Report - takeoff.com.ar/ch/

Report Overview

Submitted URL
takeoff.com.ar/ch/
IP
200.58.111.76
ASN
#27823 Dattatec.com
Submitted
2023-03-31 14:06:42
Access
public
Website Title
Final URL
Tags
crypto phishing
urlquery detections
Phishing - Generic Crypto/Wallet

Detections

urlquery
45
Network Intrusion Detection
6
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-31T20:19:47Z	1.3 kB	5.9 kB	142.250.74.35
lptag.liveperson.net	3393	2012-08-02T18:15:51Z	2023-04-01T10:14:33Z	815 B	112 kB	178.249.97.23
accdn.lpsnmedia.net	3410	2014-02-08T00:25:14Z	2023-04-01T10:14:34Z	884 B	3.7 kB	178.249.97.99
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-31T18:12:03Z	2.7 kB	5.6 kB	142.250.74.131
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-31T23:45:41Z	1.4 kB	3.9 kB	172.64.155.188
va.v.liveperson.net	3906	2017-01-30T06:15:13Z	2023-03-31T22:10:00Z	492 B	7.5 kB	208.89.12.87
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-31T21:42:43Z	807 B	516 B	142.250.74.110
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-31T18:12:09Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-31T07:51:33Z	2.7 kB	53 kB	34.120.237.76
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-31T20:44:48Z	1.2 kB	42 kB	216.58.207.227
www.google.com	7	2015-05-10T13:11:19Z	2023-03-31T20:35:26Z	1.1 kB	29 kB	216.58.207.228
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-31T18:14:44Z	782 B	2.4 kB	35.241.9.150
takeoff.com.ar	unknown	2023-03-31T09:21:05Z	2023-03-31T09:21:06Z	12 kB	1.7 MB	200.58.111.76
lpcdn.lpsnmedia.net	3501	2014-04-27T12:17:58Z	2023-04-01T10:14:34Z	1.1 kB	2.5 kB	178.249.97.98
forms.hsforms.com	5160	2018-03-07T16:21:13Z	2023-04-01T05:37:07Z	437 B	2.9 kB	104.16.89.5
js.hsforms.net	7264	2013-09-26T04:52:40Z	2023-04-01T03:36:46Z	487 B	1.3 kB	104.17.186.73
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-31T18:12:04Z	2.7 kB	7.1 kB	23.33.119.27
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-31T18:18:04Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-31T18:13:52Z	606 B	127 B	54.149.21.141
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-31T20:23:24Z	717 B	2.3 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-31 14:06:32	high	200.58.111.76	Client IP	ET PHISHING Possible Phish - Mirrored Website Comment Observed
2023-03-31 14:06:39	high	200.58.111.76	Client IP	ET PHISHING Possible Phish - Mirrored Website Comment Observed
2023-03-31 14:06:39	high	200.58.111.76	Client IP	ET PHISHING Possible Phish - Mirrored Website Comment Observed
2023-03-31 14:06:39	high	200.58.111.76	Client IP	ET PHISHING Possible Phish - Mirrored Website Comment Observed
2023-03-31 14:06:39	high	200.58.111.76	Client IP	ET PHISHING Possible Phish - Mirrored Website Comment Observed
2023-03-31 14:06:39	high	200.58.111.76	Client IP	ET PHISHING Possible Phish - Mirrored Website Comment Observed

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-31	medium	takeoff.com.ar/ch/	Crypto/Wallet

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-31	medium	takeoff.com.ar/ch/	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/plx.chock.js	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/css.html	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/webfont.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/tag.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/enterprise.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/storage.secure.min.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/js	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/jquery-3.5.1.min.dc5e7f18c8.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/analytics.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/webflow.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/v2.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/jsonp	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/recaptcha__nl.js.download	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/mm-logo.svg	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/EuclidCircularB-Regular-WebXL.woff2	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/EuclidCircularB-Bold-WebXL.woff2	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/saved_resource.html	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/saved_resource(1).html	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/bframe.html	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/anchor.html	Phishing
2023-03-31	medium	takeoff.com.ar/ch/meta/saved_resource(2).html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (48)

	URL	Size	First Seen	Last Seen
	takeoff.com.ar/ch/meta/jquery-3.5.1.min.dc5e7f18c8.js.download	90 kB	2023-03-07	2024-04-26
Pretty URL takeoff.com.ar/ch/meta/jquery-3.5.1.min.dc5e7f18c8.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-26 14:39:17 Times Seen139384 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cDovL3Rha2VvZmYuY29tLmFyOjgw&hl=nl&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=invisible&badge=inline&cb=tg6feu40ubxr	41 kB	2023-04-01	2023-04-01
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cDovL3Rha2VvZmYuY29tLmFyOjgw&hl=nl&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=invisible&badge=inline&cb=tg6feu40ubxr IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash 404a263c7561d1f8009eb29d8a6f8588 dad36e1fdc2ff3198879b89dd4b3d69cb71fbd3a 3f8999e52202ebf14c23fee566e039dc267c5aa5ce3de925a2ea03cf0728c65d Loading...

	accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb1048x81473	6.5 kB	2023-04-01	2023-04-01
Pretty URL accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb1048x81473 IP 178.249.97.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash 85b9a391d0bcc6117f3a950c2c0c6ae5 b0d8a2b50db27978ba6daaaf2905e5b39b071662 deacb4acb150771809948bca71703cf088d006c0054fef655732c157d5bec3e1 Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&badge=inline&cb=pnneq7sfjfl	41 kB	2023-04-01	2023-04-01
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&badge=inline&cb=pnneq7sfjfl IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash 47753aae9e8cb8601d9be2aa8c0e2f82 751485f366caed17d4c571288022896ba0d77153 9f9c22853395cb3e58d853e838b54b5a77e825fd6a4227ade4bc3643fb877371 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&env=prod	39 kB	2023-03-07	2024-03-12
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&env=prod IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-03-12 06:48:19 Times Seen234 Hash a3a38a5d6888ddc1831a811e9d428c77 2ca5b076aea8b4c6ff7ad1873de4ade91d66511f d4676cbbadec76c9f89f5b771a7f4927d544b4d76801e40e9957493e038e0db4 Loading...

	takeoff.com.ar/ch/	164 B	2023-03-07	2024-04-06
Pretty URL takeoff.com.ar/ch/ IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:19 Last Seen2024-04-06 20:09:39 Times Seen296 Hash 9fb685752617cf9403453cc16f9b0469 84d82954770f482fbea43960d5a5dc36e3572d1a d57443d0c7faf37db40a6058be8401314277c4b2662d8ed301ee6c0bd99a8c4d Loading...

	takeoff.com.ar/ch/meta/webflow.js.download	601 kB	2023-03-07	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/webflow.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:36 Last Seen2024-04-12 19:27:20 Times Seen596 Hash 9758f7e3aa0c79ea7a3cadb16d10087b 07f3c4e552e28eba6172f53d6dcf981a55f42031 0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d Loading...

	va.v.liveperson.net/api/js/88982875?sid=oH2Qhzs8QzCWPk58eMieCA&cb=lpCb50195x86975&t=ip&ts=1639498872221&pid=8378416840&tid=120975428&vid=E1ZmVlMDY2Mjk2ZDhiZDg5	111 B	2023-03-09	2023-05-05
Pretty URL va.v.liveperson.net/api/js/88982875?sid=oH2Qhzs8QzCWPk58eMieCA&cb=lpCb50195x86975&t=ip&ts=1639498872221&pid=8378416840&tid=120975428&vid=E1ZmVlMDY2Mjk2ZDhiZDg5 IP 208.89.12.87 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:05:33 Last Seen2023-05-05 20:23:51 Times Seen68 Hash 8eb6f47f5a721d80bc956543f3d9082d eb324f1f0efe5ca989eec813b1faff6fff0527bf beeac2532ab7e7ed250c25fcab390c8114a5f010bce47f8a0c39da47bcef5b2b Loading...

	takeoff.com.ar/ch/meta/js	92 kB	2023-03-07	2024-03-12
Pretty URL takeoff.com.ar/ch/meta/js IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:36 Last Seen2024-03-12 06:48:21 Times Seen508 Hash fb2ab9b8632250b0d7aa50c08150cfe1 73b3f266ac08c9fb07e1de1664fed384ccd5bc86 5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b Loading...

	takeoff.com.ar/ch/meta/v2.js.download	579 kB	2023-03-09	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/v2.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:05:33 Last Seen2024-04-12 19:27:20 Times Seen197 Hash d3b2366c9977c975fc6abdc6a119c361 ed6031ba0b0efe5b77acd0382f8d647f2cc88018 7f82030e7f8b2956fcb539a7cf3f1d80907d28d02c2696ac0560daf3cfafaa25 Loading...

	takeoff.com.ar/ch/	116 B	2023-03-07	2024-04-06
Pretty URL takeoff.com.ar/ch/ IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:19 Last Seen2024-04-06 20:05:07 Times Seen234 Hash 65eedcd8ea68974fc10b18a001f5ff0d d57d865c29e2ba5f817f850194c33f6d1e7ea064 681e6299492c0b7a15980513d81a420ff8d912dadc14d90148b77bd81018926e Loading...

	www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true	1.0 kB	2023-03-29	2023-04-01
Pretty URL www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:36:04 Last Seen2023-04-01 11:00:08 Times Seen21 Hash 6a9e971d1bed5d08143323d4a1c5c35b 97b9fb3bee6fc3c591a9b1676e10351186eebbba d251a155debd5f47fbf51fb8ea150954827b01b7b72fec6756cf1f1928c627d7 Loading...

	lptag.liveperson.net/tag/tag.js?site=88982875	22 kB	2023-03-13	2023-09-05
Pretty URL lptag.liveperson.net/tag/tag.js?site=88982875 IP 178.249.97.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:30:56 Last Seen2023-09-05 14:58:41 Times Seen555 Hash 94df05334fa65d831f5666f26d87fb81 2c7b450783b48d21d0f32c9daaa922785670940f 5624aeb2703037c9b669b4903e1961a38778408edcd3bea47e370e5de9f6c571 Loading...

	takeoff.com.ar/ch/	73 B	2023-03-07	2024-04-06
Pretty URL takeoff.com.ar/ch/ IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:43 Last Seen2024-04-06 20:09:38 Times Seen403 Hash ccf7a258eee5e12d2cb3d813a5da86c8 0d0c6985e493d2f610870c9259901a2511734328 441b05bfa42c0b589fd682ec21e9ba36e55f6ec2718fbb259a812cd0b999c28e Loading...

	takeoff.com.ar/ch/	181 B	2023-03-07	2024-04-26
Pretty URL takeoff.com.ar/ch/ IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:43 Last Seen2024-04-26 08:15:15 Times Seen3769 Hash 0e9e3ad57abeefde87342864450cc232 4dc8676bf3417d597053d5f253fce034007f63da 9a37601d1f5a5f2fba3b000694d4bf5e035c606d5485dd94e2997cbe2efe5c26 Loading...

	takeoff.com.ar/ch/	1.8 kB	2023-03-07	2024-04-02
Pretty URL takeoff.com.ar/ch/ IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:49 Last Seen2024-04-02 06:38:23 Times Seen241 Hash 8b1fb904d189e68aaf32a2223915fdfd d1a510fab3db50f7482275581d2171914e1d6631 c1863d7b43731c0cb9a160099c3fa80215e0b0966f27061f78eb6af1da84f026 Loading...

	forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=	5.8 kB	2023-04-01	2023-04-01
Pretty URL forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= IP 104.16.89.5 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash f76df1982042dd47092538bcb41e7aea db5299d32418dcdb7c88e03eaa1f4eeaa7bfa3e4 c49a46e35ebad2f46d18580d49b7037a1f6fc2dde969590e2fa1ce4885059ef8 Loading...

	takeoff.com.ar/ch/meta/bframe.html	175 B	2023-03-07	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/bframe.html IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:36 Last Seen2024-04-12 19:27:19 Times Seen275 Hash 117ee3a6ec35b36713c5e48205ff5fce 8f892b6a14a32c6e5e1cf000d06b18535a7b6238 7317f1aa4ede14314da978897b86477afe5fbc7b634899c0e33a740ca235e675 Loading...

	www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js	415 kB	2023-03-29	2023-09-29
Pretty URL www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:35:31 Last Seen2023-09-29 03:14:46 Times Seen3321 Hash 733e4a30889fa7c9947958423e21e810 16a2cced6035295476141f8ac1cd928114cafebf 7d2c1727a32a92776f9a3078abb845bbeb77e6603c40a318f12ea1e1b5a040d7 Loading...

	www.google.com/recaptcha/enterprise/bframe?hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm	181 B	2023-03-13	2023-04-05
Pretty URL www.google.com/recaptcha/enterprise/bframe?hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:20:31 Last Seen2023-04-05 02:01:32 Times Seen43 Hash b6d9dd292dc18b9516395a36f391fa6e 04295d56005338acdf992e3d528ed7068554644a b7f83a43094050e8447899a9db0fbd9ecf589f1ff2fde3c96d47560cffb48fd4 Loading...

	takeoff.com.ar/ch/meta/webfont.js.download	13 kB	2023-03-07	2024-04-26
Pretty URL takeoff.com.ar/ch/meta/webfont.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-04-26 12:56:53 Times Seen22441 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	takeoff.com.ar/ch/	205 B	2023-03-26	2023-12-20
Pretty URL takeoff.com.ar/ch/ IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:18:46 Last Seen2023-12-20 16:32:43 Times Seen25 Hash 70a175ca9513a32e659e3f08605ba0fe 31aa8765794e3f68f91b25961ff973a0605ac223 41edcebb9dc8d3dee42f9b79598c3367894aad46893a53dfeff87799b70ee9d2 Loading...

	takeoff.com.ar/ch/	184 B	2023-03-07	2024-04-06
Pretty URL takeoff.com.ar/ch/ IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:20 Last Seen2024-04-06 20:09:39 Times Seen261 Hash 12c0659e2686c193368d09f53edc8090 e2a481f856253ec2b3dfe266ab035bc1ca650b72 7269e1e3bae2d22edc632e41922fd7e090dd785fdb749c05b577f78e9126075c Loading...

	lptag.liveperson.net/lptag/api/account/88982875/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3	286 kB	2023-04-01	2023-04-01
Pretty URL lptag.liveperson.net/lptag/api/account/88982875/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 IP 178.249.97.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash 2fc6774674f94f76148d3aad27d05eb2 c9da0c3989d4998b3d6c83f234c06500686afcac e7519bd19477d3e4f9f4630567e8b9697a3a1ecc475d8d40ecc2f68eb880fad3 Loading...

	takeoff.com.ar/ch/meta/analytics.js.download	50 kB	2023-03-07	2024-04-25
Pretty URL takeoff.com.ar/ch/meta/analytics.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 19:24:16 Times Seen842 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 14:57:11 Times Seen37093740 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	takeoff.com.ar/ch/meta/recaptcha__nl.js.download	354 kB	2023-03-07	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/recaptcha__nl.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-12 19:27:20 Times Seen583 Hash e735084e8ffed1ad8d89df08d98d4d23 6cdab8dac12030c8bc980ec129affecc626285c3 6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b Loading...

	takeoff.com.ar/ch/meta/anchor.html	33 kB	2023-03-09	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/anchor.html IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:05:33 Last Seen2024-04-12 19:27:19 Times Seen129 Hash 27fe4cb47aa233ddd8165960b6d65929 11cc82d6e20cc46d88bacc3ed4bfb3f24bbf4b3b 692d9a7342c1fcb4c0417afee37d21695396088ca85a5a29f116f63189e0c595 Loading...

	takeoff.com.ar/ch/meta/tag.js.download	22 kB	2023-03-07	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/tag.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen539 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

	takeoff.com.ar/ch/meta/storage.secure.min.js.download	39 kB	2023-03-07	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/storage.secure.min.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen657 Hash 3386ec5559f1ba569cf0ab6acab436cc e98e11d37c5172ee128a85f68447efb3cb0e853c 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73 Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cDovL3Rha2VvZmYuY29tLmFyOjgw&hl=nl&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=invisible&badge=inline&cb=tg6feu40ubxr	75 B	2023-03-07	2024-04-26
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cDovL3Rha2VvZmYuY29tLmFyOjgw&hl=nl&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=invisible&badge=inline&cb=tg6feu40ubxr IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:59 Last Seen2024-04-26 12:33:23 Times Seen10407 Hash dca9d53787fff314e5bd1a123b28906a 1350c858f60bbb03d1b53b05cbad6cea82ff29d1 2475d902b4182bac667d464a44c89ee405e5cfd64156b30f811557cf2b347e2f Loading...

	va.v.liveperson.net/api/js/88982875?&cb=lpCb94466x50678&t=sp&ts=1680271596024&pid=5746266683&tid=1996301975&pt=MetaMask%20-%20A%20crypto%20wallet%20%26%20gateway%20to%20blockchain%20apps&u=http%3A%2F%2Ftakeoff.com.ar%2Fch%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D	238 B	2023-04-01	2023-04-01
Pretty URL va.v.liveperson.net/api/js/88982875?&cb=lpCb94466x50678&t=sp&ts=1680271596024&pid=5746266683&tid=1996301975&pt=MetaMask%20-%20A%20crypto%20wallet%20%26%20gateway%20to%20blockchain%20apps&u=http%3A%2F%2Ftakeoff.com.ar%2Fch%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash a61fd866caa0f83e451e0099d72c3cff 4bd98ed36ae197a560b7b5fe0cf4e4c4f9d89235 681b389836154b4056044db37c3c298ef986a0e5f717c33abbd0611bd3a88ede Loading...

	takeoff.com.ar/ch/meta/plx.chock.js	3.4 kB	2023-03-07	2024-04-02
Pretty URL takeoff.com.ar/ch/meta/plx.chock.js IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-02 06:38:24 Times Seen660 Hash 5acfeead7d13511cdef767305b87e3f8 ec5337e62f1e64d3aaba3bf41a41b5f876964922 b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246 Loading...

	takeoff.com.ar/ch/meta/enterprise.js.download	1.0 kB	2023-03-07	2024-04-12
Pretty URL takeoff.com.ar/ch/meta/enterprise.js.download IP 200.58.111.76 ASN #27823 Dattatec.com Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:10 Last Seen2024-04-12 19:27:20 Times Seen572 Hash d07e7630bc23cbdd7520d0a4f086c922 b50685923a96d55109959fdf21f369d902971b2a 15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2 Loading...

	accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB	3.2 kB	2023-03-26	2023-04-01
Pretty URL accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB IP 178.249.97.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 09:54:00 Last Seen2023-04-01 11:00:08 Times Seen4 Hash e1a78bb36b61c9eeb637716fb30b6935 b71997f7f8766262f3a1a7bb2fea7d71e41e99db 57cb0496a11993a9b51be3149a5468bf5281727487180c6d56eb9bfc505ed0d8 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	js.hsforms.net/forms-next/shell-recaptcha	520 B	2023-03-07	2023-04-01
Pretty URL js.hsforms.net/forms-next/shell-recaptcha IP 104.17.186.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:28 Last Seen2023-04-01 11:00:08 Times Seen13 Hash 4106b771bbb077c07602cba71e590464 498808a3fd44297852e7efec85b6e95b76041904 992ff2f170aad9acd7129fbdb885d595506fbc250b7d0214db68aed3f65e9f82 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c96c9bcc208b0f9e04102dd3df51edbe	64 B	2023-03-29	2023-04-01
Pretty Observations First Seen2023-03-29 23:41:23 Last Seen2023-04-01 11:22:30 Times Seen508 Hash c96c9bcc208b0f9e04102dd3df51edbe 7148a0442761241a121b8ac6f748e351f8e91c91 88eecb175fb668b1c2a68cddff02dd0bb4aa4ae4607dc42509047ab73a2fd56c Loading...

	#2 Eval - 40560641da175411b72f6e7d90fc5cac	16 kB	2023-03-29	2023-04-01
Pretty Observations First Seen2023-03-29 23:41:22 Last Seen2023-04-01 11:22:30 Times Seen508 Hash 40560641da175411b72f6e7d90fc5cac a6a00c98f0c6ac38fb203000433ca0d0fe4e84d3 a220f50e3076f861f1e10715a62c5c994c029ad56a1e8cfa123b89cf911cc7a2 Loading...

	#3 Eval - 8239ee6044ad7e817a1f26d19412f6eb	22 B	2023-03-09	2024-04-12
Pretty Observations First Seen2023-03-09 10:05:34 Last Seen2024-04-12 19:27:19 Times Seen105 Hash 8239ee6044ad7e817a1f26d19412f6eb 7116e217d05810b609ff09ac21e2c6097f14484c df78f0db59a013604da430bf67714a0445ddb583f42925592cfed1774716374d Loading...

	#4 Eval - 1181a5978e1106b4040d7df561db81c8	16 kB	2023-04-01	2023-04-01
Pretty Observations First Seen2023-04-01 10:30:37 Last Seen2023-04-01 11:00:08 Times Seen2 Hash 1181a5978e1106b4040d7df561db81c8 f2b6162b496cbdd5e492d211377ccf5e8ff5ac37 3a9f46908b52ed010972ee4139ecceb2f14dadc70f11cd31e40a6315273c3ccf Loading...

	#5 Eval - eb94905b9da3f67da3f000d1bb6efbde	64 B	2023-03-09	2024-04-12
Pretty Observations First Seen2023-03-09 10:05:33 Last Seen2024-04-12 19:27:19 Times Seen106 Hash eb94905b9da3f67da3f000d1bb6efbde 1d3286e8759266d0f632990a00153ac614ca6c39 ef56a8332ced72dcd8b9a2756ce1fe129be6db47ca4863412b51e8028a9d1eb2 Loading...

	#6 Eval - 272eb139968a9665de1db4beccf568d2	22 B	2023-03-09	2024-04-12
Pretty Observations First Seen2023-03-09 10:05:33 Last Seen2024-04-12 19:27:19 Times Seen106 Hash 272eb139968a9665de1db4beccf568d2 e6505fdd0680c557e102b20212d31942c7d24429 26ef4c313a8ffd1b7fc79977328690a19336ac1187fa07d9cfc3a8327f5a08ba Loading...

	#7 Eval - 5cc7133c44da3661bff2dcc5ae437f60	22 B	2023-03-29	2023-04-01
Pretty Observations First Seen2023-03-29 23:41:23 Last Seen2023-04-01 11:22:30 Times Seen508 Hash 5cc7133c44da3661bff2dcc5ae437f60 0a5d4eb26ef90109b612ce2e69fc7f8b0fe719e7 6d76f7f7796e9907d09782bec9fac57af4c1734c814c862038c390b59e9822ef Loading...

	#8 Eval - 5f0cad2db5b54de002fd85e3040095e5	22 B	2023-03-29	2023-04-01
Pretty Observations First Seen2023-03-29 23:41:23 Last Seen2023-04-01 11:22:30 Times Seen508 Hash 5f0cad2db5b54de002fd85e3040095e5 2fe2a832c5448656670d41be926b316dfbb0d121 7bd470bfce3b8369260e80fd2706ef76313263acb89fa20a1f3609ea5fc3edf9 Loading...

	#9 Eval - b849b16c372f5ba70c38045193b045e9	20 kB	2023-04-01	2023-04-01
Pretty Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash b849b16c372f5ba70c38045193b045e9 e22ecfea635e34ecafcc0e427dac93dc5462d158 509933e37985f7cb6ba0b1a870715de67a89e94caeed1f285b039b62f3004337 Loading...

	#10 Eval - 15760900e488ec647450f20eeaa49944	15 kB	2023-03-09	2024-04-12
Pretty Observations First Seen2023-03-09 10:05:33 Last Seen2024-04-12 19:27:19 Times Seen106 Hash 15760900e488ec647450f20eeaa49944 208ad236b244f8adbd138cda9ad9f7f1d4e7758e 90d9c75dc0b4578e5468206d805353952b0a650c707ac7f9632b29f3694c1dff Loading...

	#11 Eval - bd312c003ee01d15007bd8be92c48ac1	21 kB	2023-04-01	2023-04-01
Pretty Observations First Seen2023-04-01 11:00:08 Last Seen2023-04-01 11:00:08 Times Seen1 Hash bd312c003ee01d15007bd8be92c48ac1 a267edff5fca7028e96682b1c757178372c7a7cd 45e29820b455315c70272046bad0f08507d307df27e5eed96fe77cdc9c0b7017 Loading...

HTTP Transactions (81)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12837
Expires: Fri, 31 Mar 2023 17:40:28 GMT
Date: Fri, 31 Mar 2023 14:06:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b93010cbf31ba3ec785b4088e5d0f529
c0f1ab8a2aae3c445a8f24959a4eea433a345caf
2cc1a5865dee7636b82a68deddd3aff8b697e846e37789a694cc3c7c47340590

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC1A5865DEE7636B82A68DEDDD3AFF8B697E846E37789A694CC3C7C47340590"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7832
Expires: Fri, 31 Mar 2023 16:17:03 GMT
Date: Fri, 31 Mar 2023 14:06:31 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 13:16:12 GMT
content-type: application/json
age: 3019
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6556
Expires: Fri, 31 Mar 2023 15:55:47 GMT
Date: Fri, 31 Mar 2023 14:06:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: RnwdURh7z5ErpByxLqe/Ha+OlTJhtfrEPD53nkUh9MwXx7Gy4ANE5DMLLasf7J+Q44uq0FVfNXA=
x-amz-request-id: 5ZTCNWJDCJM659WW
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 14:03:22 GMT
age: 189
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 14:06:31 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Pragma, Backoff, Expires, Last-Modified, Content-Type, Alert, Retry-After, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 13:17:26 GMT
age: 2945
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
782ca4845ea5e0ec981e33231b1e61cb
032116b75e124c57877524e9e4f523b6d7c65820
94d007862fc7a4cd67f582ff22f2339619177435559c1dd5075a08c7240f3520

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94D007862FC7A4CD67F582FF22F2339619177435559C1DD5075A08C7240F3520"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Fri, 31 Mar 2023 15:49:13 GMT
Date: Fri, 31 Mar 2023 14:06:32 GMT
Connection: keep-alive

takeoff.com.ar/ch/

200.58.111.76

200 OK

5.6 kB

URL HTTP/1.1
takeoff.com.ar/ch/
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1843)
Size
5.6 kB (5646 bytes)
Hash
63c965502e2b4e84182804f68ea89597
e4fa35649bac012da36d2be8789c8916bdaae13f
6a803bfda0dd79a83caf96a6c5d1bcb9ed01d18081b4b6001c9ec33758a91d49

Detections

Analyzer	Verdict	Alert
openphish	Crypto/Wallet
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ET PHISHING Possible Phish - Mirrored Website Comment Observed

HTTP Headers

GET /ch/ HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:31 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5646
Keep-Alive: timeout=10, max=200
Content-Type: text/html; charset=UTF-8

push.services.mozilla.com/

54.149.21.141

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.21.141:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6qTLexEoxome32dEYoskpA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qd4f0dGEV6txxC+z0+FrbAGZUUM=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.74

200 OK

811 B

URL HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
data
Size
811 B (811 bytes)
Hash
b5ef44a1c4beb0dbba0f06c9e6151100
fbb3cb4056f114212ff43482edc598b8456a48c6
1f3585bfa1c718851fdb1bb568ff212f712d14ff35f7488aeafa9a2bd4debc3b

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 14:06:32 GMT
date: Fri, 31 Mar 2023 14:06:32 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

takeoff.com.ar/ch/meta/normalize.css

200.58.111.76

200 OK

2.7 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/normalize.css
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text
Size
2.7 kB (2659 bytes)
Hash
b165f8d0baec3b8976de14634861b941
f7eabfa6844712979ef5e274f275c5be39fdc86f
91404eaa9c2b59e842d6694c3bb2128e21253a1780a4a75e33571ed659bd4d8e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ch/meta/normalize.css HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "1e5c-5f827055f2895-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2659
Keep-Alive: timeout=10, max=200
Content-Type: text/css

takeoff.com.ar/ch/meta/webflow.css

200.58.111.76

200 OK

9.3 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/webflow.css
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
Unicode text, UTF-8 text, with very long lines (2587)
Size
9.3 kB (9294 bytes)
Hash
2c70dda0c1f570856a63979d24c33b8d
f5ecf57644c7714706deb514f0ebf79cdd52c0e5
150252569d55d6f51826ab0785bc1d45b99147ba5554e7b1efdc5ef42bfca238

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ch/meta/webflow.css HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "98c5-5f827055f1125-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9294
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: text/css

takeoff.com.ar/ch/meta/plx.chock.js

200.58.111.76

200 OK

311 B

URL HTTP/1.1
takeoff.com.ar/ch/meta/plx.chock.js
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text
Size
311 B (311 bytes)
Hash
bc6a4fa1a731b1746c1d21f104bd6064
865b9fd0868954c03f838366eb2449bab5d388d6
d88bca135a10c80b24a4185a4a08f209c151d82c946a9327ef58590fa12e211b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/plx.chock.js HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "d41-5f827055f150d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 311
Keep-Alive: timeout=10, max=200
Content-Type: application/javascript

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
ce6c3a008635a69e20db1ec70da51685
746231a5e96ab85330e78adee3fffe89a3a3a277
45fa0b89d745a2f7249f02f24a474ba5c022454c19433e5a22d656d29e089913

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 30 Mar 2023 20:21:11 GMT
Expires: Thu, 06 Apr 2023 20:21:10 GMT
Etag: "746231a5e96ab85330e78adee3fffe89a3a3a277"
Cache-Control: max-age=540277,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b09274f3fe2b500-OSL

takeoff.com.ar/ch/meta/css.html

200.58.111.76

200 OK

274 B

URL HTTP/1.1
takeoff.com.ar/ch/meta/css.html
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text
Size
274 B (274 bytes)
Hash
b3ff3d2f589f9d4ae78eb653753023d2
4e156aa8b8777e6754c9c1cb2649301384d760d7
057a928b995e543aac96f3116ec5dd3c3d70773699f47b8868463e344b94f31c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/css.html HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "2ac-5f827055ef5cd-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 274
Keep-Alive: timeout=10, max=200
Content-Type: text/html

takeoff.com.ar/ch/meta/webfont.js.download

200.58.111.76

200 OK

5.4 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/webfont.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (2134)
Size
5.4 kB (5415 bytes)
Hash
3fce8a085ab686f338e296d255f36db1
2da74358f4d36675c1bfa6ee5ee489e6e54bf401
9f9bbf22ba311465b6bb4c6944f94e2b97caea58227fafef64cf18b9181099c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/webfont.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "3384-5f827055ef1e5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5415
Keep-Alive: timeout=10, max=200
Content-Type: application/javascript

takeoff.com.ar/ch/meta/tag.js.download

200.58.111.76

200 OK

7.5 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/tag.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (21652), with no line terminators
Size
7.5 kB (7541 bytes)
Hash
3bdf59c9ec85ec43d46e5cf9edda2e96
a06ccc8d75554a7e44dd8ce9656e90420b42f38b
d964494995ee4b7de40b3569370e33773c447c759a21fbb3e746e53b61449b35

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/tag.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "5494-5f827055f150d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7541
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript

takeoff.com.ar/ch/meta/metamask-staging-2.webflow.css

200.58.111.76

200 OK

18 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/metamask-staging-2.webflow.css
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text
Size
18 kB (17621 bytes)
Hash
74bd9291155c395ceba32d63d27f1dea
0cfb9751d76e9ae53d41b88fc2e30e0813e03146
04180fe535a0c7d29e22b3bfd6f1f3eddfcba5c22f1955673990d320039854d6

HTTP Headers

GET /ch/meta/metamask-staging-2.webflow.css HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "22adb-5f827055f056d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17621
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: text/css

takeoff.com.ar/ch/meta/enterprise.js.download

200.58.111.76

200 OK

614 B

URL HTTP/1.1
takeoff.com.ar/ch/meta/enterprise.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1008), with no line terminators
Size
614 B (614 bytes)
Hash
533554dfe842696d43cbbe1be26c9d4b
4bc96c1c9afdca5fddb20c7b172a13afa5cb46e4
f480ee9ffad021062c3251c62acf39842c0fa7e71c7dccdd91ee30524fccb84d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/enterprise.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "3f0-5f827055f056d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 614
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: application/javascript

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.74

200 OK

301 B

URL HTTP/1.1
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
301 B (301 bytes)
Hash
7fb212f619185f162769684274cb1dfe
414b678cfcbcd25c44569e72369a8218bea8756d
d53161ae9523414449dd0f7083f66fda679084bac2cb18a92b884a43616c1fd5

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 31 Mar 2023 14:06:33 GMT
Date: Fri, 31 Mar 2023 14:06:33 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

takeoff.com.ar/ch/meta/storage.secure.min.js.download

200.58.111.76

200 OK

13 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/storage.secure.min.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (38562), with no line terminators
Size
13 kB (13194 bytes)
Hash
79e7d68549291cc082c85f94b73ee13c
e065402b005d2fd7105c9a12adf961a58a4deb96
0adedf6a93b53bc365a213c28a4b10d8af539d8fe55c283cbd3c532a0bc0875a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/storage.secure.min.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "96a2-5f827055f0955-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13194
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: application/javascript

takeoff.com.ar/ch/meta/js

200.58.111.76

200 OK

92 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/js
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1815)
Size
92 kB (92325 bytes)
Hash
fb2ab9b8632250b0d7aa50c08150cfe1
73b3f266ac08c9fb07e1de1664fed384ccd5bc86
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/js HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:32 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "168a5-5f827055ef5cd"
Accept-Ranges: bytes
Content-Length: 92325
Keep-Alive: timeout=10, max=200

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17136
Expires: Fri, 31 Mar 2023 18:52:09 GMT
Date: Fri, 31 Mar 2023 14:06:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17136
Expires: Fri, 31 Mar 2023 18:52:09 GMT
Date: Fri, 31 Mar 2023 14:06:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17136
Expires: Fri, 31 Mar 2023 18:52:09 GMT
Date: Fri, 31 Mar 2023 14:06:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17136
Expires: Fri, 31 Mar 2023 18:52:09 GMT
Date: Fri, 31 Mar 2023 14:06:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13775 bytes)
Hash
876e5464aba1639f3b07b07d1d694514
93885a6205be71d16187782b1803f53d5c8538cb
6e2b6b15f462922a9e8260f55cfcd94d488d1a48435458db43270ea3b825d8c4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13775
x-amzn-requestid: 43d1a1f3-b189-4fcd-a298-429123d1921b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloF9woAMFU4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-13778451622503253ea252eb;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXA995GxGti4_AzSi9F19ZNvUwm5_ZSBw0BB0lRIfNHcmX7Ajt6bSg==
via: 1.1 8731d2a1a7d15f67b588bf58f652f9f0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:36 GMT
age: 58797
etag: "93885a6205be71d16187782b1803f53d5c8538cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9859 bytes)
Hash
da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 00:11:32 GMT
age: 50101
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6970 bytes)
Hash
e5d955ec5d3a9f655e4ca0523acfd039
e8b2cd28a02a2cee1b4e57c57570f2598721ff57
e7753ef91d6f04dce00f83cb1ba3ea4f1abb52140993fbee375e506597cee529

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6970
x-amzn-requestid: 9f7a82d7-dbba-4c67-a330-6a7f2b68177d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cdn3zGn7oAMFwNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64222031-1d97c16f7a9c163c02fe72ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 23:01:05 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JMvV8caOiRMRcDrT78aodKrihx7EcnIjnvOfbFIptyCxV-PB0_zfuA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 04:19:18 GMT
age: 35235
etag: "e8b2cd28a02a2cee1b4e57c57570f2598721ff57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

va.v.liveperson.net/api/js/88982875?sid=oH2Qhzs8QzCWPk58eMieCA&cb=lpCb50195x86975&t=ip&ts=1639498872221&pid=8378416840&tid=120975428&vid=E1ZmVlMDY2Mjk2ZDhiZDg5

208.89.12.87

200 OK

6.5 kB

URL HTTP/2
va.v.liveperson.net/api/js/88982875?sid=oH2Qhzs8QzCWPk58eMieCA&cb=lpCb50195x86975&t=ip&ts=1639498872221&pid=8378416840&tid=120975428&vid=E1ZmVlMDY2Mjk2ZDhiZDg5
IP
208.89.12.87:0
ASN
#11054 LIVEPERSON

File type
data
Size
6.5 kB (6503 bytes)
Hash
22f8745d9e5da1bc21e61d8220cc6afe
66c3a4a8463c8f36544cf033bda9092b0c18cb84
2e386dc35a005903131da0fe4312a5d906a1ce7fa3211d5a0a65902dcba28ef4

HTTP Headers

GET /api/js/88982875?sid=oH2Qhzs8QzCWPk58eMieCA&cb=lpCb50195x86975&t=ip&ts=1639498872221&pid=8378416840&tid=120975428&vid=E1ZmVlMDY2Mjk2ZDhiZDg5 HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:32 GMT
content-type: application/javascript
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5806 bytes)
Hash
8600e41520408df4865627256a0a0736
dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef
9163d80d7b6087b804e6682a50d4f66339d339894cf1c5808f2e5c2e0b3de930

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5806
x-amzn-requestid: cee5b166-592b-405e-b5f1-e36eb249ec59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllFFooAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-01840fa47177285667bca060;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jktkwc3JLU31AY5B5pC5JTjPGARjflqoJRZiD6IpF5-10IO6UNlH_Q==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:33 GMT
age: 58800
etag: "dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11061 bytes)
Hash
39bdd16276747b1445a79e674a2a3347
d0676f63738484298a78b7abf7e4934c3d256065
67aa526299060c2a39c4baa10fd03f121497dccd5e765676639ed73ac529c34b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11061
x-amzn-requestid: 428128ec-c441-4ff7-9c84-880a01672b00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnVFnFf0IAMFTvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260223-185c48300f161931310fa35f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:41:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: gc77o7y-moH1HuMEZFe9-00DVAda9baa-5VEPlMA4SIZDJNzQ8jUlA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:49:08 GMT
etag: "d0676f63738484298a78b7abf7e4934c3d256065"
content-type: image/jpeg
age: 58645
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

takeoff.com.ar/ch/meta/jquery-3.5.1.min.dc5e7f18c8.js.download

200.58.111.76

200 OK

31 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/jquery-3.5.1.min.dc5e7f18c8.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (65451)
Size
31 kB (30910 bytes)
Hash
888c5fa4504182a0224b264a1fda0e73
65f058a7dead59a8063362241865526eb0148f16
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30910
Keep-Alive: timeout=10, max=200
Content-Type: application/javascript

takeoff.com.ar/ch/meta/analytics.js.download

200.58.111.76

200 OK

20 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/analytics.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (1325)
Size
20 kB (20042 bytes)
Hash
10a56c6d4548a14f26148658875fad03
6610f39acded54bb7561df9319bd118c46446578
83cac08947ffc888ac5ba674433da3d3b5fda4c988923228ca36aa94b919943b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/analytics.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "c41d-5f827055f24ad-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20042
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
66d3c8a2dc7656b819dfe99dd74ef41b
9ac102973657c13264a7a17ad2e3ffc6f4d1f570
23346d5aae2c9440f6a6d9c1d366003dfaefd1cc83212ce033bfdc30e5054cc6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=316500850&t=pageview&_s=1&dl=http%3A%2F%2Ftakeoff.com.ar%2Fch%2F&ul=en-us&de=UTF-8&dt=MetaMask%20-%20A%20crypto%20wallet%20%26%20gateway%20to%20blockchain%20apps&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=119487759&gjid=726152023&cid=1426141869.1680271593&tid=UA-37075177-6&_gid=633247834.1680271593&_r=1&gtm=2ouc10&z=927000781

142.250.74.110

200 OK

1 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=316500850&t=pageview&_s=1&dl=http%3A%2F%2Ftakeoff.com.ar%2Fch%2F&ul=en-us&de=UTF-8&dt=MetaMask%20-%20A%20crypto%20wallet%20%26%20gateway%20to%20blockchain%20apps&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=119487759&gjid=726152023&cid=1426141869.1680271593&tid=UA-37075177-6&_gid=633247834.1680271593&_r=1&gtm=2ouc10&z=927000781
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?v=1&_v=j96&aip=1&a=316500850&t=pageview&_s=1&dl=http%3A%2F%2Ftakeoff.com.ar%2Fch%2F&ul=en-us&de=UTF-8&dt=MetaMask%20-%20A%20crypto%20wallet%20%26%20gateway%20to%20blockchain%20apps&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAAC~&jid=119487759&gjid=726152023&cid=1426141869.1680271593&tid=UA-37075177-6&_gid=633247834.1680271593&_r=1&gtm=2ouc10&z=927000781 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://takeoff.com.ar
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://takeoff.com.ar
date: Fri, 31 Mar 2023 14:06:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
66d3c8a2dc7656b819dfe99dd74ef41b
9ac102973657c13264a7a17ad2e3ffc6f4d1f570
23346d5aae2c9440f6a6d9c1d366003dfaefd1cc83212ce033bfdc30e5054cc6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

takeoff.com.ar/ch/meta/webflow.js.download

200.58.111.76

200 OK

147 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/webflow.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
Unicode text, UTF-8 text, with very long lines (50020)
Size
147 kB (147184 bytes)
Hash
c4b0095b01ed8f86df80e43a2b91d041
c79105b1702e8db781c136b44bff3e26ba72cc36
581bfb791a74114e95306054d9668a80143a21e9a41328360503f5b6b09c2a9b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/webflow.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "92c10-5f827055f056d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

takeoff.com.ar/ch/meta/v2.js.download

200.58.111.76

200 OK

149 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/v2.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (65536), with no line terminators
Size
149 kB (148638 bytes)
Hash
aabbe994076242a245286bc922bda4e8
d63478266828cbe11bafbf5102dae09818260115
48b39c6f1598c489b94e5d44ddb60514363cd904b3720b6b9730ce276bcf7cba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/v2.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "8d511-5f827055f3065-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

takeoff.com.ar/ch/meta/jsonp

200.58.111.76

200 OK

278 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/jsonp
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (65536), with no line terminators
Size
278 kB (278382 bytes)
Hash
7efac8c0fa8e30db7a423500ef59abab
be73717f776f24dd31498c27a1b02b784570d5bb
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/jsonp HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "43f6e-5f827055f1cdd"
Accept-Ranges: bytes
Content-Length: 278382
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive

fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

200 OK

8.4 kB

URL HTTP/1.1
fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://takeoff.com.ar
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 8404
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 31 Mar 2023 02:17:46 GMT
Expires: Sat, 30 Mar 2024 02:17:46 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 21 Apr 2022 17:15:41 GMT
Content-Type: font/woff2
Age: 42528

takeoff.com.ar/ch/meta/recaptcha__nl.js.download

200.58.111.76

200 OK

138 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/recaptcha__nl.js.download
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (820)
Size
138 kB (137504 bytes)
Hash
2128869002ee143c12253efdafd190a4
9781a8b2fa7342367a7ef81a70ad7234ad6505bb
bb787fc0dfa0c02a27b4e75825e9c4e0839637f02fda1b60b645719bbfad663b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/recaptcha__nl.js.download HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:33 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "56577-5f827055f1125-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

takeoff.com.ar/ch/meta/mm-logo.svg

200.58.111.76

200 OK

12 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/mm-logo.svg
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
12 kB (12019 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/mm-logo.svg HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "2ef3-5f827055ef9b5"
Accept-Ranges: bytes
Content-Length: 12019
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: image/svg+xml

forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=

104.16.89.5

200 OK

2.1 kB

URL HTTP/1.1
forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=
IP
104.16.89.5:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (5768), with no line terminators
Size
2.1 kB (2098 bytes)
Hash
e4c5f4f96a4e36c4c229a485657ca60d
3a506990a60dac7f12dbce5eed21196bd2d10059
19da705b9e8a3910c742548219322bfffa5f915263181c1df63ed4d813e8e9e9

HTTP Headers

GET /embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace: 2B45055316F604E373F6DC77DEE565AFD48A0E902D000000000000000000
X-Origin-Hublet: na1
Vary: origin
X-HubSpot-Correlation-Id: c71c72c6-249b-4fb2-9200-8b95ce6f12bb
Content-Disposition: attachment; filename=no-rfd.txt
X-Content-Type-Options: nosniff
Access-Control-Allow-Credentials: false
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 7b092758898fb4f3-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

takeoff.com.ar/ch/meta/wpp.gif

200.58.111.76

200 OK

3.9 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/wpp.gif
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
GIF image data, version 87a, 470 x 40\012- data
Size
3.9 kB (3877 bytes)
Hash
941648b845842a709da73e24652cf8a4
099e5f97e602d026c51537c9b45328dc99261d7c
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ch/meta/wpp.gif HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "f25-5f827055eedfd"
Accept-Ranges: bytes
Content-Length: 3877
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: image/gif

takeoff.com.ar/ch/meta/EuclidCircularB-Regular-WebXL.woff2

200.58.111.76

200 OK

45 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/EuclidCircularB-Regular-WebXL.woff2
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/meta/metamask-staging-2.webflow.css
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "b08c-5f827055ef9b5"
Accept-Ranges: bytes
Content-Length: 45196
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive

takeoff.com.ar/ch/meta/EuclidCircularB-Bold-WebXL.woff2

200.58.111.76

200 OK

44 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/EuclidCircularB-Bold-WebXL.woff2
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size
44 kB (44544 bytes)
Hash
9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /ch/meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/meta/metamask-staging-2.webflow.css
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "ae00-5f827055ef1e5"
Accept-Ranges: bytes
Content-Length: 44544
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive

takeoff.com.ar/ch/meta/saved_resource.html

200.58.111.76

200 OK

10 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/saved_resource.html
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32691)
Size
10 kB (10241 bytes)
Hash
e61ff7f5db9f6da715470ffebcff82fe
c753b24e00cdacdec8a61492703bbe30b6a7a340
c966f501d8d294f64d5cb7d33bef2f15f9ceb3500c21cf6625d3a3848e6b5809

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ET PHISHING Possible Phish - Mirrored Website Comment Observed

HTTP Headers

GET /ch/meta/saved_resource.html HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10241
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Content-Type: text/html

takeoff.com.ar/ch/meta/saved_resource(1).html

200.58.111.76

200 OK

274 B

URL HTTP/1.1
takeoff.com.ar/ch/meta/saved_resource(1).html
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
274 B (274 bytes)
Hash
bb790597f5623fda491febdedb322541
957eb91fb903eb18b1d100415bbf7a07b3a4aa97
aaa07f8c2ef75fd19731fac00830d1b489b85c3cfe07000a99d5cf227a2aef55

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ET PHISHING Possible Phish - Mirrored Website Comment Observed

HTTP Headers

GET /ch/meta/saved_resource(1).html HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "1f8-5f827055f150d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 274
Keep-Alive: timeout=10, max=200
Content-Type: text/html

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ee15ff6931559991c58a51cbecf4c8c5
073267ce58de3587f3e1b80914852f6acd56921f
2c90a44d2191b0276c9e0d0571c263a48f2b74cb287f683517c08449bd815ea5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

216.58.207.228

200 OK

615 B

URL HTTP/2
www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1008), with no line terminators
Size
615 B (615 bytes)
Hash
0cc71052951489216102b329e9360a47
f342bf9979df943ffc0aba684796cd4fda9e6290
5b0cac9b17d548af1df4e55e2f7f609e20bd85c59358e7c9071f4799b15ccd9b

HTTP Headers

GET /recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 31 Mar 2023 14:06:34 GMT
date: Fri, 31 Mar 2023 14:06:34 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 615
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

takeoff.com.ar/ch/meta/bframe.html

200.58.111.76

200 OK

4.1 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/bframe.html
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3186)
Size
4.1 kB (4069 bytes)
Hash
2f10cabca6c2651a48e260c0d202396c
ab25f083f7bb312f750fd2a372d0e2990bdf9525
7a7ff60899394d6467d0904d3c0cb7be8979f1ee27fe46e1749653b19648b74a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ET PHISHING Possible Phish - Mirrored Website Comment Observed

HTTP Headers

GET /ch/meta/bframe.html HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "2e07-5f827055f1125-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4069
Keep-Alive: timeout=10, max=200
Content-Type: text/html

www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cDovL3Rha2VvZmYuY29tLmFyOjgw&hl=nl&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=invisible&badge=inline&cb=tg6feu40ubxr

216.58.207.228

200 OK

27 kB

URL HTTP/2
www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cDovL3Rha2VvZmYuY29tLmFyOjgw&hl=nl&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=invisible&badge=inline&cb=tg6feu40ubxr
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (41018)
Size
27 kB (26974 bytes)
Hash
977dc655eed4d5b3ae05b7d06ba8c27d
5b9738e20b8ad0096165765974cf96c5b3a2d1d4
e44c11fa7c43e63bc56aba7a59eeaddb801e2a05def3346adbc14ada1b336807

HTTP Headers

GET /recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cDovL3Rha2VvZmYuY29tLmFyOjgw&hl=nl&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=invisible&badge=inline&cb=tg6feu40ubxr HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 31 Mar 2023 14:06:34 GMT
content-security-policy: script-src 'nonce-e774jiWccTpUB01YyquWEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 26974
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bccde084c491a04e52752f2af1e16d
5a7a761608a0d79d383e104a0455f76bb0d2248e
aed5aade370f65d015700850f0a3a80c5f47066e82d200f5cf1d2d44657388dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

takeoff.com.ar/ch/meta/hero2.4.png

200.58.111.76

200 OK

590 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/hero2.4.png
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
PNG image data, 1752 x 1452, 8-bit/color RGBA, non-interlaced\012- data
Size
590 kB (589568 bytes)
Hash
d0ec70f4c666fbf6ad0d30a52d08c5c9
e48f0688bc4f592824840478d12c05df0dd12002
3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ch/meta/hero2.4.png HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/meta/metamask-staging-2.webflow.css
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "8ff00-5f827055f3c1d"
Accept-Ranges: bytes
Content-Length: 589568
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Content-Type: image/png

takeoff.com.ar/ch/meta/anchor.html

200.58.111.76

200 OK

22 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/anchor.html
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (33133)
Size
22 kB (21587 bytes)
Hash
92db646d4ddcad36155a47f3cb23475e
3408a3fc9a753ad9730248e489615641d8ee8485
24e943f7042c137e7d27349fc3a175e00fa83016b9b056eb83348746e74576e6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ET PHISHING Possible Phish - Mirrored Website Comment Observed

HTTP Headers

GET /ch/meta/anchor.html HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "a636-5f827055f3c1d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21587
Keep-Alive: timeout=10, max=200
Content-Type: text/html

takeoff.com.ar/js.hsforms.net/forms/v2.js

200.58.111.76

404 Not Found

196 B

URL HTTP/1.1
takeoff.com.ar/js.hsforms.net/forms/v2.js
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /js.hsforms.net/forms/v2.js HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/meta/saved_resource.html
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1

HTTP/1.1 404 Not Found
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 31 Mar 2023 14:06:34 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

takeoff.com.ar/ch/meta/styles__ltr.css

200.58.111.76

200 OK

24 kB

URL HTTP/1.1
takeoff.com.ar/ch/meta/styles__ltr.css
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
ASCII text, with very long lines (52368), with no line terminators
Size
24 kB (24369 bytes)
Hash
f18361166743cb4ac9318561811c3033
656cf66fad5f0a2275040906ef4e5e894a7605de
a9817910de22735a6bce97ef8e1eedf2d9ae9f0a1d150a37daaf45f5ddaeb16c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /ch/meta/styles__ltr.css HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/meta/anchor.html
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:34 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "cc90-5f827055ef9b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 24369
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: text/css

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/styles__ltr.css

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1620 bytes)
Hash
e36ef824369a52f32d36526426b521a1
2aa85c4f5ffea54cf853bc9210d79c53d24ff088
1dee5a71230d0118e32b59df6930c964cddbe0d4f5e25fb52e159b75cffd1e97

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 31 Mar 2023 14:06:34 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 14:06:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL HTTP/1.1
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://takeoff.com.ar
Connection: keep-alive
Referer: http://takeoff.com.ar/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15344
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 28 Mar 2023 10:56:13 GMT
Expires: Wed, 27 Mar 2024 10:56:13 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT
Content-Type: font/woff2
Age: 270621

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/1.1
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://takeoff.com.ar
Connection: keep-alive
Referer: http://takeoff.com.ar/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 Mar 2023 23:07:34 GMT
Expires: Thu, 28 Mar 2024 23:07:34 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT
Content-Type: font/woff2
Age: 140340

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 31 Mar 2023 14:06:35 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

takeoff.com.ar/ch/meta/saved_resource(2).html

200.58.111.76

200 OK

274 B

URL HTTP/1.1
takeoff.com.ar/ch/meta/saved_resource(2).html
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
274 B (274 bytes)
Hash
d13f97c98e5ceaee6d4a89507d1d24f3
255b24cbdbb9d7e3e22edf101eff66733e37ee37
2b8378708f0e9343d37db5f3556cc73dd4b30714ff94afecbccad682b5a65b67

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ET PHISHING Possible Phish - Mirrored Website Comment Observed

HTTP Headers

GET /ch/meta/saved_resource(2).html HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/meta/anchor.html
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:35 GMT
Server: Apache
Last-Modified: Fri, 31 Mar 2023 00:09:21 GMT
ETag: "1f8-5f827055ef1e5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 274
Keep-Alive: timeout=10, max=197
Connection: Keep-Alive
Content-Type: text/html

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
f78572f65d6e6bf2a4db382ccd83bcec
c89c517d3d2a0a14fad6519a1315f696b2b5ef39
81b7dad2e6738b2740326d0d348dc986e664d95a7c79bccfbe45e65660ca67f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 29 Mar 2023 03:43:23 GMT
Expires: Wed, 05 Apr 2023 03:43:22 GMT
Etag: "c89c517d3d2a0a14fad6519a1315f696b2b5ef39"
Cache-Control: max-age=394006,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b09275dfc50b500-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
f78572f65d6e6bf2a4db382ccd83bcec
c89c517d3d2a0a14fad6519a1315f696b2b5ef39
81b7dad2e6738b2740326d0d348dc986e664d95a7c79bccfbe45e65660ca67f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 29 Mar 2023 03:43:23 GMT
Expires: Wed, 05 Apr 2023 03:43:22 GMT
Etag: "c89c517d3d2a0a14fad6519a1315f696b2b5ef39"
Cache-Control: max-age=394006,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b09275e0d1bb51b-OSL

takeoff.com.ar/metamask.io/images/favicon.png

200.58.111.76

404 Not Found

196 B

URL HTTP/1.1
takeoff.com.ar/metamask.io/images/favicon.png
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /metamask.io/images/favicon.png HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1

HTTP/1.1 404 Not Found
Date: Fri, 31 Mar 2023 14:06:35 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=195
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

takeoff.com.ar/metamask.io/images/webclip.png

200.58.111.76

404 Not Found

196 B

URL HTTP/1.1
takeoff.com.ar/metamask.io/images/webclip.png
IP
200.58.111.76:0
ASN
#27823 Dattatec.com

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /metamask.io/images/webclip.png HTTP/1.1
Host: takeoff.com.ar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://takeoff.com.ar/ch/
Cookie: _ga=GA1.3.1426141869.1680271593; _gid=GA1.3.633247834.1680271593; _gat_gtag_UA_37075177_6=1

HTTP/1.1 404 Not Found
Date: Fri, 31 Mar 2023 14:06:35 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=10, max=196
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

lptag.liveperson.net/tag/tag.js?site=88982875

178.249.97.23

200 OK

7.6 kB

URL HTTP/2
lptag.liveperson.net/tag/tag.js?site=88982875
IP
178.249.97.23:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (21707), with no line terminators
Size
7.6 kB (7588 bytes)
Hash
73fffd7c64707f625983cd93bc412dca
f001f558aa7ae9281baa111933728d47185e00bd
520582f871580aa30933c2b10be35b68c2cd1f3631addb4d8dcae9bd8c51b3df

HTTP Headers

GET /tag/tag.js?site=88982875 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:35 GMT
content-type: application/javascript
content-length: 7588
last-modified: Wed, 07 Dec 2022 20:20:28 GMT
etag: "6390f58c-1da4"
content-encoding: gzip
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2

lptag.liveperson.net/lptag/api/account/88982875/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3

178.249.97.23

200 OK

102 kB

URL HTTP/2
lptag.liveperson.net/lptag/api/account/88982875/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP
178.249.97.23:0
ASN
#11054 LIVEPERSON

File type
data
Size
102 kB (102279 bytes)
Hash
4ff1d089dd10d565d9209506ade161fb
77887e289b66144dfca6f0a2c4aa41c4da0f5f7b
e7a4ec42db52d07e6aa19f42a872dfa24f52d3c0f71a35f265dfd7cf4d93fb27

HTTP Headers

GET /lptag/api/account/88982875/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:35 GMT
content-type: application/x-javascript
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
30237788aa25da0ddd03b8610902f531
8cf015ae7c7071f268bf141334fe921bd5399268
deb653d5f19732ea45d8106798ff38b71a726bb48f942a37e4ad36cee16fd508

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 14:06:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 28 Mar 2023 02:32:16 GMT
Expires: Tue, 04 Apr 2023 02:32:15 GMT
Etag: "8cf015ae7c7071f268bf141334fe921bd5399268"
Cache-Control: max-age=303339,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b092760c96cb51b-OSL

js.hsforms.net/forms-next/shell-recaptcha

104.17.186.73

200 OK

0 B

URL HTTP/2
js.hsforms.net/forms-next/shell-recaptcha
IP
104.17.186.73:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /forms-next/shell-recaptcha HTTP/1.1
Host: js.hsforms.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:35 GMT
content-type: text/html; charset=utf-8
x-amz-replication-status: COMPLETED
last-modified: Thu, 02 Mar 2023 01:29:17 UTC
x-amz-server-side-encryption: AES256
x-amz-meta-ao: {}
x-amz-version-id: MkCbKprQUr_NtsnvjXyqpGOtevSQI6rx
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-amz-cf-id: fcGen6Sn3faOEp79S3wWLBABYW4BPoVYhuEm6QwPz3uL_n4Xchdf5A==
age: 126
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: FormsNext/static-5.586/html/recaptcha.html
access-control-allow-origin: *
x-hs-cache-status: MISS
cache-tag: staticjsapp-FormsNext-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uBVTDpkCO7ZOcIp4gg0kbQ1wuA9m1H4M%2F16XtGCEQz4JElza9zsphyQc5cWNCJT6N%2BCZCTL4XdmMFWKKXJBxWwyo6%2BoYv4OxSdjySJE90a1hd%2BMs9KML1bW1rIBUcXSn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7b09275c4c8cb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

178.249.97.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP
178.249.97.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:35 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:22|g:592f8922-f276-4269-8fa9-cfbdd1c60791; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
ADRUM_BTa=R:22|g:592f8922-f276-4269-8fa9-cfbdd1c60791|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/; Secure
ADRUM_BT1=R:22|i:2241648; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
ADRUM_BT1=R:22|i:2241648|e:4; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
vary: Accept
expires: Fri, 31 Mar 2023 14:07:35 GMT
x-envoy-upstream-service-time: 1
x-envoy-decorator-operation: lp-accdn-app.default.svc.lokube01.int.liveperson.net:8080/*
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb1048x81473

178.249.97.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb1048x81473
IP
178.249.97.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/88982875/configuration/setting/accountproperties/?cb=lpCb1048x81473 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:35 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:22|g:ab110da7-4ce5-4b9b-8f19-0fda31b77057; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
ADRUM_BTa=R:22|g:ab110da7-4ce5-4b9b-8f19-0fda31b77057|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/; Secure
ADRUM_BT1=R:22|i:2241648; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
ADRUM_BT1=R:22|i:2241648|e:4; Max-Age=30; Expires=Fri, 31-Mar-2023 14:07:05 GMT; Path=/
vary: Accept
expires: Fri, 31 Mar 2023 14:07:35 GMT
x-envoy-upstream-service-time: 0
x-envoy-decorator-operation: lp-accdn-app.default.svc.lokube01.int.liveperson.net:8080/*
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&force=1&env=prod

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&force=1&env=prod
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&force=1&env=prod HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:36 GMT
content-type: application/javascript
last-modified: Fri, 05 Nov 2021 13:34:15 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sat, 30 Mar 2024 14:06:36 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&env=prod

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&env=prod
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Ftakeoff.com.ar&site=88982875&env=prod HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://takeoff.com.ar/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 31 Mar 2023 14:06:36 GMT
content-type: text/html
last-modified: Fri, 05 Nov 2021 13:34:15 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sat, 30 Mar 2024 14:06:36 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (48)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML