Report - www.alfabell.com/

Report Overview

Submitted URL
www.alfabell.com/
IP
190.90.160.172
ASN
#26619 GTD COLOMBIA S.A.S
Submitted
2023-03-13 05:08:13
Access
public
Website Title
Final URL
Tags
citi financial phishing
urlquery detections
Phishing - Citi

Detections

urlquery
41
Network Intrusion Detection
0
Threat Detection Systems
138

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-25T05:09:25Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-24T18:17:07Z	606 B	127 B	54.186.165.49
www.alfabell.com	unknown			17 kB	1.0 MB	190.90.160.172
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-24T16:33:49Z	3.2 kB	48 kB	34.120.237.76
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-25T04:18:49Z	341 B	739 B	192.229.221.95
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-24T18:14:23Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-24T18:20:20Z	413 B	5.9 kB	34.160.144.191
online.citi.com	23902	2015-08-09T07:07:37Z	2023-03-25T08:38:28Z	440 B	12 kB	104.110.15.25
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T05:09:02Z	2.4 kB	6.2 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.
2023-03-12	medium	www.alfabell.com/	Citigroup Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-13	medium	www.alfabell.com/	Phishing
2023-03-13	medium	www.alfabell.com/index_files/jquery.min.js	Phishing
2023-03-13	medium	www.alfabell.com/index_files/line-data.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/Interstate-Regular.woff	Phishing
2023-03-13	medium	www.alfabell.com/index_files/050-location2x.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/Interstate-Light.woff	Phishing
2023-03-13	medium	www.alfabell.com/index_files/icon_globe_med-grey2x.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/right-white-chevi.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/Interstate-Bold.woff	Phishing
2023-03-13	medium	www.alfabell.com/index_files/search.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/Wave_Bottom.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/Wave_Top.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/Wave_Top_Grey.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/mail.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/citi_bonus_offers.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/citiKT.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/home.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/calculator.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/idea.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/profile-service.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/savings.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/location-blue.svg	Phishing
2023-03-13	medium	www.alfabell.com/index_files/finDocument.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	www.alfabell.com/index_files/app.js?1	9.0 kB	2023-03-14	2023-09-18
Pretty URL www.alfabell.com/index_files/app.js?1 IP 190.90.160.172 ASN #26619 GTD COLOMBIA S.A.S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 16:08:42 Last Seen2023-09-18 01:14:20 Times Seen80 Hash dc3a736b73ab95287e882de919013d40 64e6489eb67fd473a8064d9cf87e4a62795c8500 5cdc5f90a7705ad0f6faad28ebed742064c749b1697f127c29023867d5db7c2c Loading...

	www.alfabell.com/index_files/jquery.min.js	88 kB	2023-03-10	2023-12-07
Pretty URL www.alfabell.com/index_files/jquery.min.js IP 190.90.160.172 ASN #26619 GTD COLOMBIA S.A.S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:11:33 Last Seen2023-12-07 05:55:55 Times Seen114 Hash 9cceff77b705a31a33d0a4761ac2d42b d5110f3dce294c65882402fdffa65a0a0f0a4691 4ce8db31f1c43f1dfc43dba9adf916ddf6b10bbb0c3264cdd8b868684ee62878 Loading...

	www.alfabell.com/	99 B	2023-03-14	2023-09-18
Pretty URL www.alfabell.com/ IP 190.90.160.172 ASN #26619 GTD COLOMBIA S.A.S Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 16:08:42 Last Seen2023-09-18 01:14:19 Times Seen66 Hash 84887e283814f518fb0381a12f83767b d44e2431ac6f4d4ef965c265f52e5086837d53c9 0a51a23b87058bf5a4f4de1da3d67ec92bb8e23d2e7df6881184348b6917cef1 Loading...

HTTP Transactions (67)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Mon, 13 Mar 2023 07:24:00 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
405abd45d42535567c1ecb518f4bdb04
0505c27fe2921bfa89657173fb77ca7280f04772
bdef4e5edfe0bf3fefb4dc5625e41f3faeb23a0afd24c4e6255f40f757568c35

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDEF4E5EDFE0BF3FEFB4DC5625E41F3FAEB23A0AFD24C4E6255F40F757568C35"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4309
Expires: Mon, 13 Mar 2023 06:19:51 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Alert, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 13 Mar 2023 04:09:19 GMT
content-type: application/json
age: 3523
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae4d7bec26e013433e638f87260aa632
62384e39bc90d0b2ab92895220f0383e678669f4
b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19960
Expires: Mon, 13 Mar 2023 10:40:42 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 16j3YsB/fytBf9PNzq1/vrz6NN4fAdJU2y3aL1YrfM2rK5QLCDi9FRcHIs2a6y/ndCWVTTrJM4M=
x-amz-request-id: 4103A8Z4HFMAAX1W
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 13 Mar 2023 04:46:14 GMT
age: 1308
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 05:08:02 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 13 Mar 2023 05:06:47 GMT
age: 75
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b426c61dbf49129b0554669c6666e025
6b329663868aac72e296a4c594d46b542f7003e7
6349d43a437729d91c0739616283458cbc123bd6d056522f68cd48b89364ea95

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6349D43A437729D91C0739616283458CBC123BD6D056522F68CD48B89364EA95"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6732
Expires: Mon, 13 Mar 2023 07:00:14 GMT
Date: Mon, 13 Mar 2023 05:08:02 GMT
Connection: keep-alive

push.services.mozilla.com/

54.186.165.49

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.186.165.49:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HfH5CfbSXO1Y94lY6M3SzQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XHhLMbM7mkcDUHuaH+O5Zp1OfJY=

www.alfabell.com/

190.90.160.172

200 OK

92 kB

URL HTTP/1.1
www.alfabell.com/
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (42591)
Size
92 kB (91782 bytes)
Hash
e37517c0131dcc4824fcebe8a0ef2b70
0da31c14ecc3bf8de0e2db5ef8c4ca67aa7dc492
f0d6ed9057d4f09b1abada77d06fc974c550182f31a346a193f776efa922f151

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
set-cookie: t=79660027640eafb2c04fb; expires=Tue, 21-Mar-2023 13:08:02 GMT; Max-Age=720000; path=/; domain=www.alfabell.com
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Mon, 13 Mar 2023 05:08:02 GMT
server: LiteSpeed

www.alfabell.com/index_files/app.js?1

190.90.160.172

200 OK

1.7 kB

URL HTTP/1.1
www.alfabell.com/index_files/app.js?1
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
ASCII text, with CRLF line terminators
Size
1.7 kB (1745 bytes)
Hash
63785c639b077481d35bf0d71b877ad8
980e70c61ae240f20168d920b10fb56f7eef759f
48a629f0525344891c9ef7a37e89079b089e9b9d4af3f3a59d919d13f0aa4ac0

HTTP Headers

GET /index_files/app.js?1 HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:03 GMT
content-type: application/javascript
last-modified: Thu, 02 Mar 2023 01:25:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1745
date: Mon, 13 Mar 2023 05:08:03 GMT
server: LiteSpeed

www.alfabell.com/index_files/jquery.min.js

190.90.160.172

200 OK

31 kB

URL HTTP/1.1
www.alfabell.com/index_files/jquery.min.js
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
ASCII text, with very long lines (65451)
Size
31 kB (30767 bytes)
Hash
92de45738280e26d3e61bad253796d91
94c6e6a2a023f007b9f9a4fd7b16a185010edf18
411e4a2e47b4f9127ed74e936e9efdb876042657fa366ac3011ddac7fd2a69d2

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/jquery.min.js HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:03 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 03:42:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30767
date: Mon, 13 Mar 2023 05:08:03 GMT
server: LiteSpeed

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3572
Expires: Mon, 13 Mar 2023 06:07:36 GMT
Date: Mon, 13 Mar 2023 05:08:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3572
Expires: Mon, 13 Mar 2023 06:07:36 GMT
Date: Mon, 13 Mar 2023 05:08:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1cb274086a7fc07be41dfeb65ec1dbf
c6339993814eda4b9629ef179222b060d1f5143b
b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3572
Expires: Mon, 13 Mar 2023 06:07:36 GMT
Date: Mon, 13 Mar 2023 05:08:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b90d71-38dd-41be-b00f-df70bd5d923d.jpeg

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b90d71-38dd-41be-b00f-df70bd5d923d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4866 bytes)
Hash
2eedbee19ad8b7fe24b5c3cda8d92825
1eaffe902658900d684f44e4c68234075f65cb87
e0c5964a97e0c292958c7ae074d6384bac147d13fb8daf900d2097b46092205c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b90d71-38dd-41be-b00f-df70bd5d923d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4866
x-amzn-requestid: 2a7e29d8-ec57-4bf1-a0c7-b5aa19ad683c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BmJXdG8boAMF2PA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640bef62-622794ed6602dc090e201412;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 03:02:58 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: pSNGZrZt1ZT1_3zdzsTwLgwsZ5jtvsCHDNTW8mIHwo4nNxLGuRGVmQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 03:57:06 GMT
age: 4258
etag: "1eaffe902658900d684f44e4c68234075f65cb87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526e67f-3282-4c5f-b3c2-060969983db7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5711 bytes)
Hash
d9181f899a76e192bb17790a1d9d9246
0b8482f307f17141170ae305a053870e9d698ad0
fc24b7f153e1697defc13bb008905852e01e5e560eb23725dc0824d9e6743312

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1526e67f-3282-4c5f-b3c2-060969983db7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5711
x-amzn-requestid: 14af383e-a18a-4e3b-b7e8-206119f07b2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_UlHlboAMF6DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45b6-111c41752512faa0174c321a;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8rrU8RHf5cR5r4iEqCs58EeiSY1nTThZBVSJwXZBupXGMVe0ElxWvw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:54:15 GMT
age: 26029
etag: "0b8482f307f17141170ae305a053870e9d698ad0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac10504-bda7-4e84-9cc0-f0e3c52b431f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4908 bytes)
Hash
acf8e503fdc5f8d29da5b36ac4b0b7f9
3e51dfc3f25ce466ef32f33547b71dc5ce5c6386
078aec825c3b57ce561410506aa4c1dad3255e88700968e2e41d1d40dfd39be8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac10504-bda7-4e84-9cc0-f0e3c52b431f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4908
x-amzn-requestid: 9fc39dc5-e5d7-4c97-a536-7500556b5e39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WRF6UoAMF6pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c1-75c1c26f521965ab11e6d394;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KOKwwfDfUvcJPWOafiWf1vn2pbszgjHKjQrZCmcfGuNZ2V5M-F_nKw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:55:07 GMT
age: 25977
etag: "3e51dfc3f25ce466ef32f33547b71dc5ce5c6386"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8487 bytes)
Hash
be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:42:57 GMT
age: 26707
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d465bda-e8f7-498a-8b8e-9fd8f5a4e863.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10872 bytes)
Hash
cc6b9225b635519ff0e90400781c6676
e576ab2c5b08780162d104a060c873f52b221538
6dfe0bff6f08723604b2e4805b53dbc1907a8e6f7f56b06c110fbb8f344034d6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d465bda-e8f7-498a-8b8e-9fd8f5a4e863.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10872
x-amzn-requestid: b4f88a88-7ae0-4419-a9d6-a985c7951cc0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BezvPGRBoAMFmdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6408fffa-00f0efac63f09f3d5662adbf;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: LWbpNE2xPWrYvBLtEuqnjxXclPKn_-sL1V_cyM5IdU3yqi1moDxBVA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:16:08 GMT
etag: "e576ab2c5b08780162d104a060c873f52b221538"
content-type: image/jpeg
age: 24716
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4985a20c-c5c5-46f5-87f2-600b40b9691d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6857 bytes)
Hash
193459785f7b9edc4c0407e12d61670d
69158749f88794aa299b565ff56478652adb34b9
22fc0bc65444635237b1d616240526823193e94a6ad567985c5db416deb315ea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4985a20c-c5c5-46f5-87f2-600b40b9691d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6857
x-amzn-requestid: abeb0887-c368-4222-998f-5509c4e2b8ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BezeuEHmIAMFkqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6408ff91-6650e7e10a8691ad059e5731;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 21:35:13 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: tUcV1HYLo0swU7Ekd4Ede__3ho0WqhyryMCjdL_plKaEM-MlnGU6Vw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 bb763d35677c62f9f5d9728bba884662.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:02:04 GMT
age: 25560
etag: "69158749f88794aa299b565ff56478652adb34b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.alfabell.com/index_files/styles.74b13c8ccc854eff.css

190.90.160.172

200 OK

186 kB

URL HTTP/1.1
www.alfabell.com/index_files/styles.74b13c8ccc854eff.css
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
ASCII text, with very long lines (65536), with no line terminators
Size
186 kB (185919 bytes)
Hash
1cd1c305848030a59acdba3e17b79a97
1063fd202289a4418a88bb60d65de131fb8e3885
90233bf6e34d7f6273197babf5b7d74964c1edcc099c39b073eb8cb089671d0b

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/styles.74b13c8ccc854eff.css HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:03 GMT
content-type: text/css
last-modified: Fri, 16 Dec 2022 19:24:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 185919
date: Mon, 13 Mar 2023 05:08:03 GMT
server: LiteSpeed

www.alfabell.com/index_files/line-data.svg

190.90.160.172

200 OK

959 B

URL HTTP/1.1
www.alfabell.com/index_files/line-data.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1117)
Size
959 B (959 bytes)
Hash
df40f6ffe2604d4063f37e9465481f61
08f5bb03f59d789652e92d5c34a4d77b256406d9
36941f84c8b4b4fe271486f102bfd5500692d392eb9d7087db1ce0c62e09f6cb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/line-data.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 959
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/HP_1262_CitiSelfInvest_Image.jpg

190.90.160.172

200 OK

47 kB

URL HTTP/1.1
www.alfabell.com/index_files/HP_1262_CitiSelfInvest_Image.jpg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
47 kB (47164 bytes)
Hash
e1ce6608d5e57802fe0a9ab6e892806c
0388ed415be5ca12055fb92c38f9cf1083e2c04e
21ce9d5fb1b0c08a3983cabe314138b163341fea02a49962bdec84a5a13e02e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/HP_1262_CitiSelfInvest_Image.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:33:12 GMT
accept-ranges: bytes
content-length: 47164
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
05db66ff3c26d5995d856167a43cad2f
16b6e35d653a57c5768b085e8f629b9abfd26dbc
3e53caa18199e898e609c34ab074d758217ecacbef6a1597a0249afc9b720b71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1342
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 13 Mar 2023 05:08:04 GMT
Last-Modified: Mon, 13 Mar 2023 04:45:42 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471

online.citi.com/JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x600, components 3\012- data
Size
12 kB (11476 bytes)
Hash
09cfa7b756b6a66e6ae88510b88fa592
ae487ba19f1d3f2465cfaec5e113cc222709e568
8eb4143c752b3ab868b3cc79fe6b3786c43ca465e0528a2c46683f2bff979f34

HTTP Headers

GET /JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.alfabell.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 06 Oct 2021 21:34:27 GMT
accept-ranges: bytes
content-length: 11476
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Mon, 13 Mar 2023 05:08:04 GMT
set-cookie: AKMTLTSID=A24FE4D78ECEA48A3EFCF11D088C9755; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

www.alfabell.com/index_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg

190.90.160.172

200 OK

36 kB

URL HTTP/1.1
www.alfabell.com/index_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Size
36 kB (36429 bytes)
Hash
828a87bf98784f50f064562fdc53b062
152a1c4c9b44cbf38f502adc905f46ebea41c98d
77793ec25b490750a8db0f5d2b8fc262ed16008b99f83ff6c12cc2da8923377e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:32:20 GMT
accept-ranges: bytes
content-length: 36429
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/HP_2464_3_Up_M1M7_Lifestyle.jpg

190.90.160.172

200 OK

39 kB

URL HTTP/1.1
www.alfabell.com/index_files/HP_2464_3_Up_M1M7_Lifestyle.jpg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 560x315, components 3\012- data
Size
39 kB (38761 bytes)
Hash
97e9864e9188fce680cf0e9478ed7a6c
795d6fc63683b60ff60f9dd9b2d7cca2cee15079
d9464c82dcaa00bdab510a9efb940298c3d41f24ac174cf9bddd078c78e2fdc8

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/HP_2464_3_Up_M1M7_Lifestyle.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:32:46 GMT
accept-ranges: bytes
content-length: 38761
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/Interstate-Regular.woff

190.90.160.172

200 OK

79 kB

URL HTTP/1.1
www.alfabell.com/index_files/Interstate-Regular.woff
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Size
79 kB (78762 bytes)
Hash
b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/Interstate-Regular.woff HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: font/woff
last-modified: Fri, 16 Dec 2022 19:01:40 GMT
accept-ranges: bytes
content-length: 78762
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/8150_M.jpg

190.90.160.172

200 OK

59 kB

URL HTTP/1.1
www.alfabell.com/index_files/8150_M.jpg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
59 kB (58668 bytes)
Hash
4fbef9c77af6e4d90963985390e27636
0342656ead2dcdf222c690e1341766a8c40eba02
e5ae1f17aec843ae719082dc7acad74bc95baefb9955e2919cfe21f28f35806f

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/8150_M.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:31:50 GMT
accept-ranges: bytes
content-length: 58668
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/citilogoredesign.png

190.90.160.172

200 OK

1.8 kB

URL HTTP/1.1
www.alfabell.com/index_files/citilogoredesign.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/citilogoredesign.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:34 GMT
accept-ranges: bytes
content-length: 1799
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/050-location2x.svg

190.90.160.172

200 OK

761 B

URL HTTP/1.1
www.alfabell.com/index_files/050-location2x.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
761 B (761 bytes)
Hash
85543620ad38e56e244712bb273cc762
026fe241f39ff19ddc789d2803d133ddcc9cf4b5
f8fdcf346192649aa2a56db9ff75914b81db8846c19b45f79af577277f0ddf86

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/050-location2x.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 761
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/Interstate-Light.woff

190.90.160.172

200 OK

76 kB

URL HTTP/1.1
www.alfabell.com/index_files/Interstate-Light.woff
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/Interstate-Light.woff HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: font/woff
last-modified: Fri, 16 Dec 2022 18:56:52 GMT
accept-ranges: bytes
content-length: 75538
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/icon_globe_med-grey2x.svg

190.90.160.172

200 OK

1.4 kB

URL HTTP/1.1
www.alfabell.com/index_files/icon_globe_med-grey2x.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
1.4 kB (1430 bytes)
Hash
769292d9568b737a34073c73ebf39f33
46520223668e253c5b49011c3bcbd262a211b950
bf624c4c42485cd1755ccfa5f8653cea2ba55e0b4faaf4cad028714ffe1c2225

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/icon_globe_med-grey2x.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1430
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/right-white-chevi.svg

190.90.160.172

200 OK

753 B

URL HTTP/1.1
www.alfabell.com/index_files/right-white-chevi.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (391)
Size
753 B (753 bytes)
Hash
3c7049f3ff9656e0251141cfa5fbbb22
bf230eeb36c5489b0be5de735431db64652ca572
18fffcdd3204dd2efa4c5b1e31a1d752ad068e6bf7b442f5c1f217aa334ae0dc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/right-white-chevi.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 19:00:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 753
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/HP_1554_2_0_Hero.png

190.90.160.172

200 OK

86 kB

URL HTTP/1.1
www.alfabell.com/index_files/HP_1554_2_0_Hero.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 483 x 483, 8-bit colormap, non-interlaced\012- data
Size
86 kB (86287 bytes)
Hash
9dcfd87067c0065ca66431fec2eaf5b7
09aa397d2a79a9fd117568e3bdc4adec990aa3ee
c350ef3e24d3c8f5161deaf0a6b518e24099a6c79ce85f11164754515a37ecdb

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/HP_1554_2_0_Hero.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 86287
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/Interstate-Bold.woff

190.90.160.172

200 OK

72 kB

URL HTTP/1.1
www.alfabell.com/index_files/Interstate-Bold.woff
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/Interstate-Bold.woff HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:04 GMT
content-type: font/woff
last-modified: Fri, 16 Dec 2022 19:01:36 GMT
accept-ranges: bytes
content-length: 71874
date: Mon, 13 Mar 2023 05:08:04 GMT
server: LiteSpeed

www.alfabell.com/index_files/search.svg

190.90.160.172

200 OK

712 B

URL HTTP/1.1
www.alfabell.com/index_files/search.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (899)
Size
712 B (712 bytes)
Hash
b4e8b6cb8a160ce7f14b160a9cff17d6
3cdc732cd60c4d0c65e1bdfeec21fc3244f61dd1
06ca0b2aef5f991522955eb6aac7231194ebbe478cd3d8d69dc24e0d6bc3e847

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/search.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:59:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 712
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/Wave_Bottom.svg

190.90.160.172

200 OK

1.5 kB

URL HTTP/1.1
www.alfabell.com/index_files/Wave_Bottom.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1134)
Size
1.5 kB (1511 bytes)
Hash
629e3875e12dca5efe5e0155813b6822
b0faff6ac19fd48ec69cbd2a4b3ed0f638ed8763
21bc12072f50919b1e0dddb5cc49d6986919c228bbd3dc97fe7580fa001ad4ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/Wave_Bottom.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1511
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/Wave_Top.svg

190.90.160.172

200 OK

1.3 kB

URL HTTP/1.1
www.alfabell.com/index_files/Wave_Top.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (559)
Size
1.3 kB (1317 bytes)
Hash
c70b7ac1bfd4b82f54025396ad627101
06a0b6a000da61481e78b95c79e852864b099cca
151b62c864c69facb467d46c1ed3bc078caf621d1fe8257ae6dde4d4b5210bcd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/Wave_Top.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1317
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/HP_1005_LifestyleBenefit_3Up_M1M7.jpg

190.90.160.172

200 OK

59 kB

URL HTTP/1.1
www.alfabell.com/index_files/HP_1005_LifestyleBenefit_3Up_M1M7.jpg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
59 kB (58806 bytes)
Hash
fcb99b768eaad9279a6b10baae28f8b3
15bf1f721cf35091ba80ef790b11f7a5cc8c1e7c
f0dbc6cfd4a4c729ae0ca2f1404efcdb3e61e4943032b1767a567b9fbce33a51

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/HP_1005_LifestyleBenefit_3Up_M1M7.jpg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/jpeg
last-modified: Fri, 16 Dec 2022 19:33:46 GMT
accept-ranges: bytes
content-length: 58806
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/Wave_Top_Grey.svg

190.90.160.172

200 OK

956 B

URL HTTP/1.1
www.alfabell.com/index_files/Wave_Top_Grey.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (552)
Size
956 B (956 bytes)
Hash
6037e31f1bfb7ce5d2ad71968b4474be
423413464bc14d64e7f3d204ff17aec6ee3939c6
32e08f4b86b250793ca53aa0eb94791fef56db5c4364a11f5604434fe5de1060

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/Wave_Top_Grey.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 956
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/GENDERPAYBAN.png

190.90.160.172

200 OK

18 kB

URL HTTP/1.1
www.alfabell.com/index_files/GENDERPAYBAN.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 483 x 483, 8-bit colormap, non-interlaced\012- data
Size
18 kB (17511 bytes)
Hash
3354d82713f083afcf7a80bbd372a314
74a5db9c419cd587fb690e346e367ccfe3f2c99e
891bd7ab749935a37758ecb991d9f83b8baaddd54fd230e74343e369ef0b6cc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/GENDERPAYBAN.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 19:34:16 GMT
accept-ranges: bytes
content-length: 17511
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/EqualHousing.png

190.90.160.172

200 OK

1.6 kB

URL HTTP/1.1
www.alfabell.com/index_files/EqualHousing.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1606 bytes)
Hash
83a5bb8d054fc7b4adab0615c487dc25
8a26d8e39da754c8f63d2a3122ed87a6e4a7f369
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/EqualHousing.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 1606
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/1440_Citi-PLT3x.png

190.90.160.172

200 OK

28 kB

URL HTTP/1.1
www.alfabell.com/index_files/1440_Citi-PLT3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/1440_Citi-PLT3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 28149
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/googlePlay3x.png

190.90.160.172

200 OK

25 kB

URL HTTP/1.1
www.alfabell.com/index_files/googlePlay3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 390 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
25 kB (25077 bytes)
Hash
27b0482f8ebba1e3cc92d2eee497497e
379e9e2ed883250c02736c151a47d38248285572
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/googlePlay3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 25077
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/appStore3x.png

190.90.160.172

200 OK

20 kB

URL HTTP/1.1
www.alfabell.com/index_files/appStore3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 351 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20047 bytes)
Hash
d461f4d2e32e339372869b3f4be72007
d8e3a847a7d18c3948617f75622f6cd27bd4cd54
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/appStore3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 20047
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/social-media_facebook3x.png

190.90.160.172

200 OK

445 B

URL HTTP/1.1
www.alfabell.com/index_files/social-media_facebook3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/social-media_facebook3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 445
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/social-media_twitter3x.png

190.90.160.172

200 OK

1.3 kB

URL HTTP/1.1
www.alfabell.com/index_files/social-media_twitter3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/social-media_twitter3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 1277
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/social-media_youtube3x.png

190.90.160.172

200 OK

1.2 kB

URL HTTP/1.1
www.alfabell.com/index_files/social-media_youtube3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/social-media_youtube3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 1175
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/qrsignon.png

190.90.160.172

200 OK

741 B

URL HTTP/1.1
www.alfabell.com/index_files/qrsignon.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
741 B (741 bytes)
Hash
a5ee9c25c190474a2efe66a609a2ca19
890832b6a7115abd51f480dce8e74206f06a428a
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/qrsignon.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 741
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/mail.svg

190.90.160.172

200 OK

739 B

URL HTTP/1.1
www.alfabell.com/index_files/mail.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (710)
Size
739 B (739 bytes)
Hash
5fd3d163b6eaa56317d3b366f1edc799
85654ca34c8e07e2ecf35915b0da07c61ac45606
fb52387f767aaf28b39536a324ed7e81235987005185bdd45dbbd4a3dbeced07

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/mail.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 739
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/citi_bonus_offers.svg

190.90.160.172

200 OK

1.7 kB

URL HTTP/1.1
www.alfabell.com/index_files/citi_bonus_offers.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (3718)
Size
1.7 kB (1662 bytes)
Hash
44c2230176ffb3ea920ec6c1bb502944
4487648cb663292e8eab8036228a309423156a19
ac61651e93c890d5a077301a0aa713422e25b6a836893883e0094ae5e17192e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/citi_bonus_offers.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1662
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/citiKT.svg

190.90.160.172

200 OK

1.4 kB

URL HTTP/1.1
www.alfabell.com/index_files/citiKT.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2516)
Size
1.4 kB (1370 bytes)
Hash
ad1c059a915b8baf135a995dd1d99b62
33ce6d76a45a1392ad281b24982b68d4f6dc6b63
2cd11aa2358c56f979499f3fee7f3a9fad8c13f78c2c83c2f905318efba6c723

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/citiKT.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1370
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/320_Citi-PLT3x.png

190.90.160.172

200 OK

12 kB

URL HTTP/1.1
www.alfabell.com/index_files/320_Citi-PLT3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/320_Citi-PLT3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:40 GMT
accept-ranges: bytes
content-length: 11562
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/home.svg

190.90.160.172

200 OK

818 B

URL HTTP/1.1
www.alfabell.com/index_files/home.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1266)
Size
818 B (818 bytes)
Hash
395741019a89ea74327c9fd6699348ec
7dfceb5fc3a998de760ed9e3e55302063cf7e623
ac63a49f6cee9fe777fe74fb6def9f2f23999ca8a2664feeeae669a2b30cfcd5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/home.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 818
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/calculator.svg

190.90.160.172

200 OK

1.0 kB

URL HTTP/1.1
www.alfabell.com/index_files/calculator.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1649)
Size
1.0 kB (1013 bytes)
Hash
a71f9310f957d42f0145a86e948f4cc1
6e3986f7cf3ea99a9abab46532cd45524489ba68
28e6b1658783941914d8067480bb39ec57ffc0191557d6399aa11b14f3b8f7f3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/calculator.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1013
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/idea.svg

190.90.160.172

200 OK

924 B

URL HTTP/1.1
www.alfabell.com/index_files/idea.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1448)
Size
924 B (924 bytes)
Hash
7f1ea16d73b871b0e5c700bff1f951b7
6d3ec4314f30f58e5437a69a56d4206887f95a94
653597d54f13482cb4dfa5536f146e1c06fb1ecc32299abd8a2b40098e3f3239

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/idea.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 924
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/mortage-learning-center1x.png

190.90.160.172

200 OK

829 B

URL HTTP/1.1
www.alfabell.com/index_files/mortage-learning-center1x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
829 B (829 bytes)
Hash
33b2062b82b686301ad7b7d9b6cb12da
561e6040162f2e3a29202c7b4f55d9ad6925baba
bd6124aa009720569f3745f3513e09a65678daa849cbff24daf0ab0f0acf7854

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/mortage-learning-center1x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 829
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/profile-service.svg

190.90.160.172

200 OK

1.2 kB

URL HTTP/1.1
www.alfabell.com/index_files/profile-service.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1453)
Size
1.2 kB (1160 bytes)
Hash
75a8ce2fb275438d323ef42e373ca8eb
247fc74be6751469b8a30b2febd796d2934f342c
f3b13b99ad82f2fea480c3521bb2f1e0d3d4d4e613e6d4ecbf9036bdc3855c6b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/profile-service.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1160
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/savings.svg

190.90.160.172

200 OK

2.1 kB

URL HTTP/1.1
www.alfabell.com/index_files/savings.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (3665)
Size
2.1 kB (2052 bytes)
Hash
d549984d6949c0d0ef60581d48d004c1
023a29163e329d52da3c75aba52277849b29b227
7805e59289c0c648bf046a772719530ebdf9177edfebe48c498f03df22a6f866

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/savings.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2052
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/location-blue.svg

190.90.160.172

200 OK

840 B

URL HTTP/1.1
www.alfabell.com/index_files/location-blue.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
840 B (840 bytes)
Hash
4815d54574fb61848184ce95465943e6
b11f075237d1246614d49eb9ed092c262c32b8e8
dcf3054f98ff025803821fd49a4759b8af25bb2d94d0c8a0cf3d0a0f0703b4fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/location-blue.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 840
date: Mon, 13 Mar 2023 05:08:05 GMT
server: LiteSpeed

www.alfabell.com/index_files/laptop-and-phone-success.png

190.90.160.172

200 OK

13 kB

URL HTTP/1.1
www.alfabell.com/index_files/laptop-and-phone-success.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 366 x 231, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (13259 bytes)
Hash
a893e016676ccbfcbb496b7f81673ada
f4f951b24cbb92ff0a2095e0052a17ce90e3faf7
82b78ed4a68d13bb927ce09291b82255ae0f8d9b28afc70083a328a8977b7713

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/laptop-and-phone-success.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 13259
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed

www.alfabell.com/index_files/laptop-and-phone-pairing.png

190.90.160.172

200 OK

11 kB

URL HTTP/1.1
www.alfabell.com/index_files/laptop-and-phone-pairing.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 366 x 231, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10946 bytes)
Hash
e53f5a014254387f8774f48689bea9bc
441bf082d755e6033061c31a0cbfe38bbee9512a
280255d34c881ca94627b2a1bfe5a44b068487c6bd9da9d55a01f8763a3c7914

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/laptop-and-phone-pairing.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 10946
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed

www.alfabell.com/index_files/phone-3x.png

190.90.160.172

200 OK

6.1 kB

URL HTTP/1.1
www.alfabell.com/index_files/phone-3x.png
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 144 x 270, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6124 bytes)
Hash
3b38834607cf78bb57f8e6ffcc564f02
f3f5d7c7ee0ab9d45cf1120449cf73b9e216cf97
62920961d08702254a7deac2601d0481ee1c548fab440b64517c2d86c468843f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /index_files/phone-3x.png HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/png
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-length: 6124
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed

www.alfabell.com/index_files/finDocument.svg

190.90.160.172

200 OK

932 B

URL HTTP/1.1
www.alfabell.com/index_files/finDocument.svg
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1499)
Size
932 B (932 bytes)
Hash
3cdb5198f5d33217e05b44cf961b8985
ebebfc3a4aaa5fa62c9871f9d1e13783ebb1a69a
4d3ae2e5777da1a75823d3fb1c1f53c841926ca9cba64c0dfdfa658bc32295af

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /index_files/finDocument.svg HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 18:45:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 932
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed

www.alfabell.com/favicon.ico

190.90.160.172

200 OK

8.1 kB

URL HTTP/1.1
www.alfabell.com/favicon.ico
IP
190.90.160.172:0
ASN
#26619 GTD COLOMBIA S.A.S

File type
PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size
8.1 kB (8136 bytes)
Hash
cb435a5d4d63543f56ae50a6f33142b6
1b151548560b5df8c926a8dd4350709f202771e6
c0fa37a99fcf0208eb743d0e25e11d9b9aa7897233078b4aa78d220269edced9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.alfabell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.alfabell.com/
Cookie: t=79660027640eafb2c04fb

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Mon, 20 Mar 2023 05:08:06 GMT
content-type: image/x-icon
last-modified: Fri, 16 Dec 2022 18:47:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 8136
date: Mon, 13 Mar 2023 05:08:06 GMT
server: LiteSpeed

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (67)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type