Report - magalfest.com//index14.php

Report Overview

Submitted URL
magalfest.com//index14.php
IP
104.21.74.223
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-23 22:09:39
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.161.6.128
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	44 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.165.201.103
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	690 B	1.4 kB	142.250.74.3
magalfest.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.2 kB	521 kB	172.67.164.11
www.itau.com.br	22220	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	5.8 kB	23.38.200.79
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-23	medium	magalfest.com//index14.php	Magalu

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js	Phishing
2022-09-23	medium	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js	Phishing
2022-09-23	medium	magalfest.com//index14.php	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js	750 kB	2023-03-07	2023-07-31
Pretty URL magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js IP 172.67.164.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:25:03 Last Seen2023-07-31 20:26:40 Times Seen76 Hash 9a4356cb47e7c63947459a99a47af102 9e9238fd3779027133a78bae884390c3b3b43ccb e7a9d80761c5a4cb4383671df5c4349aa432ce31b791ffc73f723f01ebb91b7c Loading...

	magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js	1.1 MB	2023-03-07	2023-04-05
Pretty URL magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js IP 172.67.164.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:06:37 Last Seen2023-04-05 04:22:25 Times Seen5 Hash 137056749445c51b975ed6713f057828 dc6457422fc7eae74fc246e19bf1d3110a9fa0b4 624e3fc4f92cf006b4bfe9f9f92822f6b2b6c7615fa9c9894633e58e070a6de1 Loading...

	magalfest.com//etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js	478 B	2023-03-07	2024-04-05
Pretty URL magalfest.com//etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js IP 172.67.164.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:42 Last Seen2024-04-05 18:10:52 Times Seen135 Hash 2d598e5d51a32ffac757870976e94d21 23daf1dc8527e60b7e481744ca9d719cd11381ce 4f33c31c9da2ad0ddedadc4c4012af086ed9371fce659d8e0e6cfd5123d91caa Loading...

	magalfest.com//etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js	3.6 kB	2023-03-07	2024-04-17
Pretty URL magalfest.com//etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js IP 172.67.164.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:25:03 Last Seen2024-04-17 00:57:00 Times Seen471 Hash 652a558c3774088b61b0530c184710d1 ea8dbea3764852435163c25354ee7c22c1a2d4d4 90a9acaa2b73d4e87bc59beb161a8e9771d517ae8577ba38f6724f40d3461073 Loading...

HTTP Transactions (36)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8040
Expires: Sat, 24 Sep 2022 00:23:28 GMT
Date: Fri, 23 Sep 2022 22:09:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
afb65a07bf7214addf83d17a53acba32
a8e973204431320aa7b362a4e73944520c4b51b9
46e1a9e6c98245afb7fa84bc6d9ba6844105024e2d3f56e28748e6c321475d02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4505
Expires: Fri, 23 Sep 2022 23:24:33 GMT
Date: Fri, 23 Sep 2022 22:09:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

18.165.201.103

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.165.201.103:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 22:05:16 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ad6a59dd9fdc1afb57f7131fcd96bf20.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: uQGZlDv-dPfrhDE1MD_y985eT05HxMbday12YTeh5P3WPEBvk_OmRw==
Age: 252

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: OBtSa4T3+q5e6F5ilwoaN5BUyl0R/1gzCM55NrgjdUCoPgdJgEN7T31KCH6BTGv4shRRQap/YrY=
x-amz-request-id: 495NS4JJXJV77J1X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 23 Sep 2022 21:44:39 GMT
age: 1489
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/pid-4i6q_p0

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/pid-4i6q_p0
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c54508a301bc027b4326f329a3b612ea
1a88febe08e0d561d958af79d613e517a5498bf8
539a14942a3b2759be205c3bdfb79f20197bee8bb7e4d8b868faca9b47d434b4

HTTP Headers

POST /s/gts1p5/pid-4i6q_p0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 22:09:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/pid-4i6q_p0

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/pid-4i6q_p0
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c54508a301bc027b4326f329a3b612ea
1a88febe08e0d561d958af79d613e517a5498bf8
539a14942a3b2759be205c3bdfb79f20197bee8bb7e4d8b868faca9b47d434b4

HTTP Headers

POST /s/gts1p5/pid-4i6q_p0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 22:09:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2

172.67.164.11

200 OK

18 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 18140, version 1.0\012- data
Size
18 kB (18140 bytes)
Hash
6c8fe1156552769b5e65e3fc1eb81395
0339dcf247cb98781cb26174bf7810e15a394310
25a5d759897134cb9caa4b9f0f58ebb3f34e5759af0b8c712959665df0754e7e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Bd.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 18140
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "46dc-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XuvHaaVUuNsWtHwL4bOTjXODUXyytVtkVnhb1rd1tEh0GJv6UdqyUCqPLC9FNPl6PzDwtmKNa9pOzT6Mv3AWqFR3l7GXDN0v%2B5t5cBHTTPkh0sc62cAqv679QK982JLl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb220b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2

172.67.164.11

200 OK

18 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 17892, version 1.0\012- data
Size
18 kB (17892 bytes)
Hash
4c9045c151fd584835340bef1292fa48
7b550140ce90c15ae16efb7913717746b2bf8a06
661a87469e3a98ce456dd15c5ce402278f25db98b5885d823651284f4fd4de91

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 17892
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "45e4-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGl0%2BERfmhdZ15mBo7MAPp2K7FtvcJ6UD36qtGT2JucdCNeTTffuMt5km3qJysJjJYulgASNzppYjCrIsOTKHY0O6JuL8H8iToaTxGVZKGTPG%2B6msb8OA%2Fa7aaXz68g8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb210b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2

172.67.164.11

200 OK

20 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 20244, version 1.0\012- data
Size
20 kB (20244 bytes)
Hash
195620c524ec7c323db8fa3ceccb9cd2
9bc9e6e59f737f89acae0fd7ab5e323dfed48579
dcd743060b3c09ccf5003db3bb4b85fbe7a71d176638dabbf089669ef3f787c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_xbd-webfont.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 20244
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "4f14-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bshaCYtE0dohPQhQRJfLvp41FNsUDTTh5eyHRmmAi25RcxVp4qbCRNX%2F%2BVD0nzghvCXI%2BotynfSCkM7phq4q8IzSB2k2JZxM155GG7N%2FcMH9rwYNMCJmwmjl0VmYsN2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb2b0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2

172.67.164.11

200 OK

18 kB

URL HTTP/2
magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 17892, version 1.0\012- data
Size
18 kB (17892 bytes)
Hash
4c9045c151fd584835340bef1292fa48
7b550140ce90c15ae16efb7913717746b2bf8a06
661a87469e3a98ce456dd15c5ce402278f25db98b5885d823651284f4fd4de91

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/sharedcomponents/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Rg.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 17892
last-modified: Fri, 12 Nov 2021 23:56:58 GMT
etag: "45e4-5d0a036e6e680"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EUSKb%2BoLcho6bSg7QmDBk4BpuvuGPbQGQL2onBonVRllV0xTv7s963ubLBdse5qEU179qF%2FZYGopJ8ZR%2F1%2BJDOwoDyVk8bTP5BDMO62aPQqa7LNSJYrO0kOFkb8TTeBg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb270b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2

172.67.164.11

200 OK

18 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 17508, version 1.0\012- data
Size
18 kB (17508 bytes)
Hash
f755825cfc33424de53229ed51a48547
7d55a33fb68b5743cf7a5adfe7b424752e1cc52f
f898f65ddbfb8e0b9ecf86132b0fa3ed23b5cfa87d599e7b5364c5b3ef7e5c1c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauText/ItauText_Lt.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 17508
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "4464-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=joWHsD4U0Zb8uGPuclnjx9ULYTMhJ0GkUK1%2FSXNwZJ%2BnWukXuBHyuVFhuzsL8vjDgk325lpcpGdnItuAxWrA5L5a7v0p9NdVMuhlvYjoECY260GBNLisd%2BG7e7bIkDQ1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb330b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2

172.67.164.11

200 OK

20 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 19856, version 1.0\012- data
Size
20 kB (19856 bytes)
Hash
c2237a47b207b79d49dacbc6767f094b
e9e4bc7effa06252f6ccf3c8aae0910ec7a5d2c0
eb3d38629627f709b3ce3cc9d8e853a71d45d3f776a1c5ae28251bbdfaeee44e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_lt-webfont.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 19856
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "4d90-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTaw4n2TaB%2FF6tBjDkbZGLALVD2e9VHqMA1XgnbvG9XyqY5b0S%2Fe0zzqxd8qkKqtiKnh%2FEXg%2BLTarJCYz3k08ixbtO%2BhxBXcqDNbSqnSdaxvcpfAhdE%2BVcMbFv0nIlba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb2a0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2

172.67.164.11

200 OK

20 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 20336, version 1.0\012- data
Size
20 kB (20336 bytes)
Hash
63b41291ead223dee31d35f314b7968d
a261ce8cf48c373966e114365d6132121ca08876
44ea8da2d545e55cf9ecaf0d4f7936cf83ba9476dcbb833b3e8152f6d3f171ad

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_rg-webfont.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 20336
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "4f70-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rpl5%2BFqmcB%2FW7X5Dzt%2BxaM1ML%2BiZerFLWTJT3BPzJxzgHPp3tKRG3mkz3nj%2FyjnmC3aATO2kqbedD%2BIQo%2B9CwaCSDj5O%2Bwh9QDvawY5wBw87DrxWQmNpMKHQIfE5gmc2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb240b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2

172.67.164.11

200 OK

20 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 20492, version 1.0\012- data
Size
20 kB (20492 bytes)
Hash
943eded538dde6a0dfafee5453aa6dcf
ce3c14529df937462fc9e6f7b3a853785b05a6f0
6941f9570d5085cfa2ddba639611d4a5ab3e9aded5e3eb2139dc23e613b20067

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/ItauDisplay/itaudisplay_bd-webfont.woff2 HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff2
content-length: 20492
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "500c-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdeTdVFnBUmF2Jamf7LWuFnaXZJvSSU10Mgw283X1RRrVt%2F%2BKcA1CUjh2QHoP0OtkqxeC%2FDqzeuRzZ%2BZ83AqNzT7LzPUo%2BoKXdQAcDdAdgZwox8H6aOBKitxIrSuSQ0%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb2e0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.itau.com.br/content/dam/itau/cartoes/magalu/magalu-logo.png

23.38.200.79

200 OK

5.3 kB

URL HTTP/2
www.itau.com.br/content/dam/itau/cartoes/magalu/magalu-logo.png
IP
23.38.200.79:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.3 kB (5316 bytes)
Hash
7fbc42a4b63120dc1521c416c152f994
be360cff67eb29ef6fe12445623d47eb0cc104c5
91059ccdd65c1496d764f84ece42376760652ea7c734fe0c0dd0b086c91ce6ef

HTTP Headers

GET /content/dam/itau/cartoes/magalu/magalu-logo.png HTTP/1.1
Host: www.itau.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
etag: "3be9-5c23d8df52480"
last-modified: Wed, 27 Oct 2021 16:10:17 GMT
server: Akamai Image Manager
x-serial: 215
x-check-cacheable: YES
content-length: 5316
content-type: image/webp
cache-control: private, no-transform, max-age=838955
expires: Mon, 03 Oct 2022 15:12:03 GMT
date: Fri, 23 Sep 2022 22:09:28 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
access-control-allow-methods: GET, POST, GET, POST
access-control-allow-origin: internet.itau.com.br, internet.itau.com.br
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff

172.67.164.11

200 OK

139 kB

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 139296, version 1.0\012- data
Size
139 kB (139296 bytes)
Hash
d9a9d074200e6425c65c57cf3fbc3420
5506f29e197e139759be1528d09242026e27ff10
0627930b6d4838fba88a1b6a456ddcec05200a7a0596dc2ac57e2b9180736e83

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base/resources/fonts/itaufonts_master_24px_v44/itaufonts_master_24px_v44.woff HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: font/woff
content-length: 139296
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: "22020-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3w3Op2ijAfraQv7ClROE3VnGLHJHunpduscQ7izvwLBzFNb2FRkUEgdBszJYtRbOIid9yXy8Z9fNJNHSHozGlzYc5KqgXBWzOFZqthVSEw3mITozXR2gkk1%2FpUdpE3%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad90b340b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.165.201.103

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.165.201.103:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Fri, 23 Sep 2022 21:33:00 GMT
Expires: Fri, 23 Sep 2022 21:34:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 507372273c5029d1ae2439349f7f1458.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: dxOxRIsEI8hN619eI6mgiVnF5KD_LqFuqtx8aL_qnGGRZ6DRZFmJjw==
Age: 2188

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3754
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 22:09:28 GMT
Last-Modified: Fri, 23 Sep 2022 21:06:54 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.161.6.128

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.6.128:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DTvXIhmtzKIxROz9+ecVcw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0kGVFUSgi2Il2wpdZKVWSSH120k=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4524
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 22:09:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4524
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 22:09:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4524
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 22:09:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4524
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 22:09:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8029 bytes)
Hash
02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:26 GMT
age: 1264
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (14579 bytes)
Hash
f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 92Pj9IQp3mBJQOW-XuHSK8laPqXOSBOmNbYcm4hSFzc1xqYscQKxMA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:48 GMT
age: 86262
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.11c95aa513d1bfa558ffd098de124b06.css

172.67.164.11

200 OK

9.1 kB

URL HTTP/2
magalfest.com//etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.11c95aa513d1bfa558ffd098de124b06.css
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2201), with no line terminators
Size
9.1 kB (9054 bytes)
Hash
5bfbb0279ecb545ec38a5684bf8efdde
2cf8dfee6a25cbfca15dd749a9c9c34ece7c808a
572d5a4d2d2eba69b6c956c91da72cab5203cf471c96758539fd71568ef03213

HTTP Headers

GET //etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.11c95aa513d1bfa558ffd098de124b06.css HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: text/css
last-modified: Fri, 12 Nov 2021 23:56:58 GMT
etag: W/"899-5d0a036e6e680"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wm4Ji6ZkHMa4huOn4hrtKM3oOt3idvdYItdhbar8M2Xg0OiEXVLFRJ6iZyNFzopWFJAQS%2B8lH%2FVZoZ8InubZdNy36y8HxOPtYryUVLAwqDWThnXeKywoy48a23SKgCbq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad90b380b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F155952bd-256a-4103-9017-437efcfb03bf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7005 bytes)
Hash
1985a957e6bc0c15d8489fa731e7f14e
4584bff61bf4d5c9b8fd3b97c048a8e6975e4323
9f3e1fd6e18d85d4f6645d077da643a3bc2cca611d5e85f534ba798102dca243

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F155952bd-256a-4103-9017-437efcfb03bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7005
x-amzn-requestid: c805d882-7a00-4abd-a239-d8313d7df0c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4aBwEaMIAMF09A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd6d7-6d6a417f10c9628a16d438e1;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:42:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IKhfVQWVUnhvct2w5S1BB3y79gpEZ6UIB8T6tOdg0532Hxo4BpXFXQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:19 GMT
age: 971
etag: "4584bff61bf4d5c9b8fd3b97c048a8e6975e4323"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js

172.67.164.11

200 OK

208 kB

URL HTTP/2
magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65451)
Size
208 kB (207738 bytes)
Hash
c8013358f3515c2335ece963fc89a107
9c52c14470ab80c6ff2736e48377c1fe4e5a67d1
926d8791d2a503e9ab2b72148f7a2d38cee7c55eb8387a63a427bb358d6ba76e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.9a4356cb47e7c63947459a99a47af102.js HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: application/javascript
last-modified: Fri, 12 Nov 2021 23:56:58 GMT
etag: W/"b7030-5d0a036e6e680"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iHcXHKMIaT7hp5%2B%2FYRgEIGOuhb2z0Mn3FEl%2FHQ899iV6fdbDLAc8wtC03k2aHVW1G6wPw1sKcDSdsD9DJ97TVXtLIjRemcDU9Ku5SA03GXTKEDvwsJPLfLH3sCnr3Dr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad90b4a0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10127 bytes)
Hash
b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gWZNsIn_FEbYwMeR1JArmPEgyuHEGgWsfb-wB6P_NrmoHhNgvGWoPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 22:05:08 GMT
age: 262
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base.min.2b40b1b39f98cea329b75ac4733abdbf.css

172.67.164.11

200 OK

0 B

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base.min.2b40b1b39f98cea329b75ac4733abdbf.css
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base.min.2b40b1b39f98cea329b75ac4733abdbf.css HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: text/css
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: W/"14ecb8-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajRfoF%2F7RziZ9jBCElp5Zm9OBBoWN5pklQg6gw4VvGqdyC5%2Bd%2BbWsOW5b3nbKA%2FoFcFIsyd7DeYHC01uTz08juNWW7%2Fwv%2FOq5ZyCfMAfPe1WugvMaWaelvTsu6xNejRn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb200b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js

172.67.164.11

200 OK

0 B

URL HTTP/2
magalfest.com//etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.652a558c3774088b61b0530c184710d1.js HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: application/javascript
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: W/"e22-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XUIHFqz39EeQogkpzRk5CUynUo2xN0TsWSYGjUL1SxjTuc0YTVLD0s0h%2FkOJqjNH2q69njplX%2FBhWsklPdmlQzjQzUQ2mKH4dhuRr24h48%2Fvqr4cutOXRWsnKP3Wjc%2FQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad90b4e0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js

172.67.164.11

200 OK

0 B

URL HTTP/2
magalfest.com//etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/sharedcomponents/components/fragments/modal-generic-error/v1/modal-generic-error/clientlib.min.2d598e5d51a32ffac757870976e94d21.js HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: application/javascript
last-modified: Fri, 12 Nov 2021 23:56:58 GMT
etag: W/"1de-5d0a036e6e680"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijoa%2BD7U1RvvhYmPGAe4NwkJXdCCk8IJX7W1S2WfWwbbBqLsfz7S78e3V%2FEHH2MKAucdRGO15z0s4ulxZB5SJIfOAuPPlckHXifQGKpfKbLKmNDIFdqpQ7t4IrkTvfwO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad90b3d0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.51b8a224aa8c5e5101bb0ec667ba1e77.css

172.67.164.11

200 OK

0 B

URL HTTP/2
magalfest.com//etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.51b8a224aa8c5e5101bb0ec667ba1e77.css
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET //etc.clientlibs/sharedcomponents/clientlibs/clientlib-base.min.51b8a224aa8c5e5101bb0ec667ba1e77.css HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: text/css
last-modified: Fri, 12 Nov 2021 23:56:56 GMT
etag: W/"9c51e-5d0a036c86200"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cf3vV5d89WPpFwsc0R21Szv%2Bwl3N1bmEdrDBx766QTw3Y1sw8n7TcOHDXHnLypymhuBb8SeTta4FeydSfKrP2CAjcU7BSp%2BcKKaENaUgfQsmtriFzFlMN3y9NzkzXnrl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad8fb1d0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js

172.67.164.11

200 OK

0 B

URL HTTP/2
magalfest.com//etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //etc.clientlibs/itau/clientlibs/clientlib-base.min.9c7dbd8d3858cb76c49b487bde47553e.js HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://magalfest.com//index14.php
Cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: application/javascript
last-modified: Sat, 28 May 2022 21:39:48 GMT
etag: W/"101eeb-5e0194317f100"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7kd4RbLCE7jMEEAwwxep8oR43v9zmOiSi5lCfXMPJ4meSP56EyCxQy0x43Urk%2F%2B3QLjKdQf24SsZXvxLDfZUKkCmw6v2k08f2owIfjF4Nyrz%2B3rRPT9%2Fpb4TcqTg7TG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f69ad90b510b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

magalfest.com//index14.php

172.67.164.11

200 OK

0 B

URL HTTP/2
magalfest.com//index14.php
IP
172.67.164.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Magalu
fortinet	Phishing

HTTP Headers

GET //index14.php HTTP/1.1
Host: magalfest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 23 Sep 2022 22:09:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.29
set-cookie: PHPSESSID=0orcs81koqtdn3qirm225r1rjq; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=598Yeh%2FYyNJiQckbJuyJqp9W3ghuA3%2B8Xpw5%2BqiWg9ilct4QdmzGMpFFrmTC51nGsKFARqjZ6CppZMYWVemJ1aCK9vUZ60tTrGBEAk5RT9V2TgcorCZKWNeEDCVigt%2F%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f69ad7da340b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (36)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size