r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Mon, 13 Mar 2023 07:24:00 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 405abd45d42535567c1ecb518f4bdb04
0505c27fe2921bfa89657173fb77ca7280f04772
bdef4e5edfe0bf3fefb4dc5625e41f3faeb23a0afd24c4e6255f40f757568c35
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDEF4E5EDFE0BF3FEFB4DC5625E41F3FAEB23A0AFD24C4E6255F40F757568C35"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4309
Expires: Mon, 13 Mar 2023 06:19:51 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Alert, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 13 Mar 2023 04:09:19 GMT
content-type: application/json
age: 3523
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae4d7bec26e013433e638f87260aa632
62384e39bc90d0b2ab92895220f0383e678669f4
b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19960
Expires: Mon, 13 Mar 2023 10:40:42 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 16j3YsB/fytBf9PNzq1/vrz6NN4fAdJU2y3aL1YrfM2rK5QLCDi9FRcHIs2a6y/ndCWVTTrJM4M=
x-amz-request-id: 4103A8Z4HFMAAX1W
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 13 Mar 2023 04:46:14 GMT
age: 1308
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 05:08:02 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 13 Mar 2023 05:06:47 GMT
age: 75
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b426c61dbf49129b0554669c6666e025
6b329663868aac72e296a4c594d46b542f7003e7
6349d43a437729d91c0739616283458cbc123bd6d056522f68cd48b89364ea95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6349D43A437729D91C0739616283458CBC123BD6D056522F68CD48B89364EA95"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6732
Expires: Mon, 13 Mar 2023 07:00:14 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive
push.services.mozilla.com/
54.186.165.49101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.165.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HfH5CfbSXO1Y94lY6M3SzQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XHhLMbM7mkcDUHuaH+O5Zp1OfJY=
www.alfabell.com/
190.90.160.172200 OK 92 kB IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (42591)
Hash e37517c0131dcc4824fcebe8a0ef2b70
0da31c14ecc3bf8de0e2db5ef8c4ca67aa7dc492
f0d6ed9057d4f09b1abada77d06fc974c550182f31a346a193f776efa922f151
Analyzer Verdict Alert openphish Citigroup Inc.
fortinet Phishing
GET / HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
set-cookie: t=79660027640eafb2c04fb; expires=Tue, 21-Mar-2023 13:08:02 GMT; Max-Age=720000; path=/; domain=www.alfabell.com
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Mon, 13 Mar 2023 05:08:02 GMT
server: LiteSpeed
www.alfabell.com/index_files/app.js?1
190.90.160.172200 OK 1.7 kB URL HTTP/1.1 www.alfabell.com/index_files/app.js?1
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type ASCII text, with CRLF line terminators
Hash 63785c639b077481d35bf0d71b877ad8
980e70c61ae240f20168d920b10fb56f7eef759f
48a629f0525344891c9ef7a37e89079b089e9b9d4af3f3a59d919d13f0aa4ac0
GET /index_files/app.js?1 HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:03 GMT
content-type: application/javascript
last-modified: Thu, 02 Mar 2023 01:25:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1745
date: Mon, 13 Mar 2023 05:08:03 GMT
server: LiteSpeed
www.alfabell.com/index_files/jquery.min.js
190.90.160.172200 OK 31 kB URL HTTP/1.1 www.alfabell.com/index_files/jquery.min.js
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type ASCII text, with very long lines (65451)
Hash 92de45738280e26d3e61bad253796d91
94c6e6a2a023f007b9f9a4fd7b16a185010edf18
411e4a2e47b4f9127ed74e936e9efdb876042657fa366ac3011ddac7fd2a69d2
Analyzer Verdict Alert openphish Citigroup Inc.
fortinet Phishing
GET /index_files/jquery.min.js HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:03 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 03:42:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30767
date: Mon, 13 Mar 2023 05:08:03 GMT
server: LiteSpeed
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3572
Expires: Mon, 13 Mar 2023 06:07:36 GMT
Date: Mon, 13 Mar 2023 05:08:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3572
Expires: Mon, 13 Mar 2023 06:07:36 GMT
Date: Mon, 13 Mar 2023 05:08:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3572
Expires: Mon, 13 Mar 2023 06:07:36 GMT
Date: Mon, 13 Mar 2023 05:08:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b90d71-38dd-41be-b00f-df70bd5d923d.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b90d71-38dd-41be-b00f-df70bd5d923d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2eedbee19ad8b7fe24b5c3cda8d92825
1eaffe902658900d684f44e4c68234075f65cb87
e0c5964a97e0c292958c7ae074d6384bac147d13fb8daf900d2097b46092205c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b90d71-38dd-41be-b00f-df70bd5d923d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4866
x-amzn-requestid: 2a7e29d8-ec57-4bf1-a0c7-b5aa19ad683c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BmJXdG8boAMF2PA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640bef62-622794ed6602dc090e201412;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 03:02:58 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: pSNGZrZt1ZT1_3zdzsTwLgwsZ5jtvsCHDNTW8mIHwo4nNxLGuRGVmQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 03:57:06 GMT
age: 4258
etag: "1eaffe902658900d684f44e4c68234075f65cb87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526e67f-3282-4c5f-b3c2-060969983db7.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526e67f-3282-4c5f-b3c2-060969983db7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9181f899a76e192bb17790a1d9d9246
0b8482f307f17141170ae305a053870e9d698ad0
fc24b7f153e1697defc13bb008905852e01e5e560eb23725dc0824d9e6743312
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526e67f-3282-4c5f-b3c2-060969983db7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5711
x-amzn-requestid: 14af383e-a18a-4e3b-b7e8-206119f07b2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_UlHlboAMF6DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45b6-111c41752512faa0174c321a;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8rrU8RHf5cR5r4iEqCs58EeiSY1nTThZBVSJwXZBupXGMVe0ElxWvw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:54:15 GMT
age: 26029
etag: "0b8482f307f17141170ae305a053870e9d698ad0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac10504-bda7-4e84-9cc0-f0e3c52b431f.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac10504-bda7-4e84-9cc0-f0e3c52b431f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acf8e503fdc5f8d29da5b36ac4b0b7f9
3e51dfc3f25ce466ef32f33547b71dc5ce5c6386
078aec825c3b57ce561410506aa4c1dad3255e88700968e2e41d1d40dfd39be8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac10504-bda7-4e84-9cc0-f0e3c52b431f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4908
x-amzn-requestid: 9fc39dc5-e5d7-4c97-a536-7500556b5e39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WRF6UoAMF6pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c1-75c1c26f521965ab11e6d394;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KOKwwfDfUvcJPWOafiWf1vn2pbszgjHKjQrZCmcfGuNZ2V5M-F_nKw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:55:07 GMT
age: 25977
etag: "3e51dfc3f25ce466ef32f33547b71dc5ce5c6386"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:42:57 GMT
age: 26707
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d465bda-e8f7-498a-8b8e-9fd8f5a4e863.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d465bda-e8f7-498a-8b8e-9fd8f5a4e863.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc6b9225b635519ff0e90400781c6676
e576ab2c5b08780162d104a060c873f52b221538
6dfe0bff6f08723604b2e4805b53dbc1907a8e6f7f56b06c110fbb8f344034d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d465bda-e8f7-498a-8b8e-9fd8f5a4e863.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10872
x-amzn-requestid: b4f88a88-7ae0-4419-a9d6-a985c7951cc0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BezvPGRBoAMFmdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6408fffa-00f0efac63f09f3d5662adbf;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: LWbpNE2xPWrYvBLtEuqnjxXclPKn_-sL1V_cyM5IdU3yqi1moDxBVA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:16:08 GMT
etag: "e576ab2c5b08780162d104a060c873f52b221538"
content-type: image/jpeg
age: 24716
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4985a20c-c5c5-46f5-87f2-600b40b9691d.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4985a20c-c5c5-46f5-87f2-600b40b9691d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 193459785f7b9edc4c0407e12d61670d
69158749f88794aa299b565ff56478652adb34b9
22fc0bc65444635237b1d616240526823193e94a6ad567985c5db416deb315ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4985a20c-c5c5-46f5-87f2-600b40b9691d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6857
x-amzn-requestid: abeb0887-c368-4222-998f-5509c4e2b8ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BezeuEHmIAMFkqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6408ff91-6650e7e10a8691ad059e5731;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 21:35:13 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: tUcV1HYLo0swU7Ekd4Ede__3ho0WqhyryMCjdL_plKaEM-MlnGU6Vw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 bb763d35677c62f9f5d9728bba884662.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:02:04 GMT
age: 25560
etag: "69158749f88794aa299b565ff56478652adb34b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.alfabell.com/index_files/styles.74b13c8ccc854eff.css
190.90.160.172200 OK 186 kB URL HTTP/1.1 www.alfabell.com/index_files/styles.74b13c8ccc854eff.css
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type ASCII text, with very long lines (65536), with no line terminators
Size 186 kB (185919 bytes)
Hash 1cd1c305848030a59acdba3e17b79a97
1063fd202289a4418a88bb60d65de131fb8e3885
90233bf6e34d7f6273197babf5b7d74964c1edcc099c39b073eb8cb089671d0b
Analyzer Verdict Alert openphish Citigroup Inc.
GET /index_files/styles.74b13c8ccc854eff.css HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:03 GMT
content-type: text/css
last-modified: Fri, 16 Dec 2022 19:24:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 185919
date: Mon, 13 Mar 2023 05:08:03 GMT
server: LiteSpeed
www.alfabell.com/index_files/line-data.svg
190.90.160.172200 OK 959 B URL HTTP/1.1 www.alfabell.com/index_files/line-data.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1117)
Hash df40f6ffe2604d4063f37e9465481f61
08f5bb03f59d789652e92d5c34a4d77b256406d9
36941f84c8b4b4fe271486f102bfd5500692d392eb9d7087db1ce0c62e09f6cb
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/line-data.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 959
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/HP_1262_CitiSelfInvest_Image.jpg
190.90.160.172200 OK 47 kB URL HTTP/1.1 www.alfabell.com/index_files/HP_1262_CitiSelfInvest_Image.jpg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash e1ce6608d5e57802fe0a9ab6e892806c
0388ed415be5ca12055fb92c38f9cf1083e2c04e
21ce9d5fb1b0c08a3983cabe314138b163341fea02a49962bdec84a5a13e02e0
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/HP_1262_CitiSelfInvest_Image.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:33:12 GMT
accept-ranges: bytes
content-length: 47164
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 05db66ff3c26d5995d856167a43cad2f
16b6e35d653a57c5768b085e8f629b9abfd26dbc
3e53caa18199e898e609c34ab074d758217ecacbef6a1597a0249afc9b720b71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1342
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 13 Mar 2023 05:08:04 GMT
Last-Modified: Mon, 13 Mar 2023 04:45:42 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
online.citi.com/JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x600, components 3\012- data
Hash 09cfa7b756b6a66e6ae88510b88fa592
ae487ba19f1d3f2465cfaec5e113cc222709e568
8eb4143c752b3ab868b3cc79fe6b3786c43ca465e0528a2c46683f2bff979f34
GET /JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.alfabell.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 06 Oct 2021 21:34:27 GMT
accept-ranges: bytes
content-length: 11476
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Mon, 13 Mar 2023 05:08:04 GMT
set-cookie: AKMTLTSID=A24FE4D78ECEA48A3EFCF11D088C9755; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
www.alfabell.com/index_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg
190.90.160.172200 OK 36 kB URL HTTP/1.1 www.alfabell.com/index_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Hash 828a87bf98784f50f064562fdc53b062
152a1c4c9b44cbf38f502adc905f46ebea41c98d
77793ec25b490750a8db0f5d2b8fc262ed16008b99f83ff6c12cc2da8923377e
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:32:20 GMT
accept-ranges: bytes
content-length: 36429
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/HP_2464_3_Up_M1M7_Lifestyle.jpg
190.90.160.172200 OK 39 kB URL HTTP/1.1 www.alfabell.com/index_files/HP_2464_3_Up_M1M7_Lifestyle.jpg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 560x315, components 3\012- data
Hash 97e9864e9188fce680cf0e9478ed7a6c
795d6fc63683b60ff60f9dd9b2d7cca2cee15079
d9464c82dcaa00bdab510a9efb940298c3d41f24ac174cf9bddd078c78e2fdc8
Analyzer Verdict Alert openphish Citigroup Inc.
GET /index_files/HP_2464_3_Up_M1M7_Lifestyle.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:32:46 GMT
accept-ranges: bytes
content-length: 38761
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/Interstate-Regular.woff
190.90.160.172200 OK 79 kB URL HTTP/1.1 www.alfabell.com/index_files/Interstate-Regular.woff
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Hash b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/Interstate-Regular.woff HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: font/woff
last-modified: Fri, 16 Dec 2022 19:01:40 GMT
accept-ranges: bytes
content-length: 78762
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/8150_M.jpg
190.90.160.172200 OK 59 kB URL HTTP/1.1 www.alfabell.com/index_files/8150_M.jpg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 4fbef9c77af6e4d90963985390e27636
0342656ead2dcdf222c690e1341766a8c40eba02
e5ae1f17aec843ae719082dc7acad74bc95baefb9955e2919cfe21f28f35806f
Analyzer Verdict Alert openphish Citigroup Inc.
GET /index_files/8150_M.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:31:50 GMT
accept-ranges: bytes
content-length: 58668
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/citilogoredesign.png
190.90.160.172200 OK 1.8 kB URL HTTP/1.1 www.alfabell.com/index_files/citilogoredesign.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/citilogoredesign.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:34 GMT
accept-ranges: bytes
content-length: 1799
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/050-location2x.svg
190.90.160.172200 OK 761 B URL HTTP/1.1 www.alfabell.com/index_files/050-location2x.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 85543620ad38e56e244712bb273cc762
026fe241f39ff19ddc789d2803d133ddcc9cf4b5
f8fdcf346192649aa2a56db9ff75914b81db8846c19b45f79af577277f0ddf86
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/050-location2x.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 761
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/Interstate-Light.woff
190.90.160.172200 OK 76 kB URL HTTP/1.1 www.alfabell.com/index_files/Interstate-Light.woff
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/Interstate-Light.woff HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: font/woff
last-modified: Fri, 16 Dec 2022 18:56:52 GMT
accept-ranges: bytes
content-length: 75538
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/icon_globe_med-grey2x.svg
190.90.160.172200 OK 1.4 kB URL HTTP/1.1 www.alfabell.com/index_files/icon_globe_med-grey2x.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash 769292d9568b737a34073c73ebf39f33
46520223668e253c5b49011c3bcbd262a211b950
bf624c4c42485cd1755ccfa5f8653cea2ba55e0b4faaf4cad028714ffe1c2225
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/icon_globe_med-grey2x.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1430
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/right-white-chevi.svg
190.90.160.172200 OK 753 B URL HTTP/1.1 www.alfabell.com/index_files/right-white-chevi.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (391)
Hash 3c7049f3ff9656e0251141cfa5fbbb22
bf230eeb36c5489b0be5de735431db64652ca572
18fffcdd3204dd2efa4c5b1e31a1d752ad068e6bf7b442f5c1f217aa334ae0dc
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/right-white-chevi.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 19:00:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 753
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/HP_1554_2_0_Hero.png
190.90.160.172200 OK 86 kB URL HTTP/1.1 www.alfabell.com/index_files/HP_1554_2_0_Hero.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 483 x 483, 8-bit colormap, non-interlaced\012- data
Hash 9dcfd87067c0065ca66431fec2eaf5b7
09aa397d2a79a9fd117568e3bdc4adec990aa3ee
c350ef3e24d3c8f5161deaf0a6b518e24099a6c79ce85f11164754515a37ecdb
Analyzer Verdict Alert openphish Citigroup Inc.
GET /index_files/HP_1554_2_0_Hero.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 86287
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/Interstate-Bold.woff
190.90.160.172200 OK 72 kB URL HTTP/1.1 www.alfabell.com/index_files/Interstate-Bold.woff
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Hash 9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/Interstate-Bold.woff HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: font/woff
last-modified: Fri, 16 Dec 2022 19:01:36 GMT
accept-ranges: bytes
content-length: 71874
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed
www.alfabell.com/index_files/search.svg
190.90.160.172200 OK 712 B URL HTTP/1.1 www.alfabell.com/index_files/search.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (899)
Hash b4e8b6cb8a160ce7f14b160a9cff17d6
3cdc732cd60c4d0c65e1bdfeec21fc3244f61dd1
06ca0b2aef5f991522955eb6aac7231194ebbe478cd3d8d69dc24e0d6bc3e847
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/search.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:59:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 712
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/Wave_Bottom.svg
190.90.160.172200 OK 1.5 kB URL HTTP/1.1 www.alfabell.com/index_files/Wave_Bottom.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1134)
Hash 629e3875e12dca5efe5e0155813b6822
b0faff6ac19fd48ec69cbd2a4b3ed0f638ed8763
21bc12072f50919b1e0dddb5cc49d6986919c228bbd3dc97fe7580fa001ad4ef
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/Wave_Bottom.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1511
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/Wave_Top.svg
190.90.160.172200 OK 1.3 kB URL HTTP/1.1 www.alfabell.com/index_files/Wave_Top.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (559)
Hash c70b7ac1bfd4b82f54025396ad627101
06a0b6a000da61481e78b95c79e852864b099cca
151b62c864c69facb467d46c1ed3bc078caf621d1fe8257ae6dde4d4b5210bcd
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/Wave_Top.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1317
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/HP_1005_LifestyleBenefit_3Up_M1M7.jpg
190.90.160.172200 OK 59 kB URL HTTP/1.1 www.alfabell.com/index_files/HP_1005_LifestyleBenefit_3Up_M1M7.jpg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash fcb99b768eaad9279a6b10baae28f8b3
15bf1f721cf35091ba80ef790b11f7a5cc8c1e7c
f0dbc6cfd4a4c729ae0ca2f1404efcdb3e61e4943032b1767a567b9fbce33a51
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/HP_1005_LifestyleBenefit_3Up_M1M7.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:33:46 GMT
accept-ranges: bytes
content-length: 58806
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/Wave_Top_Grey.svg
190.90.160.172200 OK 956 B URL HTTP/1.1 www.alfabell.com/index_files/Wave_Top_Grey.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (552)
Hash 6037e31f1bfb7ce5d2ad71968b4474be
423413464bc14d64e7f3d204ff17aec6ee3939c6
32e08f4b86b250793ca53aa0eb94791fef56db5c4364a11f5604434fe5de1060
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/Wave_Top_Grey.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 956
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/GENDERPAYBAN.png
190.90.160.172200 OK 18 kB URL HTTP/1.1 www.alfabell.com/index_files/GENDERPAYBAN.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 483 x 483, 8-bit colormap, non-interlaced\012- data
Hash 3354d82713f083afcf7a80bbd372a314
74a5db9c419cd587fb690e346e367ccfe3f2c99e
891bd7ab749935a37758ecb991d9f83b8baaddd54fd230e74343e369ef0b6cc4
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/GENDERPAYBAN.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 19:34:16 GMT
accept-ranges: bytes
content-length: 17511
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/EqualHousing.png
190.90.160.172200 OK 1.6 kB URL HTTP/1.1 www.alfabell.com/index_files/EqualHousing.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 83a5bb8d054fc7b4adab0615c487dc25
8a26d8e39da754c8f63d2a3122ed87a6e4a7f369
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/EqualHousing.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 1606
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/1440_Citi-PLT3x.png
190.90.160.172200 OK 28 kB URL HTTP/1.1 www.alfabell.com/index_files/1440_Citi-PLT3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/1440_Citi-PLT3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 28149
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/googlePlay3x.png
190.90.160.172200 OK 25 kB URL HTTP/1.1 www.alfabell.com/index_files/googlePlay3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 390 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 27b0482f8ebba1e3cc92d2eee497497e
379e9e2ed883250c02736c151a47d38248285572
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/googlePlay3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 25077
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/appStore3x.png
190.90.160.172200 OK 20 kB URL HTTP/1.1 www.alfabell.com/index_files/appStore3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 351 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash d461f4d2e32e339372869b3f4be72007
d8e3a847a7d18c3948617f75622f6cd27bd4cd54
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/appStore3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 20047
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/social-media_facebook3x.png
190.90.160.172200 OK 445 B URL HTTP/1.1 www.alfabell.com/index_files/social-media_facebook3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/social-media_facebook3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 445
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/social-media_twitter3x.png
190.90.160.172200 OK 1.3 kB URL HTTP/1.1 www.alfabell.com/index_files/social-media_twitter3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/social-media_twitter3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 1277
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/social-media_youtube3x.png
190.90.160.172200 OK 1.2 kB URL HTTP/1.1 www.alfabell.com/index_files/social-media_youtube3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/social-media_youtube3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 1175
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/qrsignon.png
190.90.160.172200 OK 741 B URL HTTP/1.1 www.alfabell.com/index_files/qrsignon.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash a5ee9c25c190474a2efe66a609a2ca19
890832b6a7115abd51f480dce8e74206f06a428a
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/qrsignon.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 741
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/mail.svg
190.90.160.172200 OK 739 B URL HTTP/1.1 www.alfabell.com/index_files/mail.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (710)
Hash 5fd3d163b6eaa56317d3b366f1edc799
85654ca34c8e07e2ecf35915b0da07c61ac45606
fb52387f767aaf28b39536a324ed7e81235987005185bdd45dbbd4a3dbeced07
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/mail.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 739
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/citi_bonus_offers.svg
190.90.160.172200 OK 1.7 kB URL HTTP/1.1 www.alfabell.com/index_files/citi_bonus_offers.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (3718)
Hash 44c2230176ffb3ea920ec6c1bb502944
4487648cb663292e8eab8036228a309423156a19
ac61651e93c890d5a077301a0aa713422e25b6a836893883e0094ae5e17192e4
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/citi_bonus_offers.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1662
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/citiKT.svg
190.90.160.172200 OK 1.4 kB URL HTTP/1.1 www.alfabell.com/index_files/citiKT.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2516)
Hash ad1c059a915b8baf135a995dd1d99b62
33ce6d76a45a1392ad281b24982b68d4f6dc6b63
2cd11aa2358c56f979499f3fee7f3a9fad8c13f78c2c83c2f905318efba6c723
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/citiKT.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1370
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/320_Citi-PLT3x.png
190.90.160.172200 OK 12 kB URL HTTP/1.1 www.alfabell.com/index_files/320_Citi-PLT3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/320_Citi-PLT3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 11562
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/home.svg
190.90.160.172200 OK 818 B URL HTTP/1.1 www.alfabell.com/index_files/home.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1266)
Hash 395741019a89ea74327c9fd6699348ec
7dfceb5fc3a998de760ed9e3e55302063cf7e623
ac63a49f6cee9fe777fe74fb6def9f2f23999ca8a2664feeeae669a2b30cfcd5
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/home.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 818
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/calculator.svg
190.90.160.172200 OK 1.0 kB URL HTTP/1.1 www.alfabell.com/index_files/calculator.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1649)
Hash a71f9310f957d42f0145a86e948f4cc1
6e3986f7cf3ea99a9abab46532cd45524489ba68
28e6b1658783941914d8067480bb39ec57ffc0191557d6399aa11b14f3b8f7f3
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/calculator.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1013
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/idea.svg
190.90.160.172200 OK 924 B URL HTTP/1.1 www.alfabell.com/index_files/idea.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1448)
Hash 7f1ea16d73b871b0e5c700bff1f951b7
6d3ec4314f30f58e5437a69a56d4206887f95a94
653597d54f13482cb4dfa5536f146e1c06fb1ecc32299abd8a2b40098e3f3239
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/idea.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 924
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/mortage-learning-center1x.png
190.90.160.172200 OK 829 B URL HTTP/1.1 www.alfabell.com/index_files/mortage-learning-center1x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 33b2062b82b686301ad7b7d9b6cb12da
561e6040162f2e3a29202c7b4f55d9ad6925baba
bd6124aa009720569f3745f3513e09a65678daa849cbff24daf0ab0f0acf7854
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/mortage-learning-center1x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 829
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/profile-service.svg
190.90.160.172200 OK 1.2 kB URL HTTP/1.1 www.alfabell.com/index_files/profile-service.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1453)
Hash 75a8ce2fb275438d323ef42e373ca8eb
247fc74be6751469b8a30b2febd796d2934f342c
f3b13b99ad82f2fea480c3521bb2f1e0d3d4d4e613e6d4ecbf9036bdc3855c6b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/profile-service.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1160
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/savings.svg
190.90.160.172200 OK 2.1 kB URL HTTP/1.1 www.alfabell.com/index_files/savings.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (3665)
Hash d549984d6949c0d0ef60581d48d004c1
023a29163e329d52da3c75aba52277849b29b227
7805e59289c0c648bf046a772719530ebdf9177edfebe48c498f03df22a6f866
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/savings.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2052
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/location-blue.svg
190.90.160.172200 OK 840 B URL HTTP/1.1 www.alfabell.com/index_files/location-blue.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 4815d54574fb61848184ce95465943e6
b11f075237d1246614d49eb9ed092c262c32b8e8
dcf3054f98ff025803821fd49a4759b8af25bb2d94d0c8a0cf3d0a0f0703b4fb
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/location-blue.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 840
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed
www.alfabell.com/index_files/laptop-and-phone-success.png
190.90.160.172200 OK 13 kB URL HTTP/1.1 www.alfabell.com/index_files/laptop-and-phone-success.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 366 x 231, 8-bit/color RGBA, non-interlaced\012- data
Hash a893e016676ccbfcbb496b7f81673ada
f4f951b24cbb92ff0a2095e0052a17ce90e3faf7
82b78ed4a68d13bb927ce09291b82255ae0f8d9b28afc70083a328a8977b7713
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/laptop-and-phone-success.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 13259
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed
www.alfabell.com/index_files/laptop-and-phone-pairing.png
190.90.160.172200 OK 11 kB URL HTTP/1.1 www.alfabell.com/index_files/laptop-and-phone-pairing.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 366 x 231, 8-bit/color RGBA, non-interlaced\012- data
Hash e53f5a014254387f8774f48689bea9bc
441bf082d755e6033061c31a0cbfe38bbee9512a
280255d34c881ca94627b2a1bfe5a44b068487c6bd9da9d55a01f8763a3c7914
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/laptop-and-phone-pairing.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 10946
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed
www.alfabell.com/index_files/phone-3x.png
190.90.160.172200 OK 6.1 kB URL HTTP/1.1 www.alfabell.com/index_files/phone-3x.png
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 144 x 270, 8-bit/color RGBA, non-interlaced\012- data
Hash 3b38834607cf78bb57f8e6ffcc564f02
f3f5d7c7ee0ab9d45cf1120449cf73b9e216cf97
62920961d08702254a7deac2601d0481ee1c548fab440b64517c2d86c468843f
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /index_files/phone-3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 6124
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed
www.alfabell.com/index_files/finDocument.svg
190.90.160.172200 OK 932 B URL HTTP/1.1 www.alfabell.com/index_files/finDocument.svg
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1499)
Hash 3cdb5198f5d33217e05b44cf961b8985
ebebfc3a4aaa5fa62c9871f9d1e13783ebb1a69a
4d3ae2e5777da1a75823d3fb1c1f53c841926ca9cba64c0dfdfa658bc32295af
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /index_files/finDocument.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 932
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed
www.alfabell.com/favicon.ico
190.90.160.172200 OK 8.1 kB URL HTTP/1.1 www.alfabell.com/favicon.ico
IP 190.90.160.172:0
ASN #26619 GTD COLOMBIA S.A.S
File type PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Hash cb435a5d4d63543f56ae50a6f33142b6
1b151548560b5df8c926a8dd4350709f202771e6
c0fa37a99fcf0208eb743d0e25e11d9b9aa7897233078b4aa78d220269edced9
Analyzer Verdict Alert urlquery phishing Phishing - Citi
openphish Citigroup Inc.
GET /favicon.ico HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/x-icon
last-modified: Fri, 16 Dec 2022 18:47:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 8136
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed