Report - appscvrtlbnc.at.ua/index.html

Report Overview

Visited public
2023-11-25 13:55:44
Tags
bancolombia financial phishing
URL
appscvrtlbnc.at.ua/index.html
Finishing URL
appscvrtlbnc.at.ua/index.html
IP / ASN
213.174.157.153
#39572 DataWeb Global Group B.V.
Title
appscvrtlbnc.at.ua/index.html
Phishing - Bancolombia

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
avmrnitf.online	unknown	unknown	No data	No data	1.7 kB	94 kB	82.163.176.120
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-25 06:01:20	514 B	21 kB	142.250.74.106
appscvrtlbnc.at.ua	unknown	unknown	No data	No data	946 B	1.6 kB	213.174.157.153
sig-colombia.digital	unknown	2023-01-22	2023-01-22 19:33:01	2023-10-11 07:47:42	7.2 kB	2.9 MB	172.67.214.244
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-25 07:40:19	531 B	21 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-25 13:55:29	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-11-25 13:55:29	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-11-25 13:55:29	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-11-25 13:55:29	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-11-25 13:55:30	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	avmrnitf.online/js/scripts.js	ScriptElement	2.2 kB	2023-05-25	2024-08-20
Pretty URL avmrnitf.online/js/scripts.js IP 82.163.176.120 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 04:52 Last Seen2024-08-20 17:58 Times Seen4 Hash 08df6a4e9ee2c1301d0fe08068f0b3cd e7fb4ce1172a1fedaaf7792ef1bbbd9c698fdb38 bbda0cc2c98637f9c0f6b5ea81b6d6a0fb2f11a4a8ed7865de2398026af53433 Loading...

	avmrnitf.online/js/script19.js	ScriptElement	19 kB	2024-08-20	2024-08-20
Pretty URL avmrnitf.online/js/script19.js IP 82.163.176.120 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:58 Last Seen2024-08-20 17:58 Times Seen1 Hash c946409672c3a17389bc3e058987d7c1 559662c33e82f5cd539468b0ded1f16fe220acd9 0d2e973313d1fa317e252681d37d59bd8d39223b110ffa6eee799df13eb7e88e Loading...

	avmrnitf.online/prub2.php?p	ScriptElement	71 kB	2024-08-20	2024-08-20
Pretty URL avmrnitf.online/prub2.php?p IP 82.163.176.120 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:58 Last Seen2024-08-20 17:58 Times Seen1 Hash f9cadda8ebdfad41dd4561642f84655e 9d47c7a7af8bd335c5d9920492aae894817a1aa2 f0304b03209f7e6e931d13b8bd42fd3ffcaec3d4b50394a518f37cac46dd8cef Loading...

	avmrnitf.online/js/script1.js	ScriptElement	257 B	2023-11-25	2024-08-20
Pretty URL avmrnitf.online/js/script1.js IP 82.163.176.120 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-25 14:55 Last Seen2024-08-20 17:58 Times Seen4 Hash ad83f58caeaa4a61ef3f2da5302d9e0d d62a01ebac6323f62d23392512702340d627267d 678a4e9f41219228c2e83ab565379224bdd8715471895a0f268d6d62c99cb6f7 Loading...

HTTP Transactions (23)

URL IP Response Size

appscvrtlbnc.at.ua/index.html

213.174.157.153

200 OK

102 B

URL User Request GET HTTP/1.1
appscvrtlbnc.at.ua/index.html
IP
213.174.157.153:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerDigiCert Inc
Subject*.at.ua
Fingerprint83:FD:F3:FB:1B:38:C0:08:42:80:B1:64:65:1D:9F:FC:31:BA:6E:B2
ValidityFri, 16 Jun 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with no line terminators
Size
102 B (102 bytes)
Hash
fc5088205f9bef967fd8f6813407e1c8
6ac0c5e779b38e8bfec1ebea2aed8d4cb910cc69
6cde6a6e3c4c5f11668237b2e61b9843ee3ee299fdecdf7d99f13c862cd457e7

HTTP Headers

GET /index.html HTTP/1.1
Host: appscvrtlbnc.at.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Nov 2023 13:55:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Fri, 15 Dec 2023 13:55:26 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

appscvrtlbnc.at.ua/favicon.ico

213.174.157.153

200 OK

894 B

URL GET HTTP/1.1
appscvrtlbnc.at.ua/favicon.ico
IP
213.174.157.153:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerDigiCert Inc
Subject*.at.ua
Fingerprint83:FD:F3:FB:1B:38:C0:08:42:80:B1:64:65:1D:9F:FC:31:BA:6E:B2
ValidityFri, 16 Jun 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
894 B (894 bytes)
Hash
a3a0510761359bcc2613a45c76546d42
c66b17eac9b5b07d4c3242448b079adc2949128e
e50d733849b9ff216b9cb7d884bffe006c908a71106455f7a25f297fce487f32

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: appscvrtlbnc.at.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Nov 2023 13:55:27 GMT
Content-Type: image/x-icon
Content-Length: 894
Last-Modified: Thu, 28 Jan 2016 13:32:45 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "56aa187d-37e"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

sig-colombia.digital/images/200.gif

172.67.214.244

200 OK

9.6 kB

URL GET HTTP/2
sig-colombia.digital/images/200.gif
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
GIF image data, version 89a, 200 x 200\012- data
Size
9.6 kB (9559 bytes)
Hash
a6178f443133606fe19006604d0cafb5
516320b719d93b825d56122228ab1d71f8767634
7983d92d94ac1327a01aae67c2713fef1f541d59ce98cb3b7535b3a69beeb86f

HTTP Headers

GET /images/200.gif HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: image/gif
content-length: 9559
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SUWzaK9LmQxxSvuW7xKR945D0M66pC5DLp8mMWEmkGq%2FLoj060tyQBnX1l8mmYZG531Heb%2BU2hOOQZ1SUMMm7ymN%2FzPGeHIsm1r4QaOJsjzrpQW03%2FpIyKc%2FefVqXp21ZSoeqAlr%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63b65ff25695-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2

216.58.207.227

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20040, version 1.0\012- data
Size
20 kB (20040 bytes)
Hash
a61c670a24d6794a95a9712f0d12b656
c9b3114b27790109ec51508f51f1a033ccfe0812
a4f5230d39a7a21971fe62ccde2443345638d2beaa369b752820390a687b91b6

HTTP Headers

GET /s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://appscvrtlbnc.at.ua
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:24:29 GMT
expires: Fri, 22 Nov 2024 23:24:29 GMT
cache-control: public, max-age=31536000
age: 138659
last-modified: Thu, 14 Sep 2023 00:51:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sig-colombia.digital/images/success.svg

172.67.214.244

200 OK

845 B

URL GET HTTP/2
sig-colombia.digital/images/success.svg
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
845 B (845 bytes)
Hash
d29f1779664178a55ed87236fd97c302
7f5ccfe2f13ffa125bc5a834acea328c62e9ff89
83aae1af3f49faf159b1435378ddfd473f5b569ba4cbc8364f7b46ab6884b98b

HTTP Headers

GET /images/success.svg HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mk7W5Un4N4MBAF9PBbemIhz8%2BLXRaD%2BXaKeLx9guo5WeZVQch%2BENY1ZFW0Z7onimQ21hzFjDC5e%2B1YNwG1uKLgS1rGKJfJxIVMJTGcuGTC8rwNY2kDt8WKtJ2K6M2FT4CLVM307Pqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ba63b65ffc5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sig-colombia.digital/images/pub.png

172.67.214.244

200 OK

48 kB

URL GET HTTP/2
sig-colombia.digital/images/pub.png
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 627x327, components 3\012- data
Size
48 kB (47804 bytes)
Hash
085532800ace541124cb3472d27a2365
153ac0b32e31c472e021e450b6e48f4564a4c40f
35500fe4c97323624f089389243374c56e666e25478685a849c2456461a6163d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /images/pub.png HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:29 GMT
content-type: image/png
content-length: 47804
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kJikcIJJ%2BQnYDA%2BH8dDe5bpLETTJYnkZyO7Uy9jKcnbWzPqOHhA67SvXDq8u5aTQs9o6AB9up3KaVWlQq5EUdzJeHdKbNF5s5NvV9BEHzwZ%2F83E2xH7y%2Ff8Hw70eEjydISBkaaRhNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63b65ff05695-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sig-colombia.digital/fonts/iconfonts/icon-user.png

172.67.214.244

200 OK

447 B

URL GET HTTP/3
sig-colombia.digital/fonts/iconfonts/icon-user.png
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
447 B (447 bytes)
Hash
0e3457ed5ea858d1e9287ef66dcbbfe4
006c99b62e141ebbc69f6e06cab757995d3f7417
75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/iconfonts/icon-user.png HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sig-colombia.digital/fonts/iconfonts/icon_font.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 25 Nov 2023 13:55:29 GMT
content-type: image/png
content-length: 447
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:29 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ogrwPOGD26sY4kPx0z1y7haUMnCUX%2B4yojdfPilbctPvjPvVQ5FhbSi%2BbgR24bQshuoacDq8jMR07%2FCittzlxqV5BfQoPmkppaPOjsDY3kxavpdlqx%2Fcx3wghy5G9Fl2o%2Br8DXelgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63ba3edeb503-OSL
alt-svc: h3=":443"; ma=86400

sig-colombia.digital/fonts/arimo/arimo-regular-webfont.woff

172.67.214.244

200 OK

24 kB

URL GET HTTP/3
sig-colombia.digital/fonts/arimo/arimo-regular-webfont.woff
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
Web Open Font Format, TrueType, length 24488, version 1.23\012- data
Size
24 kB (24488 bytes)
Hash
b02d7af5d6a17170e4cb78fc6eeec94a
dc7424f67d29ac14b682407a0bb903ff5c6021b1
159c82dfeb20459ed55849f8fa7937e022188195cdd500497e034b31fd425f50

HTTP Headers

GET /fonts/arimo/arimo-regular-webfont.woff HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://appscvrtlbnc.at.ua
DNT: 1
Connection: keep-alive
Referer: https://sig-colombia.digital/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 25 Nov 2023 13:55:29 GMT
content-type: font/woff
content-length: 24488
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:29 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vaMLtkJmpTsWmmjUaFBIFNJKaiknD%2BacnZOrhw%2FYvrfJdz3KFNcqQwObNosDI%2FPu5SJjh6BHiSq8mzVNvDdN7yBh9Vn%2F%2Btikx9aSMcuKSt5QC1hSArKA0kOB00S3QtPQA7xkvykSUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63ba4ef3b503-OSL
alt-svc: h3=":443"; ma=86400

sig-colombia.digital/images/din.gif

172.67.214.244

200 OK

2.3 MB

URL GET HTTP/2
sig-colombia.digital/images/din.gif
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
GIF image data, version 89a, 710 x 378\012- data
Size
2.3 MB (2346912 bytes)
Hash
100549694cd9922e9d2d2a2f6de604ca
36627e1b24afefea487023af6351280b7cef5d55
e5c79fee3cfe4388943f9b1b8a4938abdcaa4a017f0b599d5dc1ebbeea1ffe77

HTTP Headers

GET /images/din.gif HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:29 GMT
content-type: image/gif
content-length: 2346912
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4R9eKIYgEY3TDvUHLCycexNkIdKuCR2DLcMMNBgnwiEBH%2Bvp68Xu3Cy16el1afl3QipYrW0ksbHwecTpH8Dqyll9Em3TdUa8guKVUxgv%2FEuVW5SHTup8NYxR5kAXUVbfiTbHmaNEVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63b65ff15695-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sig-colombia.digital/css/style.css

172.67.214.244

200 OK

6.3 kB

URL GET HTTP/2
sig-colombia.digital/css/style.css
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
ASCII text, with very long lines (6347), with no line terminators
Size
6.3 kB (6347 bytes)
Hash
06065c8784da6e008ed9a39ea181beb4
4d8b355166d4592c0d5f9d1d8f8220c75d108197
be75931c918f1fc26a1b209d4d3492a51b30827a59acf8c434d2966b91fb5551

HTTP Headers

GET /css/style.css HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJEIDnTIyyQktQfYCbsx8FgwhudC57VhufGjLKAXkkRe%2B5iHz%2BIxwoRTJHnqPTvXlijaFkQZK1p50AH7y54bVwjsczYmkmLS7PxJ8Xa0FvyLoEHgAMqkH129VTo81MmBSuUUcZRLeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ba63b658065695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

avmrnitf.online/js/scripts.js

82.163.176.120

200 OK

2.2 kB

URL GET HTTP/2
avmrnitf.online/js/scripts.js
IP
82.163.176.120:443
ASN
#34119 Wildcard UK Limited

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuercPanel, Inc.
Subjectavmrnitf.online
FingerprintD2:54:DD:A0:F7:F7:B7:F6:52:3A:6A:80:67:77:FE:80:33:C4:B7:EF
ValidityMon, 06 Nov 2023 00:00:00 GMT - Sun, 04 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2306), with no line terminators
Size
2.2 kB (2198 bytes)
Hash
550210dd8ba1a96426239ed2a75a86e3
57e8710fc8b48bd7d3573a4546439c1031cfcb0a
312945127418e7d89d056105521e8208906f6c9244cc1df01e5b48b36f294f17

HTTP Headers

GET /js/scripts.js HTTP/1.1
Host: avmrnitf.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Aug 2023 20:09:06 GMT
cache-control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
expires: Mon, 25 Dec 2023 13:55:28 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

sig-colombia.digital/images/loading_logo.svg

172.67.214.244

404 Not Found

0 B

URL GET HTTP/2
sig-colombia.digital/images/loading_logo.svg
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/loading_logo.svg HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Fc9ED0z9aoJnMXVHnM%2BmwKrQlOdEnvojL5ry3TFkP3yqqFjyOkI2MLMYhJs8ah3Zop7NutjnfysGcU9N%2BPzOZPZVLjvPbhrYzQboFZU25B9HrW15ij5wbeCtvM9l3GCjENTMCNrQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63b65ffd5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

avmrnitf.online/prub2.php?p

82.163.176.120

200 OK

71 kB

URL GET HTTP/2
avmrnitf.online/prub2.php?p
IP
82.163.176.120:443
ASN
#34119 Wildcard UK Limited

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuercPanel, Inc.
Subjectavmrnitf.online
FingerprintD2:54:DD:A0:F7:F7:B7:F6:52:3A:6A:80:67:77:FE:80:33:C4:B7:EF
ValidityMon, 06 Nov 2023 00:00:00 GMT - Sun, 04 Feb 2024 23:59:59 GMT

File type

Size
71 kB (70977 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /prub2.php?p HTTP/1.1
Host: avmrnitf.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0
expires: Sat, 25 Nov 2023 13:55:27 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

avmrnitf.online/js/script19.js

82.163.176.120

200 OK

19 kB

URL GET HTTP/2
avmrnitf.online/js/script19.js
IP
82.163.176.120:443
ASN
#34119 Wildcard UK Limited

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuercPanel, Inc.
Subjectavmrnitf.online
FingerprintD2:54:DD:A0:F7:F7:B7:F6:52:3A:6A:80:67:77:FE:80:33:C4:B7:EF
ValidityMon, 06 Nov 2023 00:00:00 GMT - Sun, 04 Feb 2024 23:59:59 GMT

File type

Size
19 kB (18813 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/script19.js HTTP/1.1
Host: avmrnitf.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 06 Nov 2023 22:12:48 GMT
cache-control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
expires: Mon, 25 Dec 2023 13:55:28 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

sig-colombia.digital/fonts/opensans/CIBFontSans-Light.ttf

172.67.214.244

200 OK

111 kB

URL GET HTTP/3
sig-colombia.digital/fonts/opensans/CIBFontSans-Light.ttf
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 33 names, Macintosh, Copyright (c) 2019 by Vasava Studio. All rights reserved.\011CIBFont SansLight1.300;UKWN;CIBFont\012- data
Size
111 kB (110612 bytes)
Hash
69096387df83ff65381f8ee25006b0aa
89689ed7f7547a3815d9fa2d0a2c11513480086e
decf1c3cb09b3e38d867e0d5cf648220584404c9cf8d18a6c51bdfa2af5047cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/opensans/CIBFontSans-Light.ttf HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://appscvrtlbnc.at.ua
DNT: 1
Connection: keep-alive
Referer: https://sig-colombia.digital/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 25 Nov 2023 13:55:29 GMT
content-type: font/ttf
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:29 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BKucm0cuIevBq6a8lOa0T3u2P%2FL3NKjxUm4nsj6LvB0%2FLaOmcGAC8hW9SnyBxE8R0zlT6hSr9l46IjDz7cwlc2zIZK5VwP8cXAPjz2KBDhTK75GLgY7j87h5FWFb5ulr5ZIFzERx2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63ba4ef5b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sig-colombia.digital/fonts/iconfonts/icon_font_bc.ttf?61jkgi

172.67.214.244

200 OK

32 kB

URL GET HTTP/3
sig-colombia.digital/fonts/iconfonts/icon_font_bc.ttf?61jkgi
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icon_font_bc\012- data
Size
32 kB (31976 bytes)
Hash
8c9559a3d94688605d1d5e1cf68d5ae0
5c2b8fb865aefcc42f119542faa12bcaeaefbb3a
ad0f43b7fd52d2f1574ba930c85ce401f95d69e21ad997ffe8e7ad98fec2ffda

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/iconfonts/icon_font_bc.ttf?61jkgi HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://appscvrtlbnc.at.ua
DNT: 1
Connection: keep-alive
Referer: https://sig-colombia.digital/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 25 Nov 2023 13:55:29 GMT
content-type: font/ttf
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:29 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6itL7CoBsDNXBtohNt16nl%2FH%2BWoCYd7dGWxZc73pc01N4d5Aw9jVS8kNkoapYlZOZ0OiDqtNGF3soSEV6HkmelSZhTkfz%2BDmLRDhtCVaKKYBoEUzYUtcGjPqQLxzAmFKnw%2FSi5lSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63ba4ef7b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sig-colombia.digital/css/tc.css

172.67.214.244

200 OK

2.6 kB

URL GET HTTP/2
sig-colombia.digital/css/tc.css
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
ASCII text, with very long lines (2951), with no line terminators
Size
2.6 kB (2580 bytes)
Hash
bb6be22335d22823d736c810cf1741e9
dad831514910542f63995151474efab06f0ebcc3
42a326039bcb36a686d19a8746de490b61cd82659ab425467fe5ed2edacef701

HTTP Headers

GET /css/tc.css HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgbXvhZZ0lNHR5xfnI5lvM34QI%2F2jMNfK1Cf0TldHTztpeuUKNAlltw3mvwGmcpnWMADIv0sywvWogiIYyT0XEVMVpwlTZ%2BcdFzTCAYVf3w1UEPNHb5QBFw3PxDY7BN7OMQtmYeHCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ba63b658035695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sig-colombia.digital/images/logo.svg

172.67.214.244

200 OK

7.0 kB

URL GET HTTP/2
sig-colombia.digital/images/logo.svg
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7158), with no line terminators
Size
7.0 kB (7020 bytes)
Hash
25dd9ab906a1090c8148571c89804ff1
9bcc8fa0be2694bb947a3205d19424eba45c3993
801fb30278b9eedb6a6c1e9c87b6cb2c5d03765ed74d2e75fc931e52b998707b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /images/logo.svg HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sczPq%2F92y5brNWC6xrpbc7Y3wr1eT3c02W%2BXUyaJsCJXviS7xthUKclRw1TMPDW%2BZTeH%2F272JqF1nvwn7o50Ej9IwYn4WIeYwgDc8wryfjWsxa8BA53ow7GihnQZctCpVzdLKWq6FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ba63b65fed5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sig-colombia.digital/fonts/opensans/OpenSans-Regular.ttf

172.67.214.244

200 OK

217 kB

URL GET HTTP/3
sig-colombia.digital/fonts/opensans/OpenSans-Regular.ttf
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegular1.10;1ASC;OpenSans-R\012- data
Size
217 kB (217276 bytes)
Hash
d7d5d4588a9f50c99264bc12e4892a7c
513966e260bb7610d47b2329dba194143831893e
13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bancolombia

HTTP Headers

GET /fonts/opensans/OpenSans-Regular.ttf HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://appscvrtlbnc.at.ua
DNT: 1
Connection: keep-alive
Referer: https://sig-colombia.digital/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 25 Nov 2023 13:55:30 GMT
content-type: font/ttf
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:29 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HwUgZK1oikwAVm6U5aTaC6glm7ZoUwwIPm3NCJdNfScv3NqmYtM1Z%2BI71MdaWfOWrUbmsuyguIcA6iXn7UiTa%2B1X1zzlB5QWqj8GNpPUo6THFYa3h1Prkd7yyTNObUCLyUjNv2VNZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ba63ba4ee8b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sig-colombia.digital/fonts/iconfonts/icon_font.css

172.67.214.244

200 OK

116 kB

URL GET HTTP/2
sig-colombia.digital/fonts/iconfonts/icon_font.css
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
ASCII text, with very long lines (332)
Size
116 kB (115596 bytes)
Hash
258ef42315f568620836203f8caecb9e
9a99886a366bf9474f88454413cb373b5f897583
2feb45fa6a6302ded548052d47a2b687e7ed0914a7990420406dffc8f181aae3

HTTP Headers

GET /fonts/iconfonts/icon_font.css HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BBH9LAms7IV81VHIa%2FjEZUOJlsHnvMLkOlKfd0qbXtJxI%2FSsjBoqrQaaMXvObphbiFVJ9EJNFxUM41nvRMAdpyp1n7n%2FwSKREkDQpy9p91Iy%2BfvM8EREh34B3QxY8AtXmUCfemhPpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ba63b65fff5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sig-colombia.digital/css/app.css

172.67.214.244

200 OK

8.2 kB

URL GET HTTP/2
sig-colombia.digital/css/app.css
IP
172.67.214.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsig-colombia.digital
Fingerprint97:42:F4:4E:4B:E4:B7:F2:F1:4E:71:B4:C8:FE:A3:6B:32:60:DC:56
ValidityTue, 10 Oct 2023 16:06:12 GMT - Mon, 08 Jan 2024 16:06:11 GMT

File type
ASCII text, with very long lines (8193), with no line terminators
Size
8.2 kB (8155 bytes)
Hash
279a6231a7d7ade76eeeacf68ecc28f6
d3addb90feeddfa9442952aa4bbaafdb81a5dcd6
d1d179b827a4e8107f331ab90824602806cdd256fb2b25187cc32ee65bea99b0

HTTP Headers

GET /css/app.css HTTP/1.1
Host: sig-colombia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 13:55:28 GMT
last-modified: Sat, 14 Jan 2023 20:27:50 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQoMxDL1eC%2B0H4RTgsAzdT8ZitBzmL%2B9r2i9aCQ4AbT69GaReZmfw%2BSdKdrXUvlosJxU%2FzMhnkxh67G6MeFtHE3j8IUbsmKH8lwwZ6ck%2BGPtO3Y8btWPgbGrnG3ztJ8a1q9N2pHaEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ba63b65fea5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

avmrnitf.online/js/script1.js

82.163.176.120

200 OK

257 B

URL GET HTTP/2
avmrnitf.online/js/script1.js
IP
82.163.176.120:443
ASN
#34119 Wildcard UK Limited

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuercPanel, Inc.
Subjectavmrnitf.online
FingerprintD2:54:DD:A0:F7:F7:B7:F6:52:3A:6A:80:67:77:FE:80:33:C4:B7:EF
ValidityMon, 06 Nov 2023 00:00:00 GMT - Sun, 04 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
257 B (257 bytes)
Hash
0b1d154fe6581876e7f3a7d7ac43f733
4fb55b8beb4286d89457746f10c055b41920562f
af6e5169d1fd4a6b60e8137d2eaf2cff0ae6338da673419dcffcfb5746d811cd

HTTP Headers

GET /js/script1.js HTTP/1.1
Host: avmrnitf.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 25 Nov 2023 13:55:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 29 Oct 2023 04:30:00 GMT
cache-control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
expires: Mon, 25 Dec 2023 13:55:28 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Arimo:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap

142.250.74.106

200 OK

20 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Arimo:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://appscvrtlbnc.at.ua/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text
Size
20 kB (20220 bytes)
Hash
6ce12b8ef59366db84fc0147682f033e
d2c98bb24956c28c4d8fc786e538898a3cce3241
a7f19399a82fa92c7384ef192f33f98272d5c2ca1fa53e990bdf4b224b3ac02d

HTTP Headers

GET /css2?family=Arimo:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://appscvrtlbnc.at.ua/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 13:55:28 GMT
date: Sat, 25 Nov 2023 13:55:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN