.com https://cdn.siftscience.com https://checkout.wompi.co https://www.google.com *.googleapis.com api.segment.io *.segment.com *.todo1.com *.ambientesbc.com *.cloudbancolombia.com *.newrelic.com bam.nr-data.net *.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com https://vars.hotjar.com/ *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://www.google-analytics.com *.medallia.com *.kampyle.com https://sessions.bugsnag.com *.doubleclick.net api.segment.io *.segment.com *.todo1.com *.newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com https://vars.hotjar.com/ *.hotjar.com *.hotjar.io *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/  'self'; img-src *.medallia.com *.kampyle.com https://hexagon-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.google.com *.gstatic.com images-cdn.info *.ambientesbc.com *.cloudbancolombia.com *.bancolombia.com *.todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com https://vars.hotjar.com/ *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com https://vars.hotjar.com/ *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com; frame-src *.todo-1.com *.medallia.com *.kampyle.com https://checkout.wompi.co 'self' https://www.google.com/ https://*.googleapis.com https://*.gstatic.com *.salesforce.com *.force.com *.visualforce.com *.ambientesbc.com *.cloudbancolombia.com *.bancolombia.corp *.bancolombia.com *.transaccionesbancolombia.com https://vars.hotjar.com/ *.hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://*.gstatic.com 'self' data:
access-control-allow-origin: https://c.na7.visual.fo.todo1.com
cf-cache-status: HIT
age: 5592
expires: Sat, 25 Nov 2023 04:45:48 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=VO8bDpc65dPhX139xUYsCpZcoXpyBEyGqQwiWqK99cw-1700873148-0-AUy2GboKIpy3rYoEbfX6FmMsaYWmgq54tj3uTBuNjnSZpev9OI8mHy01Bif8PYm3AayLcDQU4T19def7x9p1cms=; path=/; expires=Sat, 25-Nov-23 01:15:48 GMT; domain=.transaccionesbancolombia.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b5defcbd374149-LHR
content-encoding: gzip
X-Firefox-Spdy: h2

b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/preview.min.js

194.242.11.186

200 OK

443 kB

URL GET HTTP/2
b-cloud.b-cdn.net/builds/free/270-cloud/editor/js/preview.min.js
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type

Size
443 kB (443220 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /builds/free/270-cloud/editor/js/preview.min.js HTTP/1.1
Host: b-cloud.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:47 GMT
content-type: application/javascript
server: BunnyCDN-NO1-830
cdn-pullzone: 246147
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31919000
etag: W/"141407a668be08799efff88909bfe3e3"
last-modified: Wed, 08 Nov 2023 11:50:26 GMT
x-amz-id-2: 606GpDaKSJCfhLKMmtUe07tFTnCWN4P9eeYDYf3aojsdTG3yP5aFO6s7aHCb4wn7sq22N5dL+PQ=
x-amz-request-id: WSMTZ5CW1QW9BRMH
x-amz-server-side-encryption: AES256
x-amz-version-id: nFsCBa_hyksFvcmafu50F06i1RcTjDpc
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/10/2023 23:45:50
cdn-edgestorageid: 830
link: <https://s3.amazonaws.com/brizy.cloud/builds/free/270-cloud/editor/js/preview.min.js>; rel="canonical"
cdn-status: 200
cdn-requestid: bcbf163c9f72b3e3106b80a9ec2a17de
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

letonia369server369.tech/js/jquery.jclockNew.js?_=1700873150648

62.72.62.111

200 OK

7.8 kB

URL GET HTTP/2
letonia369server369.tech/js/jquery.jclockNew.js?_=1700873150648
IP
62.72.62.111:443
ASN
#5427 PTGi International Carrier Services, Inc.

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerZeroSSL
Subjectletonia369server369.tech
FingerprintEF:67:6C:0B:1D:78:92:93:DB:DC:21:97:79:45:88:5E:E1:51:99:B8
ValidityMon, 20 Nov 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8202), with no line terminators
Size
7.8 kB (7794 bytes)
Hash
266a1c7d07a75f52f4765d415d503d69
06151a5b1e5ceb0ce208f3fb07d63d96fae74b1e
3ae67293c8e336c17b64854a0a00502033789d40cf03ab13368c602bd65f2eb9

HTTP Headers

GET /js/jquery.jclockNew.js?_=1700873150648 HTTP/1.1
Host: letonia369server369.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 00:45:48 GMT
content-type: application/x-javascript
last-modified: Mon, 20 Nov 2023 18:52:33 GMT
etag: "1e72-655baaf1-8ed95e50ec08d7a9;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2117
date: Sat, 25 Nov 2023 00:45:48 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

b-cloud.b-cdn.net/builds/free/270-cloud/editor/css/preview.min.css

194.242.11.186

200 OK

290 kB

URL GET HTTP/2
b-cloud.b-cdn.net/builds/free/270-cloud/editor/css/preview.min.css
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerSectigo Limited
Subject*.b-cdn.net
FingerprintFC:D9:3E:09:69:F5:9D:8A:AA:45:73:03:05:F1:8D:E4:5B:80:10:E4
ValiditySun, 05 Nov 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type

Size
290 kB (289597 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /builds/free/270-cloud/editor/css/preview.min.css HTTP/1.1
Host: b-cloud.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:47 GMT
content-type: text/css
server: BunnyCDN-NO1-830
cdn-pullzone: 246147
cdn-uid: e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
etag: W/"f27440de0e01545cda326e1d9a3de945"
last-modified: Wed, 08 Nov 2023 11:47:04 GMT
x-amz-id-2: oK3DVOkSsDuI7KFLA03ggC6HdJt6BIE4CnWk3qZaWpa8hapd1d0NMke+u+g3Q/huei7+ODy7l7k=
x-amz-request-id: WSMQAV5X6A7GSQ3Y
x-amz-server-side-encryption: AES256
x-amz-version-id: qnLnwEgCnIUSzTakb7BvAZQMCJmPtUMt
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/10/2023 23:45:50
cdn-edgestorageid: 830
link: <https://s3.amazonaws.com/brizy.cloud/builds/free/270-cloud/editor/css/preview.min.css>; rel="canonical"
cdn-status: 200
cdn-requestid: f831e0c687c91c8c7f6aa150e7caeaee
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/icon-user.png

162.159.255.116

200 OK

447 B

URL GET HTTP/2
sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/icon-user.png
IP
162.159.255.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerGlobalSign nv-sa
Subjectsucursalpersonas.transaccionesbancolombia.com
FingerprintD8:00:F5:0F:45:1E:A2:21:06:04:06:AF:14:F3:56:C7:B1:EF:94:24
ValidityMon, 26 Jun 2023 15:16:02 GMT - Sat, 27 Jul 2024 15:16:01 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
447 B (447 bytes)
Hash
0e3457ed5ea858d1e9287ef66dcbbfe4
006c99b62e141ebbc69f6e06cab757995d3f7417
75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83

HTTP Headers

GET /mua/images/icons/icon-user.png HTTP/1.1
Host: sucursalpersonas.transaccionesbancolombia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://letonia369server369.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 00:45:48 GMT
content-type: image/png
content-length: 447
x-frame-options: sameorigin, sameorigin, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 27 Apr 2021 13:04:03 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-content-security-policy: default-src 'self';
content-security-policy: default-src 'self'; script-src 'self' static.cloudflareinsights.com *.medallia.com *.kampyle.com https://cdn.siftscience.com https://checkout.wompi.co https://www.google.com *.googleapis.com api.segment.io *.segment.com *.todo1.com *.ambientesbc.com *.cloudbancolombia.com *.newrelic.com bam.nr-data.net *.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com https://vars.hotjar.com/ *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://www.google-analytics.com *.medallia.com *.kampyle.com https://sessions.bugsnag.com *.doubleclick.net api.segment.io *.segment.com *.todo1.com *.newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com https://vars.hotjar.com/ *.hotjar.com *.hotjar.io *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/  'self'; img-src *.medallia.com *.kampyle.com https://hexagon-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.google.com *.gstatic.com images-cdn.info *.ambientesbc.com *.cloudbancolombia.com *.bancolombia.com *.todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com https://vars.hotjar.com/ *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com https://vars.hotjar.com/ *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com; frame-src *.todo-1.com *.medallia.com *.kampyle.com https://checkout.wompi.co 'self' https://www.google.com/ https://*.googleapis.com https://*.gstatic.com *.salesforce.com *.force.com *.visualforce.com *.ambientesbc.com *.cloudbancolombia.com *.bancolombia.corp *.bancolombia.com *.transaccionesbancolombia.com https://vars.hotjar.com/ *.hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://*.gstatic.com 'self' data:
access-control-allow-origin: https://c.na7.visual.fo.todo1.com
cf-cache-status: HIT
age: 5592
expires: Sat, 25 Nov 2023 04:45:48 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=Ol.gTmMyu1I6sLzlmR2MgQ.cHb5ndGKeYZT9_F0KKd8-1700873148-0-Afl/BzJkJ9VsIhqcon6DapUfxR4/ACfl+HE61ZZ6PFcUtH7vky+V18vXj39/2DGMOgchuWWe0mLpwEHcQ8IZoVY=; path=/; expires=Sat, 25-Nov-23 01:15:48 GMT; domain=.transaccionesbancolombia.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b5defcad2c4149-LHR
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61

142.250.74.132

200 OK

7.3 kB

URL GET HTTP/2
www.google.com/recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://activacionesbancolombiacreditospremiun.brizy.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7487), with no line terminators
Size
7.3 kB (7256 bytes)
Hash
98602e7668dbb4b5dd921252cdccefd1
fc3298d85012fcf69806fd971fc7358e1765b578
72d0952b864b5ad7769b8546dff86a0fd489209f6f158cf56fc04e0ab9acf9af

HTTP Headers

GET /recaptcha/api2/bframe?hl=es&v=CDFvp7CXAHw7k3HxO47Gm1O9&k=6LcQkTUUAAAAAAqNJNF97DoEKkxyTia9U6SOqp61 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://activacionesbancolombiacreditospremiun.brizy.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Nov 2023 00:45:48 GMT
content-security-policy: script-src 'nonce-bvbuQJY0y_S0xcUx-F24EA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by