Report - itau.clienteseguridadcl.com/App64e6ac0/access.php

Report Overview

Submitted URL
itau.clienteseguridadcl.com/App64e6ac0/access.php
IP
20.163.177.109
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2022-12-05 01:13:34
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.88.25.203
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	71 kB	34.120.237.76
kit.fontawesome.com	1868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	651 B	104.18.22.52
itau.clienteseguridadcl.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	700 kB	20.163.177.109
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ka-f.fontawesome.com	3598	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.2 kB	172.64.169.22
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.4 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-05	medium	itau.clienteseguridadcl.com/App64e6ac0/access.php	Phishing
2022-12-05	medium	itau.clienteseguridadcl.com/App64e6ac0/access.php	Phishing
2022-12-05	medium	itau.clienteseguridadcl.com/App64e6ac0/index.php	Phishing
2022-12-05	medium	itau.clienteseguridadcl.com/App64e6ac0/access.php	Phishing
2022-12-05	medium	itau.clienteseguridadcl.com/public/javascripts/jrut.js	Phishing
2022-12-05	medium	itau.clienteseguridadcl.com/public/javascripts/jquery.mask.js	Phishing
2022-12-05	medium	itau.clienteseguridadcl.com/public/javascripts/all.js	Phishing
2022-12-05	medium	itau.clienteseguridadcl.com/public/javascripts/jquery.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	itau.clienteseguridadcl.com/public/javascripts/jrut.js	5.3 kB	2023-03-08	2023-04-05
Pretty URL itau.clienteseguridadcl.com/public/javascripts/jrut.js IP 20.163.177.109 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:02:38 Last Seen2023-04-05 01:39:27 Times Seen4 Hash 69f352251de3cbb1ed7cb19478c3fc05 c3bf2e82b1dbc729d4fe79d55e975e1490a26d11 b870f7f68c361abe4908763a4c54b9aad421a146212d2936d280b1caa2153f08 Loading...

	itau.clienteseguridadcl.com/public/javascripts/jquery.mask.js	6.3 kB	2023-03-07	2024-02-22
Pretty URL itau.clienteseguridadcl.com/public/javascripts/jquery.mask.js IP 20.163.177.109 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:33 Last Seen2024-02-22 02:58:52 Times Seen32 Hash d9cb127916735fbb1f1969ceac77d065 ba5dacea00d62cdb6fdbac0dc8d960726175f82e e28402acf82dc0bbd4cb1cbd1bca97cbee7d8862d828a31d256a8821eca5b299 Loading...

	itau.clienteseguridadcl.com/public/javascripts/jquery.min.js	87 kB	2023-03-07	2024-04-24
Pretty URL itau.clienteseguridadcl.com/public/javascripts/jquery.min.js IP 20.163.177.109 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:32 Last Seen2024-04-24 20:05:32 Times Seen2977 Hash 378087a64e1394fc51f300bb9c11878c 0c3192b500a4fd550e483cf77a49806a5872185b 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de Loading...

	itau.clienteseguridadcl.com/public/javascripts/all.js	2.2 kB	2023-03-08	2023-03-10
Pretty URL itau.clienteseguridadcl.com/public/javascripts/all.js IP 20.163.177.109 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:02:38 Last Seen2023-03-10 16:20:26 Times Seen1 Hash fed7d901979f7d079120a284cbf53120 145fc8c19c699839f700d18720cc864cfb40e05d a274b21eba56f59464e33c3559c748acb7cddf133770162dfea3e478742932de Loading...

	itau.clienteseguridadcl.com/App64e6ac0/access.php	88 B	2023-03-08	2023-03-10
Pretty URL itau.clienteseguridadcl.com/App64e6ac0/access.php IP 20.163.177.109 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:02:38 Last Seen2023-03-10 16:20:26 Times Seen1 Hash da13662a2331e8fcb30467800c052ebd 7dd5e296b29d2cdab491cc344f6af0159b65adc0 5317233e45cb8eb7cd3b85835b47bc80ce0aca56535bd79aafea625341d9c06a Loading...

	itau.clienteseguridadcl.com/App64e6ac0/access.php	1.3 kB	2023-03-08	2023-03-10
Pretty URL itau.clienteseguridadcl.com/App64e6ac0/access.php IP 20.163.177.109 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:02:38 Last Seen2023-03-10 16:20:26 Times Seen1 Hash 77d749baa0c64bca9cfc50e035246af6 4deabcb0e84556266680b71cf72bb66b6d308b13 46d7fa33de83a91cfcba3ee2b12c463a3fb4c299e0cde04f7b94ce9f25dc6083 Loading...

	kit.fontawesome.com/eb32f84b17.js	11 kB	2023-03-07	2024-02-22
Pretty URL kit.fontawesome.com/eb32f84b17.js IP 104.18.22.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:54 Last Seen2024-02-22 02:58:52 Times Seen7 Hash 7efe7fcdbcdd36b71414aeaa12745179 8f83b203c51c4b43adf116da259d4c11d51eee1a 14342dd2b960f5005eb7976420e312661a7ab1bc080350eebd06b227000bc483 Loading...

HTTP Transactions (48)

URL IP Response Size

itau.clienteseguridadcl.com/App64e6ac0/access.php

20.163.177.109

301 Moved Permanently

342 B

URL HTTP/1.1
itau.clienteseguridadcl.com/App64e6ac0/access.php
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
342 B (342 bytes)
Hash
19236c1355942bc346c885032f780377
17504b3d8669e3692e8a9df2d6b74cd5004470b3
c619dcf808ba48658ba30f887c785782b6d07eccd10af962f31af935e24bd2a9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /App64e6ac0/access.php HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 05 Dec 2022 01:13:21 GMT
Server: Apache
Location: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Content-Length: 342
Connection: close
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13969
Expires: Mon, 05 Dec 2022 05:06:10 GMT
Date: Mon, 05 Dec 2022 01:13:21 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4874
Cache-Control: max-age=124750
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 01:13:21 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:52:31 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5560
Expires: Mon, 05 Dec 2022 02:46:01 GMT
Date: Mon, 05 Dec 2022 01:13:21 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 00:20:10 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3191
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Tf2s3cYbGHM4y6zHPIb8SMlThTq6yL82/mrxUVKtU0JGoOCAV7P+/T806Cg8AC421B7Jqwv9OOY=
x-amz-request-id: BWM2593CGGHDWYGW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 00:47:46 GMT
age: 1535
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 01:13:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
902efa19b78487efaef77806b73a7696
f06aba3ac9f21637b8bd91922f54211f830a8007
bb7383e6fd711ed58d21a0aaeba6d19de010a435a5a7d68fe09e25dc905b8b6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB7383E6FD711ED58D21A0AAEBA6D19DE010A435A5A7D68FE09E25DC905B8B6B"
Last-Modified: Fri, 02 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Mon, 05 Dec 2022 07:13:07 GMT
Date: Mon, 05 Dec 2022 01:13:21 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 01:11:19 GMT
cache-control: public,max-age=3600
age: 122
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4868
Cache-Control: max-age=119677
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 01:13:22 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:27:59 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

itau.clienteseguridadcl.com/App64e6ac0/access.php

20.163.177.109

302 Found

1.9 kB

URL HTTP/2
itau.clienteseguridadcl.com/App64e6ac0/access.php
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.9 kB (1877 bytes)
Hash
80cfdbdec45df1caddbdad958ec63f7e
520e0767bc860b3a5bfa16046d7feeb9d6788bc0
775236770813ef84bd265de699ceebad83bdc0e31be1b243a8aec856d8c00e17

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /App64e6ac0/access.php HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig; path=/
location: index.php
vary: Accept-Encoding
content-encoding: gzip
content-length: 1877
content-type: text/html; charset=UTF-8
date: Mon, 05 Dec 2022 01:13:21 GMT
server: Apache
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.88.25.203

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.88.25.203:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QiI8B1bHq7Bd0hQ4E4554g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: g858cJ82EzMsaQ6Ft4TB6KN/fbY=

itau.clienteseguridadcl.com/App64e6ac0/index.php

20.163.177.109

302 Found

0 B

URL HTTP/2
itau.clienteseguridadcl.com/App64e6ac0/index.php
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /App64e6ac0/index.php HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: access.php
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 05 Dec 2022 01:13:22 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/App64e6ac0/access.php

20.163.177.109

200 OK

2.1 kB

URL HTTP/2
itau.clienteseguridadcl.com/App64e6ac0/access.php
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.1 kB (2057 bytes)
Hash
d450eb1afd111a3c0e685aec935bf183
6bd10c4982ae56070d0ab37f56bbe816ca7bf9f3
0f7bf377b1c2fb1ff3fc2a5aa4bb6acb6b18688a06f45d10b1a2acd86997f902

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /App64e6ac0/access.php HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
content-length: 2057
content-type: text/html; charset=UTF-8
date: Mon, 05 Dec 2022 01:13:22 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f527538401127203629d92831d1e1691
c1da98738539587cc8a069bfebe1cf413198ce76
f0fe7c982f2aa7fa3f2e39c741bb494209507c463c1e48a7cfba1abaacbf0d7f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3673
Cache-Control: max-age=129285
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 01:13:23 GMT
Etag: "638c8d5f-1d7"
Expires: Tue, 06 Dec 2022 13:08:08 GMT
Last-Modified: Sun, 04 Dec 2022 12:06:55 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

itau.clienteseguridadcl.com/public/styles/reset.css

20.163.177.109

200 OK

769 B

URL HTTP/2
itau.clienteseguridadcl.com/public/styles/reset.css
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with CRLF line terminators
Size
769 B (769 bytes)
Hash
dc97d71499538173ca2e1a73ca7002ef
c05d5dc684c6bf364c80a2cb42196d4603d4717e
a1b9526d7a84917c12f615264bae43078341d24bf59d8ba9175b0cc71645e058

HTTP Headers

GET /public/styles/reset.css HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 20 Jan 2022 19:49:48 GMT
etag: "6b6-5d608ce03ef00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 769
content-type: text/css
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_back.png

20.163.177.109

200 OK

605 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_back.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
605 B (605 bytes)
Hash
c9094b02912aa7eef4b4d6fc4af47b90
73eac9e2b536fb949a34f8776c3ad2c31cceca80
831123fa9246bf5ba5a439c54d860e54ca120b9cc8a0a9cd67d06ca5eaf619c0

HTTP Headers

GET /public/images/icon_back.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:05:36 GMT
etag: "25d-5cd1138e19800"
accept-ranges: bytes
content-length: 605
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/styles/web.css

20.163.177.109

200 OK

2.9 kB

URL HTTP/2
itau.clienteseguridadcl.com/public/styles/web.css
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (429), with CRLF line terminators
Size
2.9 kB (2944 bytes)
Hash
3f613e59ed670aa062543d5d01bcc868
07f8b7a06a971c60576da33e131fe60aefe6f726
172c84a32f783d7957f9d23a5ad9d961cfac2ee98cf0ae3e8a02a3a749c937e1

HTTP Headers

GET /public/styles/web.css HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 20 Jan 2022 20:55:12 GMT
etag: "3948-5d609b7e76c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2944
content-type: text/css
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_lock.png

20.163.177.109

200 OK

581 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_lock.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
581 B (581 bytes)
Hash
d3f35d4440b1c71519f00752f80638f6
f53b0689c07347932a4d724c31fc90efe0fba456
c25112e81acf9a71bed2d4403356fc006cda1c8dee7bd2a090c72ac382913581

HTTP Headers

GET /public/images/icon_lock.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 18:09:24 GMT
etag: "245-5cd121d0c3d00"
accept-ranges: bytes
content-length: 581
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_rec_1.png

20.163.177.109

200 OK

601 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_rec_1.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 24 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
601 B (601 bytes)
Hash
800754bd405263cb61c15d511f9833c2
5d7928b6aab3d0ac43339fc9d1acf73fdd8efb59
026246d59baa670144c9867ecf74adb03019597cfe3c3be4f0a25b58220e72c5

HTTP Headers

GET /public/images/icon_rec_1.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:20:50 GMT
etag: "259-5cd116f5c2080"
accept-ranges: bytes
content-length: 601
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_rec_2.png

20.163.177.109

200 OK

804 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_rec_2.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 24 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
804 B (804 bytes)
Hash
bfaa91e19f357ae9f631d461e93cd15b
a73bd46b96f38226cdedc0ce6ea7d761303f6f31
64e9069db08075ad828fa7a6399fdf557b369890a912df781534c2f69075c4f8

HTTP Headers

GET /public/images/icon_rec_2.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:21:00 GMT
etag: "324-5cd116ff4b700"
accept-ranges: bytes
content-length: 804
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_rec_3.png

20.163.177.109

200 OK

683 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_rec_3.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 24 x 23, 8-bit/color RGB, non-interlaced\012- data
Size
683 B (683 bytes)
Hash
88c928921cf8da2f6a4a371f4e83a8e6
313076344cb4bc2a193106cde646866460772906
ecb0722b625a146f6ef3ea2a502affd78e27d6f8c3b965811a0e03ce20353117

HTTP Headers

GET /public/images/icon_rec_3.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:21:24 GMT
etag: "2ab-5cd117162ed00"
accept-ranges: bytes
content-length: 683
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_help.png

20.163.177.109

200 OK

738 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_help.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 20 x 20, 8-bit/color RGB, non-interlaced\012- data
Size
738 B (738 bytes)
Hash
077b3611426a9edf4fe99fca774d0a50
56173892d4b90057810d5ec6d3edc542bf751216
cc92667feb9bd6c882ae05668324e21099930721bdb7660f3449511455aa2703

HTTP Headers

GET /public/images/icon_help.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:26:52 GMT
etag: "2e2-5cd1184efcf00"
accept-ranges: bytes
content-length: 738
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_rec_4.png

20.163.177.109

200 OK

947 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_rec_4.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 24 x 23, 8-bit/color RGB, non-interlaced\012- data
Size
947 B (947 bytes)
Hash
2693d9476e77b3f9b7dd7efccf521d9a
95c6c759e7af8bfe324f22a0eb58bf2d52e7bb5b
bbb9c603f57acbe11a14d84ccdf066dff2c04186baa4e6e1c069a40c496f2200

HTTP Headers

GET /public/images/icon_rec_4.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:21:44 GMT
etag: "3b3-5cd1172941a00"
accept-ranges: bytes
content-length: 947
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/logo.png

20.163.177.109

200 OK

3.9 kB

URL HTTP/2
itau.clienteseguridadcl.com/public/images/logo.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
3.9 kB (3913 bytes)
Hash
19ad64f1cd518083c3c63dd2c11b92c4
d115daf163552e12190951d66a1a1818b342d9a0
ebb81553415bb0eabd6ebbfec35d9faca5caf60c7d5ce5a699bb126b3fecc196

HTTP Headers

GET /public/images/logo.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:07:16 GMT
etag: "f49-5cd113ed77900"
accept-ranges: bytes
content-length: 3913
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_email.png

20.163.177.109

200 OK

651 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_email.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
651 B (651 bytes)
Hash
350ccc42820ddf8d59d65429322af43e
3abc4faaa52fc0b522a4941aa9d98daa58cda9ce
a1110dc5fe6b32e44fac5a2153c86c700b89632a1cc1f9b57f0c0e41cc60c1b8

HTTP Headers

GET /public/images/icon_email.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:30:44 GMT
etag: "28b-5cd1192c3d900"
accept-ranges: bytes
content-length: 651
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/icon_phone.png

20.163.177.109

200 OK

739 B

URL HTTP/2
itau.clienteseguridadcl.com/public/images/icon_phone.png
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
739 B (739 bytes)
Hash
57d287b794315389cdd94c0951e83c6d
01e1344f9110730fe7aea9d07d451cbb9ec22c5b
03d612bd135e69234d87f631121456e1331b1c217d2db203984cd4d6f79d94ae

HTTP Headers

GET /public/images/icon_phone.png HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:30:18 GMT
etag: "2e3-5cd1191371e80"
accept-ranges: bytes
content-length: 739
content-type: image/png
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/javascripts/jrut.js

20.163.177.109

200 OK

1.4 kB

URL HTTP/2
itau.clienteseguridadcl.com/public/javascripts/jrut.js
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.4 kB (1423 bytes)
Hash
71b45ea840eba8e004dd4d4aa3cddfcc
aebc055025e8a643ed5c3b26278de8182edcc155
2e9ddcba33351113590e2b07eeeadf8fdc390d2d23113f91f54aa5e87bbab67e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/javascripts/jrut.js HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 25 Jun 2020 17:30:48 GMT
etag: "14bb-5a8ebf4006200-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1423
content-type: application/javascript
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/javascripts/jquery.mask.js

20.163.177.109

200 OK

2.7 kB

URL HTTP/2
itau.clienteseguridadcl.com/public/javascripts/jquery.mask.js
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (532), with CRLF line terminators
Size
2.7 kB (2681 bytes)
Hash
3f96df12bf903b45e99b6d98fe9911e5
9603ac371ce7313a90770ca7925be6541da585d9
19e89d9ed40b93d7063374e200fa068d55721cffb6abe454e5f95bc5081e3f4b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/javascripts/jquery.mask.js HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 Mar 2019 22:30:22 GMT
etag: "18bd-5848e2acf3b80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2681
content-type: application/javascript
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/javascripts/all.js

20.163.177.109

200 OK

580 B

URL HTTP/2
itau.clienteseguridadcl.com/public/javascripts/all.js
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
580 B (580 bytes)
Hash
f8cbe5bd6e58461b134133d3283050c2
53eaf78d6bf5e4431e23f22415fdfecd2137d733
397248776032205d4109c334fa20e783934874ccc9bd0d755057f2d5b13a35a0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/javascripts/all.js HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 21 Jan 2022 02:01:02 GMT
etag: "873-5d60dfda63380-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 580
content-type: application/javascript
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7686
Expires: Mon, 05 Dec 2022 03:21:29 GMT
Date: Mon, 05 Dec 2022 01:13:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7686
Expires: Mon, 05 Dec 2022 03:21:29 GMT
Date: Mon, 05 Dec 2022 01:13:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7686
Expires: Mon, 05 Dec 2022 03:21:29 GMT
Date: Mon, 05 Dec 2022 01:13:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7686
Expires: Mon, 05 Dec 2022 03:21:29 GMT
Date: Mon, 05 Dec 2022 01:13:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7686
Expires: Mon, 05 Dec 2022 03:21:29 GMT
Date: Mon, 05 Dec 2022 01:13:23 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15537f94-1f24-4010-9d46-d70fec20ced3.jpeg

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15537f94-1f24-4010-9d46-d70fec20ced3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6827 bytes)
Hash
1be5ade2f8eb160f9974766374c9dd01
8d3d92355304ccfcd50ae96f55b2754220f05187
5087642c70cd92613c2a490b532fc7651c4b25f8712a59b4f7a178cc44cdf90f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15537f94-1f24-4010-9d46-d70fec20ced3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6827
x-amzn-requestid: d4dfc77c-65cc-46f1-b8a3-ea6cebd0976d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUYE2woAMFgPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-639ca0813c23b9cb75ff24c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lhweRJZbG0P_lxekUIz506RXW5f9iVQ1Cvfg-k3gJTWHIrzTu2uenQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 04:50:02 GMT
age: 73401
etag: "8d3d92355304ccfcd50ae96f55b2754220f05187"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10396 bytes)
Hash
24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 11422
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5276 bytes)
Hash
f0402b0c3474a5bd3b1ba804528b64a8
2d47af0fb664d9fec52549bb3bdba1dfd8911bb2
7f87af77663b8bf22211e135554ada8865cdcf6499e9fcf0f3442b10ca3984e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5276
x-amzn-requestid: d337310e-59be-4268-bfd0-8cc4f2c91a11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_soE98IAMF0aA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-230591591f8fd0984c222549;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x7xrn7E3aUdw75Br3B_GcqRhg-i5FcqG2NRMo4Pa5VhqjblbsvcgDg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 12308
etag: "2d47af0fb664d9fec52549bb3bdba1dfd8911bb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b8e1482-c241-410e-81b0-55ea5ac84c98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7631 bytes)
Hash
50eeb012f0903f0848c8afcd6b26a7ec
ff7740d3c12ce7ab23291272221c0d9503f9c139
f4aeac45941c34d8e0794d20a4bb2658b020fed85c5059f247844f2755bc9d72

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b8e1482-c241-410e-81b0-55ea5ac84c98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7631
x-amzn-requestid: 9fc3a621-dcd9-4332-b085-6cda0cb25ac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUYF2toAMFVkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-36f6c7d67940ed18394328c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: azPc-KWHbEA3DMhyphQq3zERUrF14hxrEHwxDZZfcFlu5-IpyKwtgw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 03:21:46 GMT
age: 78697
etag: "ff7740d3c12ce7ab23291272221c0d9503f9c139"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10183 bytes)
Hash
99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 0cdea572-aab4-4d52-948b-976170a787a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uLHQZoAMF4hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1327-7948052f39c4f6071b4a0e0d;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vhtd0Bo5kTQySEn0vD_RJin0usoC7GQvK74fhVtrtZNEy64_vrWQNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 12457
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12348 bytes)
Hash
b8e6f84dff61fedd8ff9baa9bb648883
f8d5cc7b315879b66a11b403463da1330617d2fa
025c66a4a0e7927353e1733d7f8cfb6ec3c9c0228d34267cbff11f09cf112127

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12348
x-amzn-requestid: 72f681ef-9ae7-4fc5-8539-230e1d4277a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKa_HpTIAMFrcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abddf-43ef45165fd982997e5018c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:09:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ee7Rihwq-F-zcJWcnxZtfzfmhrn0w3mub_5F4j8u0r2Uc91oXrKPzA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 04:17:01 GMT
age: 75382
etag: "f8d5cc7b315879b66a11b403463da1330617d2fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/javascripts/jquery.min.js

20.163.177.109

200 OK

30 kB

URL HTTP/2
itau.clienteseguridadcl.com/public/javascripts/jquery.min.js
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
30 kB (30313 bytes)
Hash
ce93c33b71763f3e28eb7143970bc99f
55be0c55a057d50145b5f98c1f052f037f4f8121
67de797f8fc77b76b35acde3b604f60aa8d768f1bf226eb20ed13db08cdbcb10

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/javascripts/jquery.min.js HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/App64e6ac0/access.php
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 Mar 2019 22:30:22 GMT
etag: "15391-5848e2acf3b80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 30313
content-type: application/javascript
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

itau.clienteseguridadcl.com/public/images/bg_login.jpg

20.163.177.109

200 OK

641 kB

URL HTTP/2
itau.clienteseguridadcl.com/public/images/bg_login.jpg
IP
20.163.177.109:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1440x961, components 3\012- data
Size
641 kB (641282 bytes)
Hash
5568a4cdeb797c944c0488a49eb85d45
bcf56f1de8fc5cd9a135b8613e598c86ad7f76d3
1c7ffbca74f3665ac0ef787ddfee7c2b3df8a4a2ab2d1e0620dc5d968f5b1aec

HTTP Headers

GET /public/images/bg_login.jpg HTTP/1.1
Host: itau.clienteseguridadcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/public/styles/web.css
Cookie: PHPSESSID=f5s2ag5nfipkhp9n8gle0oq4ig
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Sep 2021 17:32:40 GMT
etag: "9c902-5cd1199adde00"
accept-ranges: bytes
content-length: 641282
content-type: image/jpeg
date: Mon, 05 Dec 2022 01:13:23 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11253 bytes)
Hash
557fea28a0a540d2ffdadd828e03de0b
c314368e2e73dabf2c5d856e2c3e1fae610a3005
0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iT3IPDIK-qKf-y1_x7hZNSW-4GqKLNuX6U__8bY8eZP178PPnD0IeA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:57:03 GMT
age: 11787
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

kit.fontawesome.com/eb32f84b17.js

104.18.22.52

200 OK

0 B

URL HTTP/2
kit.fontawesome.com/eb32f84b17.js
IP
104.18.22.52:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eb32f84b17.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://itau.clienteseguridadcl.com
Connection: keep-alive
Referer: https://itau.clienteseguridadcl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 01:13:23 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: Fy0NAUrBv_lSHh3OErOh
cf-cache-status: HIT
age: 17
server: cloudflare
cf-ray: 7748eb40bed3b512-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=eb32f84b17

172.64.169.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=eb32f84b17
IP
172.64.169.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free.min.css?token=eb32f84b17 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itau.clienteseguridadcl.com/
Origin: https://itau.clienteseguridadcl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 01:13:24 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 802b22fb82cbd19ab6347f222b45a3fc.cloudfront.net (CloudFront)
x-amz-cf-pop: MAN51-P1
x-amz-cf-id: u3MbkdpBmzP5NrXUmlh0djICzwyT28aaH_d5CYlmJtjkY5xfHp2dkg==
age: 198252
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=svNo2gGENSnFgUFK0E96W%2FerdI6wcYMBB%2FAtlwZCUSkqm%2FdbLjrtpcFEPRiwMDrXCfdHQEfQCsXgI2daFwImEQxIMeYsjKfZymjn07uQ3jSBHTNvfXADWEob4BBUeuTXd%2FXC%2FtUHSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7748eb458f218892-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=eb32f84b17

172.64.169.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=eb32f84b17
IP
172.64.169.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free-v4-shims.min.css?token=eb32f84b17 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itau.clienteseguridadcl.com/
Origin: https://itau.clienteseguridadcl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 01:13:24 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 728b6476f3e2317ec8044d22806d4f94.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: JnA3iK1mmvA9M6zjjqLRewlemp9QQ_4grBOqW_dxH3yMLAI76HW3iw==
age: 2026
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EyBJ6ZzJEaFMvFLoAJRWNhmDNj090%2BbgKYbkD%2FcmE51Rbvx9Cayp8bU%2FtKit4%2BA91zSDrztlNOBxp6q0RDwdkZa8Hn3OwlYQs3wZJI5r94OllTIGaP6%2Bz5H2HUFLNqAzKY6KyWeL7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7748eb45af3e8892-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=eb32f84b17

172.64.169.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=eb32f84b17
IP
172.64.169.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=eb32f84b17 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itau.clienteseguridadcl.com/
Origin: https://itau.clienteseguridadcl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 01:13:24 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5cc9a5f68f19f12fe64955f6a6f5cc3c.cloudfront.net (CloudFront)
x-amz-cf-pop: MAN51-P1
x-amz-cf-id: 2qkHAC2R191DeI2_5zZPAVUQ0LHf0Q7j2wmTtkogYHWoGrVlBshlAg==
age: 198252
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xHby7IQtE4YqFdYpqK1dCdbCdrzVhueOcbDsrXrjlabKKakpm3f%2BJdlo0mr1pm0xZ16n%2F4Oey5HfNE07eXVBZlyEXd%2Fy3lzBtuUe%2FTKs%2FUPaTZjh84%2BKC7ZyloaPC%2Bfj6r6X9Uisw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7748eb459f388892-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (48)

URL HTTP/1.1

IP

ASN

File type

Size