Report - galiciacgu.ar/

Report Overview

Submitted URL
galiciacgu.ar/
IP
54.237.128.192
ASN
#14618 AMAZON-AES
Submitted
2024-03-29 06:11:32
Access
public
Website Title
Galicia
Final URL
galiciacgu.ar/cgu
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-03-28	338 B	863 B	143.204.53.97
galiciacgu.ar	unknown	2023-10-05	2023-10-12	2024-02-26	33 kB	509 kB	54.237.128.192
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-03-28	2.2 kB	426 kB	142.250.74.168
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-03-29	1.1 kB	59 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-03-29	1.7 kB	220 kB	142.250.74.106
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-03-28	738 B	386 B	216.239.34.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia
2024-03-28	medium	galiciacgu.ar/	Banco Galicia

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	galiciacgu.ar/sandbox%20eval%20code	147 B	2023-04-11	2024-04-29
Pretty URL galiciacgu.ar/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-29 06:25:49 Times Seen343055 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PXC7WZ	306 kB	2024-03-29	2024-03-29
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PXC7WZ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 07:11:34 Last Seen2024-03-29 07:11:35 Times Seen2 Hash 13ad7449d457841b9a8272713f095a9b 83b3ea923fe29aa65cce1397f64584455378402a 9b744d5aeefa9b8016a731482930735472ec820fe90e2c61f025ff604ab5baf1 Loading...

	www.googletagmanager.com/gtag/js?id=G-FX0Z8DW3TM&l=dataLayer&cx=c	270 kB	2024-03-29	2024-03-29
Pretty URL www.googletagmanager.com/gtag/js?id=G-FX0Z8DW3TM&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 07:11:34 Last Seen2024-03-29 07:11:35 Times Seen2 Hash 34789fdf098da54f84941c233d6fcebc 1747c8159c960ed1e716e07272ea182a4572f4e1 815d1e91060da672769322ec1cfa9bafa2c006cf389f54f0a88cdcabd6872f87 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-K56P7CZ&l=dataLayer	214 kB	2024-03-29	2024-03-29
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-K56P7CZ&l=dataLayer IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 07:11:34 Last Seen2024-03-29 07:11:35 Times Seen2 Hash ad021ffec13f3a859cb78ef6dc713ed6 df7af54ba3a83bc2dc5090c8be5a7fc6b361b9e3 f6da9e5b66c4cbf3128d54b815a2c4aee61225a16b59b4e92c4e230cd037774d Loading...

	galiciacgu.ar/cgu	354 B	2024-03-29	2024-04-26
Pretty URL galiciacgu.ar/cgu IP 54.237.128.192 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 07:11:34 Last Seen2024-04-26 19:24:46 Times Seen4 Hash 9d05d41ea07b672cd8ab4df4ac8072d5 81604045e66b6cbca27acfd52aeb5db6edcdb161 b3487eb5f1aed7124a2ba4d98c5a508a7836680e1f0967c7acb0ac84c08770ba Loading...

	www.googletagmanager.com/gtag/js?id=UA-64187909-3	208 kB	2024-03-29	2024-03-29
Pretty URL www.googletagmanager.com/gtag/js?id=UA-64187909-3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 07:11:35 Last Seen2024-03-29 07:11:35 Times Seen2 Hash 73cf1427f22a70e325f6864c343151c8 dfcce6fe666cefdd9606b410fde51773cbb13499 9b16ef9847671c71989f4657ff928565793a64b8cdf527e258ce75b9c7a52380 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-29
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-29 06:25:49 Times Seen342554 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	galiciacgu.ar/js/landing/landing.js	592 B	2023-07-29	2024-04-26
Pretty URL galiciacgu.ar/js/landing/landing.js IP 54.237.128.192 ASN #14618 AMAZON-AES Introduced by AsyncFunction Embedded in HTML false Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen17 Hash 42369a20ff5c56a4235cd5330078194a c69cabc6a85dbedf2e2a8dca00a345924cf87696 04f82b3f5eaa727227d4e8a4c860edcabb141c121611028ca933b6c09ad649b1 Loading...

	galiciacgu.ar/js/landing/landing.js	140 B	2023-07-29	2024-04-26
Pretty URL galiciacgu.ar/js/landing/landing.js IP 54.237.128.192 ASN #14618 AMAZON-AES Introduced by AsyncFunction Embedded in HTML false Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen17 Hash e5fded0ce97b276ce21819a725a49fea 5dc4b8a4d6fa45e55bc2fe5a9cea3fe403e55db8 e1eb1ac7971adc614a68c4daa06d9350b9927493953f52fb3e178a2ce16ca3e5 Loading...

	galiciacgu.ar/cgu	174 B	2023-07-29	2024-04-26
Pretty URL galiciacgu.ar/cgu IP 54.237.128.192 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen17 Hash 752c4e3ad8ec9b3a9a9ddd45f5cf2ddf ce7ee41da0f48ade907848eda9806dca4fbb426e 8c84857cb9915f14be5b3427f26f3e504b2cb74df19952deb63fc62e98d13fd3 Loading...

	galiciacgu.ar/js/landing/landing.js	139 B	2023-07-29	2024-04-26
Pretty URL galiciacgu.ar/js/landing/landing.js IP 54.237.128.192 ASN #14618 AMAZON-AES Introduced by AsyncFunction Embedded in HTML false Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen17 Hash 1cbde83c585f0027411b707f49e9aad0 618adb549de5d3c42707ba129d0f774f6bb3ba35 8383710f43f432a771f3c7d423156865efd19594d631597076ec65df2019fc2c Loading...

	www.googletagmanager.com/gtag/destination?id=DC-9017705&l=dataLayer&cx=c	205 kB	2024-03-29	2024-03-29
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-9017705&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 07:11:35 Last Seen2024-03-29 07:11:35 Times Seen2 Hash fd759769c139c46726ac08fdb47641d1 e77f70a78115af4065b99274ddbbc563fdbbab49 cbe1130dc971bbb0a67852d1f8d47dc09aea0bbbf22673eca3ab7f6badd87d2c Loading...

	galiciacgu.ar/js/landing/landing.js	250 kB	2023-12-29	2024-04-26
Pretty URL galiciacgu.ar/js/landing/landing.js IP 54.237.128.192 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-29 15:48:08 Last Seen2024-04-26 19:24:46 Times Seen13 Hash 4bd3c1fbe943fbb82748dbad1f25ee6b 22bf6706e9b51835c2e5c89bc2e8719ac25a47bb f92712808c7546c2c1f00abdf03c754e4366be232a3251e016c81a3e6d1e7d35 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ce9103ca9d7b322c21fd8ec3ab671f0a	62 B	2023-07-29	2024-04-26
Pretty Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen17 Hash ce9103ca9d7b322c21fd8ec3ab671f0a 06d8f3eae2933253ff26cda31b72fbf3a5c33b9d f21f2843816d60f1b9c14eed1874bb1cf6e2d2aa4a0a06f71c9121fd084631ed Loading...

	#2 Eval - 9ac0b4708663724dffb4c6f2b814a6df	87 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-29 06:22:23 Times Seen4637 Hash 9ac0b4708663724dffb4c6f2b814a6df 7faabe0595feb52fef2eb924693458608d16a66e aab310ed9d84ead154e032927d4a74c007f4b03655f5596b12339ea61881ba4e Loading...

	#3 Eval - 244559a1828615b6fd5e506856bfd201	227 B	2023-07-29	2024-04-26
Pretty Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen17 Hash 244559a1828615b6fd5e506856bfd201 e1d0396fd83616420446b60c1557b2f6badf9fa3 4cb4dffd88e1b195f04033992df5b3128f628f40c58be87763a1159404280298 Loading...

	#4 Eval - deaf127be6068d770ff419f51162ab4c	227 B	2023-07-29	2024-04-26
Pretty Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen16 Hash deaf127be6068d770ff419f51162ab4c a98a961321a5cc285acf110b964ffbf058527494 4f9b0ac720fbfaede3e83384e8de9ec3ba384d04cc576a243dbd1b82c67578c5 Loading...

	#5 Eval - 4e5734e070d0cd16be431f06a737cd51	326 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:04:51 Last Seen2024-04-26 19:24:46 Times Seen36 Hash 4e5734e070d0cd16be431f06a737cd51 e663e5b2f4dd082874b87f93c96d764b15da70a5 aa19bdf77030bf7ef26bd86a4155f1bab9e643442f5faa7bdfd24bd07dcd9691 Loading...

	#6 Eval - bcbda7fb559c92cdff8eb46eddb1ed95	224 B	2023-12-14	2024-04-26
Pretty Observations First Seen2023-12-14 14:49:28 Last Seen2024-04-26 19:24:46 Times Seen13 Hash bcbda7fb559c92cdff8eb46eddb1ed95 e400ebb91abfaf6825e7bd3a71126e5ae6b8038b 25ed4dd9c06508f2c24b10dd20a912f3d71d360301494da32b3691d1aa34e278 Loading...

	#7 Eval - 5773eb09c0cae44c19cd1bfe78ece210	196 B	2023-07-29	2024-04-26
Pretty Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen17 Hash 5773eb09c0cae44c19cd1bfe78ece210 ce6c5a7cdcf293f9364237c52b1f9f98dccba9b4 56a7a0aeda05540ab9ecbdb3e4371cbf722818db0a4ac2e1a0a459d9fc580c2c Loading...

	#8 Eval - 083d5ef1c1857b700a7cbbe2531c7101	196 B	2023-07-29	2024-04-26
Pretty Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen16 Hash 083d5ef1c1857b700a7cbbe2531c7101 867f5857781b974f7eed2a714a7068796478c3ff 3f4456fbc1cbd5714b5ea0810583adbafb67110b0c067e1db2888fc31911c16c Loading...

	#9 Eval - 530d5f7c9746985e79bfa6da06947a4d	227 B	2023-07-29	2024-04-26
Pretty Observations First Seen2023-07-29 10:18:59 Last Seen2024-04-26 19:24:46 Times Seen16 Hash 530d5f7c9746985e79bfa6da06947a4d f62ad5b33bf821499e1f0839016c85bd6e67c8c0 342c936e043ab09651207fdd85162e3d98f0233e2cbdf1e6ec221cf6e7bf3290 Loading...

HTTP Transactions (41)

URL IP Response Size

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b5e3163e98f6875b57e67b1afdf57d65
0c6d206d4a48d16821f98ab70b4f887a054f690a
0710e81ad4870be99b292b822a67bb2069a0f45363705d40b41350fe8ba71054

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Fri, 29 Mar 2024 06:11:05 GMT
Server: ECAcc (amb/6B12)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u9sJ4YrzQX_lqq7uQcKYBbrNoIX3LNh46BBTE-F46j-4X_y7uFfb-A==

galiciacgu.ar/images/galicia/logo-galicia.svg

54.237.128.192

200 OK

12 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/logo-galicia.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
12 kB (12547 bytes)
Hash
ff34f8818d46be9a803475951ff553c5
07ecee32da83a9bb4e4c51b0dfa98e8406d02e24
6ac22257f232a796c7532ed3cdc9eea5f8f9dad45d8124c591a6001b9206aad3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/logo-galicia.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/svg+xml
content-length: 12547
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Fri, 06 May 2022 18:50:21 GMT
etag: "3103-5de5c549b26cf"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-64187909-3

142.250.74.168

200 OK

76 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-64187909-3
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
76 kB (75586 bytes)
Hash
73cf1427f22a70e325f6864c343151c8
dfcce6fe666cefdd9606b410fde51773cbb13499
9b16ef9847671c71989f4657ff928565793a64b8cdf527e258ce75b9c7a52380

HTTP Headers

GET /gtag/js?id=UA-64187909-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 29 Mar 2024 06:11:06 GMT
expires: Fri, 29 Mar 2024 06:11:06 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75586
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/move-app-cgu.png

54.237.128.192

200 OK

40 kB

URL GET HTTP/2
galiciacgu.ar/landing/images/move-app-cgu.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 258 x 498, 8-bit/color RGBA, non-interlaced
Size
40 kB (40135 bytes)
Hash
36bc1d0741de76a14731a7a3bb347cda
7c85d7eb1e2d6c408f603e7049dfccdd653765e6
2be987531e3186de6280d70b9504c1bb8580575e0b6b337fbf95330d145f78c8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/move-app-cgu.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 40135
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 02 Mar 2021 16:05:31 GMT
etag: "9cc7-5bc8fe75a8e88"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/saving-piggy-dollars.svg

54.237.128.192

200 OK

2.9 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/saving-piggy-dollars.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2886 bytes)
Hash
b3692760c0f69a5d93c84d88a39b1c67
04b34014b12c9e933321cb841d6b6613ac19a3a2
2cd0c5926e4ae7184b82936eba62ca4d57f7a4948ca0cb4a59ff153ec236b036

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/saving-piggy-dollars.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/svg+xml
content-length: 2886
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Fri, 06 May 2022 18:50:21 GMT
etag: "b46-5de5c549b26cf"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/credit-card-1.svg

54.237.128.192

200 OK

1.4 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/credit-card-1.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1368 bytes)
Hash
e5de0a2da9f032552a5407e4d7c45db0
4559a9e5722b1f87331d39d994c4c717ae6b4b41
8d2c9cad8aaa54c706da774d88db83a477ea421c407c6d19058d0824947a70b4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/credit-card-1.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/svg+xml
content-length: 1368
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Wed, 13 Dec 2023 13:01:06 GMT
etag: "558-60c63c29a63ca"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/ordena-tus-gastos.png

54.237.128.192

200 OK

672 B

URL GET HTTP/2
galiciacgu.ar/landing/images/ordena-tus-gastos.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
672 B (672 bytes)
Hash
f580112f044bdd55a060d2f7572f6a13
8b2fab0198578775f03c235199bd2972c1846aac
8a5aed71db62c95fd9d4c9bc09e232a944b247425c0d471791e007e10f79d118

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/ordena-tus-gastos.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 672
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "2a0-5a3ba40b704c5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/hace-todo-online.png

54.237.128.192

200 OK

474 B

URL GET HTTP/2
galiciacgu.ar/landing/images/hace-todo-online.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
474 B (474 bytes)
Hash
a3209b555015855444e13c19f0e4e451
833e060b06b85e84845132d4c1a3e9bd23639858
901b8df1c8efd9646a2ece1ff7157c27646e2ce9530d4f1f879530872f78b0e1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/hace-todo-online.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 474
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "1da-5a3ba40b60ac5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/css/landing/landing-galicia.css

54.237.128.192

200 OK

15 kB

URL GET HTTP/2
galiciacgu.ar/css/landing/landing-galicia.css
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (61503)
Size
15 kB (14745 bytes)
Hash
96a929052aff9897099e00ba8c394376
d45fe0672875fc0ebb7a44648a03d7222ae87127
0a3aa4c45914358e96355bcbde1a70b168a712a5193c83bfbab5c4aab4f5fa9e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /css/landing/landing-galicia.css HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: text/css
content-length: 14745
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 04 Mar 2024 13:46:14 GMT
etag: "15b89-612d5f2fd4aa5-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/inverti-tus-ahorros.png

54.237.128.192

200 OK

1.1 kB

URL GET HTTP/2
galiciacgu.ar/landing/images/inverti-tus-ahorros.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1132 bytes)
Hash
5ac3ccbc6ea622097eb50c2486f072ea
aeda5c1149482dc3001dda688abecf27e3c19c8a
2d384cb8f2aa36779b7d653b710490916b4ab2c5e88cf296c9a4f6dce4440b25

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/inverti-tus-ahorros.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 1132
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "46c-5a3ba40b704c5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/

54.237.128.192

302 Found

2.7 kB

URL User Request GET HTTP/2
galiciacgu.ar/
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (333)
Size
2.7 kB (2673 bytes)
Hash
5c02aebc1bc59d645b12ea0060a6cabb
85946883b64566d4bd58c2ad2f015ddc8262e5f2
a8e498b79e3e371c9dfc6cecbc1b495b5ab4969c97383bf0bb160cc23ba7046f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET / HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: text/html; charset=UTF-8
location: https://galiciacgu.ar/cgu
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InQ4VURFelRRVHJuamdWOXhhL3d1amc9PSIsInZhbHVlIjoiL2VoZThwQy9NRjV0YVpUTDBHc0pjTUxSMGlDQ1o4eis2YzE5UlJWM1RoOFB4SWhBbjFjUXZFa3RZcVEvYlZCWDJta1RRMzhSRmw5TWdHZ2dtSnFHb2xtZWtMTUthL1E1d1pRb3g4Y0ZabHhubkVWUmp4aUlmdGJ4YlBzNFErZmYiLCJtYWMiOiI3NDM4N2ZmZDg1MjU4ZjVhOWJhZThiOTBlMjMwNjM1ODIyYmVkYmY1MzBiODYwMzE4MDM1NTYyMGFmNWI0ZWFlIiwidGFnIjoiIn0%3D; expires=Fri, 29 Mar 2024 08:11:06 GMT; Max-Age=7200; path=/; secure; samesite=lax
galiciamove_session=eyJpdiI6IkkyTWExTlhsdktaTmFlOFJ4NllxTUE9PSIsInZhbHVlIjoiaERkckc3OEdsemRhQ1JQRVgveWlpNXp1SmpUbUpEdzBOSEozNk5iV21PTDFvN05ia0tySDc4SElWby9hbnNtQlVDU09MMmJDelFDSnkrVUY4OTRtOWY5alpTN3lHQVBqQzVpQk53bXMxSVR5Ull1TlRaK0VzbkU3VGVVcnNnZXciLCJtYWMiOiIyNDEzZDE4Njk2ODgzZTFkMzYxZDhjZGVhNDZhODE1ZjczZjMyMjk4MGJkMzhkNjllYWMxMzYwMmRlM2MzNmQzIiwidGFnIjoiIn0%3D; expires=Fri, 29 Mar 2024 08:11:06 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/phone-app.png

54.237.128.192

200 OK

25 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/phone-app.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 192 x 341, 8-bit/color RGBA, non-interlaced
Size
25 kB (24601 bytes)
Hash
46a9ca4c609739cbfbfe476e3c68c874
9a5a74bd6d0f739b650698a0be8962ff1d15c2c3
53cba88cae85d2a11fc3693a15a10c1a9d5d2677b25f6f087a6b8ac2b29c1a2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/phone-app.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 24601
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "6019-5a94ee3ca2614"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/hace-todo-sin-pisar-una-sucursal.png

54.237.128.192

200 OK

895 B

URL GET HTTP/2
galiciacgu.ar/landing/images/hace-todo-sin-pisar-una-sucursal.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
895 B (895 bytes)
Hash
d0acc5b0bbdc43dd50dd2d0b2eb32576
1aa9e187b2b7b1557d4cfa5bcc3285c650a66ab7
d141b66bbaef43dff727297077b14a27847ea55d76a109fc86f8898933f84b02

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/hace-todo-sin-pisar-una-sucursal.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 895
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "37f-5a3ba40b60ac5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/ahorros-en-tus-compras.png

54.237.128.192

200 OK

1.1 kB

URL GET HTTP/2
galiciacgu.ar/landing/images/ahorros-en-tus-compras.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1077 bytes)
Hash
c9a0e05726cf3d0156c1de4cb4d34d9b
c12b219279ef1815c4abb8d97c9af032ed4ec2e7
e9f11131ee8e8d2fe74520e48fd0b122dd79c658102cd50bd891d916553270df

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/ahorros-en-tus-compras.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 1077
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "435-5a3ba40b60ac5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/formulario.png

54.237.128.192

200 OK

5.1 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/formulario.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 102 x 100, 8-bit/color RGBA, non-interlaced
Size
5.1 kB (5130 bytes)
Hash
72132733d0c28d23878a2284942111f1
84079069c8961c8312a4defc3dc624a8f899a803
ca9ad07fd6681ad311946634716f0ed45d7761cc56b78a6645dbb9039585a346

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/formulario.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 5130
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "140a-5a94ee3c9a914"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/tu-dinero-en-todos-los-cajeros.png

54.237.128.192

200 OK

738 B

URL GET HTTP/2
galiciacgu.ar/landing/images/tu-dinero-en-todos-los-cajeros.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
738 B (738 bytes)
Hash
37ef7ecb588112b2d168d93c2b5154ab
da44a7fba3b8cac5ffffaf8c0e25a502ac4c7011
8d3da633c04f44cb49d2dfc0057c220a77e08acad89d4f9d47bf1b3a8ec328b2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/tu-dinero-en-todos-los-cajeros.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 738
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "2e2-5a3ba40b84ce5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/selfie.png

54.237.128.192

200 OK

5.8 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/selfie.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 101 x 109, 8-bit/color RGBA, non-interlaced
Size
5.8 kB (5764 bytes)
Hash
24ea8c02d7877e59adf1f7be4d4170e0
3050df0eea4740f64cd83a5f31fc6618eb0d5daa
bbf29a2416b0152e6d76dff5d9c09d1bf203d6a60fe0b921c47ad28564de7681

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/selfie.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 5764
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "1684-5a94ee3ca35b4"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/atencion-digital.png

54.237.128.192

200 OK

934 B

URL GET HTTP/2
galiciacgu.ar/landing/images/atencion-digital.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
934 B (934 bytes)
Hash
fb76a8f496cd2acbb2bf04947568f2c1
31110fcf19b023ed14f76e8b3d3f0c3fcbaabe91
c5adbd67b274d543dd28f62116802080cf12dd9151bb122ff1bda1ad77976ec9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/atencion-digital.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 934
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "3a6-5a3ba40b60ac5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/galicia-visa-debito.jpg

54.237.128.192

200 OK

21 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/galicia-visa-debito.jpg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 270x170, components 3
Size
21 kB (21044 bytes)
Hash
fb233fd714aed8fce24dbfe3b719d934
cb906a371bb2d1341bf367d41db2c11983a421b3
ca2f36c04d50457bb38a7ef445c87ef13f545f27d3c896b500b465b7c570975e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/galicia-visa-debito.jpg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/jpeg
content-length: 21044
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "5234-5a94ee3c9a914"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/tarjeta.png

54.237.128.192

200 OK

7.4 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/tarjeta.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 102 x 121, 8-bit/color RGBA, non-interlaced
Size
7.4 kB (7383 bytes)
Hash
6929733eed2407ffaaab5b867c72ac05
535dd308b45858c182763e9fbdeb7da07c7a5ddd
70066ecd234880122706633877af842e79601e48ed87b90e553cd1612d5a4838

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/tarjeta.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/png
content-length: 7383
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "1cd7-5a94ee3ca4554"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PXC7WZ

142.250.74.168

200 OK

103 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-PXC7WZ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (29208)
Size
103 kB (102877 bytes)
Hash
13ad7449d457841b9a8272713f095a9b
83b3ea923fe29aa65cce1397f64584455378402a
9b744d5aeefa9b8016a731482930735472ec820fe90e2c61f025ff604ab5baf1

HTTP Headers

GET /gtm.js?id=GTM-PXC7WZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 29 Mar 2024 06:11:07 GMT
expires: Fri, 29 Mar 2024 06:11:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102877
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21564, version 1.0
Size
22 kB (21564 bytes)
Hash
73aaa95eab3115ea5a1e5c1cf16ea645
2f00c608a688cd2b2e6ad37637726b0e081da1c7
2301bb030a2bcaa9c763cc4771bd717aac16709c29eaba00673fcbe7cdf99a59

HTTP Headers

GET /s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://galiciacgu.ar
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:34:35 GMT
expires: Fri, 28 Mar 2025 17:34:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 45392
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35448, version 1.0
Size
35 kB (35448 bytes)
Hash
5c138044f30b8c78119264cd744e686a
7605e014180d49087785350bd1906c16c389690d
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445

HTTP Headers

GET /s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://galiciacgu.ar
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35448
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:27:03 GMT
expires: Fri, 28 Mar 2025 17:27:03 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Jun 2023 16:14:39 GMT
content-type: font/woff2
age: 45844
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Quicksand:500

142.250.74.106

200 OK

203 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Quicksand:500
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
gzip compressed data, max compression
Size
203 kB (202703 bytes)
Hash
41985ef9c69303a38a4a3e03400488fc
c05ba9ccdf667818c04b536681ca399b922614a6
1c3c10e0d627d3c6e9a7d7cfbe75b19ea74c785d865fc83a1b0d72439855cf73

HTTP Headers

GET /css?family=Quicksand:500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 29 Mar 2024 06:11:07 GMT
date: Fri, 29 Mar 2024 06:11:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FX0Z8DW3TM&l=dataLayer&cx=c

142.250.74.168

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FX0Z8DW3TM&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7853)
Size
93 kB (93057 bytes)
Hash
34789fdf098da54f84941c233d6fcebc
1747c8159c960ed1e716e07272ea182a4572f4e1
815d1e91060da672769322ec1cfa9bafa2c006cf389f54f0a88cdcabd6872f87

HTTP Headers

GET /gtag/js?id=G-FX0Z8DW3TM&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 29 Mar 2024 06:11:07 GMT
expires: Fri, 29 Mar 2024 06:11:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93057
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

galiciacgu.ar/landing/images/arrow-left.svg

54.237.128.192

200 OK

454 B

URL GET HTTP/2
galiciacgu.ar/landing/images/arrow-left.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
454 B (454 bytes)
Hash
3f909aca073d985964b951990e9a757a
db28d082f6a271f80633e9466661402a84065be8
427f0671e2b9a9c219de75cb01934c155cd86e94ddabc650b5f944fe093d189d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/arrow-left.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/css/landing/landing-galicia.css
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:07 GMT
content-type: image/svg+xml
content-length: 454
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Fri, 06 May 2022 18:50:21 GMT
etag: "1c6-5de5c549b55af"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/landing/images/arrow-right.svg

54.237.128.192

200 OK

488 B

URL GET HTTP/2
galiciacgu.ar/landing/images/arrow-right.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
488 B (488 bytes)
Hash
49ddb210a9a44896f8286dfa5a049157
a9e25e4066d77d44d8886f4039d8a346afe8c73f
f1e2c27dcc925155adcaefa56b11b3b583c2c35ba76f48c46cad0edf5c5aaec4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/arrow-right.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/css/landing/landing-galicia.css
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:07 GMT
content-type: image/svg+xml
content-length: 488
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Fri, 06 May 2022 18:50:21 GMT
etag: "1e8-5de5c549b55af"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-K56P7CZ&l=dataLayer

142.250.74.168

200 OK

77 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-K56P7CZ&l=dataLayer
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT

File type
JavaScript source, ASCII text, with very long lines (3020)
Size
77 kB (77081 bytes)
Hash
ad021ffec13f3a859cb78ef6dc713ed6
df7af54ba3a83bc2dc5090c8be5a7fc6b361b9e3
f6da9e5b66c4cbf3128d54b815a2c4aee61225a16b59b4e92c4e230cd037774d

HTTP Headers

GET /gtm.js?id=GTM-K56P7CZ&l=dataLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 29 Mar 2024 06:11:07 GMT
expires: Fri, 29 Mar 2024 06:11:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77081
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=DC-9017705&l=dataLayer&cx=c

142.250.74.168

200 OK

75 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/destination?id=DC-9017705&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT

File type
JavaScript source, ASCII text, with very long lines (2614)
Size
75 kB (74668 bytes)
Hash
fd759769c139c46726ac08fdb47641d1
e77f70a78115af4065b99274ddbbc563fdbbab49
cbe1130dc971bbb0a67852d1f8d47dc09aea0bbbf22673eca3ab7f6badd87d2c

HTTP Headers

GET /gtag/destination?id=DC-9017705&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 29 Mar 2024 06:11:07 GMT
expires: Fri, 29 Mar 2024 06:11:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74668
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

galiciacgu.ar/landing/images/instagram-icon.svg

54.237.128.192

200 OK

1.5 kB

URL GET HTTP/2
galiciacgu.ar/landing/images/instagram-icon.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1503 bytes)
Hash
91fb25c88daf08ea717c914847eb21da
96572fb6797f358637369b59e1673d092a33474b
32a75ee067f6cd74a341d9b6b93259307909fb5f8de22bbeffa2345b0e1285ca

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /landing/images/instagram-icon.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:07 GMT
content-type: image/svg+xml
content-length: 1503
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 20 Apr 2020 15:07:08 GMT
etag: "5df-5a3ba40b704c5"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/mail-icon.svg

54.237.128.192

200 OK

381 B

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/mail-icon.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
381 B (381 bytes)
Hash
2b2a0b4775d353e8215c008f7339b33c
03cd47b51ae4e0480934b2886b7674ce5e5dd637
8c27c66a166fe876ac24ba61980a2b779a8d95e0e1cab9ea4c1971495f515fbd

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/mail-icon.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:07 GMT
content-type: image/svg+xml
content-length: 381
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "17d-5a94ee3ca2614"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/js/landing/landing.js

54.237.128.192

200 OK

84 kB

URL GET HTTP/2
galiciacgu.ar/js/landing/landing.js
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65469)
Size
84 kB (84203 bytes)
Hash
4bd3c1fbe943fbb82748dbad1f25ee6b
22bf6706e9b51835c2e5c89bc2e8719ac25a47bb
f92712808c7546c2c1f00abdf03c754e4366be232a3251e016c81a3e6d1e7d35

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /js/landing/landing.js HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:08 GMT
content-type: text/javascript
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Mon, 04 Mar 2024 13:46:15 GMT
etag: "3d012-612d5f30f1d1f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/css/landing/ajax-loader.gif

54.237.128.192

404 Not Found

4.6 kB

URL GET HTTP/2
galiciacgu.ar/css/landing/ajax-loader.gif
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
data
Size
4.6 kB (4645 bytes)
Hash
c9a1bfffe798a80dbda06317fbb706a2
205dfec7e53e0aaf0f44f3dfce66983d4a7f16ee
da7bdb821cf472c69002b00a614a2db1ba0066dfd18d6a03d41aab0395020b4e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /css/landing/ajax-loader.gif HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/css/landing/landing-galicia.css
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1928709371.1711692667; _ga_FX0Z8DW3TM=GS1.1.1711692667.1.0.1711692667.60.0.0; _ga=GA1.1.306282707.1711692667
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Fri, 29 Mar 2024 06:11:09 GMT
content-type: text/html; charset=UTF-8
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
cache-control: no-cache, private
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/img-top.jpg

54.237.128.192

200 OK

202 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/img-top.jpg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1441x726, components 3
Size
202 kB (202259 bytes)
Hash
1bb3acd88c03ee2e23a75d2c8b049a15
28177d238fb1313f98158ac974c4085aba715eac
dc316347050e65f842e21ec73c7b0c7a62a2696c60c7966b2e912f82f55a31e7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/img-top.jpg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/css/landing/landing-galicia.css
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:07 GMT
content-type: image/jpeg
content-length: 202259
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "31613-5a94ee3c9b8b4"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/favicon.png

54.237.128.192

200 OK

1.6 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/favicon.png
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1559 bytes)
Hash
b700b544f2fa87e37e6b728fef00fcb0
c0735fa743392c2f3032c22d241854b88832cdb7
f20a33fd40173f122bec15a105374059fb3ec612d51146485ed84ef0001f2f03

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/favicon.png HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D; _gcl_au=1.1.1928709371.1711692667; _ga_FX0Z8DW3TM=GS1.1.1711692667.1.0.1711692667.60.0.0; _ga=GA1.1.306282707.1711692667
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:09 GMT
content-type: image/png
content-length: 1559
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Fri, 06 May 2022 18:50:21 GMT
etag: "617-5de5c549b26cf"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Rubik:300,400,500,700

142.250.74.106

200 OK

9.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Rubik:300,400,500,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
ASCII text, with very long lines (9636), with no line terminators
Size
9.4 kB (9444 bytes)
Hash
1550e9934ae538ab3fc803a753824478
412dc5882d91a1e2add602112e0c2e281098c160
fc0aa6c6ba464f8b1a18f6bfba070d7e881c9d5c10813abecd9548e227b86056

HTTP Headers

GET /css?family=Rubik:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 29 Mar 2024 06:11:06 GMT
date: Fri, 29 Mar 2024 06:11:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

galiciacgu.ar/images/galicia/landing/cell.svg

54.237.128.192

200 OK

2.3 kB

URL GET HTTP/2
galiciacgu.ar/images/galicia/landing/cell.svg
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.3 kB (2327 bytes)
Hash
b55c46b7206e49c03ae1bab3a2ea004b
5f6d8d01ac5aafa63613d34ba54dfb0e5419435c
ca33505d8e4c437169d0ec3db6befd7a9aafef1831be67125a93576dd9fd1429

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /images/galicia/landing/cell.svg HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/cgu
Cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: image/svg+xml
content-length: 2327
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
last-modified: Tue, 30 Jun 2020 15:32:57 GMT
etag: "917-5a94ee3c9a914"
accept-ranges: bytes
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-FX0Z8DW3TM&gtm=45je43r0v9122498733za200&_p=1711692667072&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=306282707.1711692667&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1711692667&sct=1&seg=0&dl=https%3A%2F%2Fgaliciacgu.ar%2Fcgu&dt=Galicia&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1841

216.239.34.36

204 No Content

0 B

URL GET HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FX0Z8DW3TM&gtm=45je43r0v9122498733za200&_p=1711692667072&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=306282707.1711692667&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1711692667&sct=1&seg=0&dl=https%3A%2F%2Fgaliciacgu.ar%2Fcgu&dt=Galicia&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1841
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /g/collect?v=2&tid=G-FX0Z8DW3TM&gtm=45je43r0v9122498733za200&_p=1711692667072&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=306282707.1711692667&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1711692667&sct=1&seg=0&dl=https%3A%2F%2Fgaliciacgu.ar%2Fcgu&dt=Galicia&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1841 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: *
date: Fri, 29 Mar 2024 06:11:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

galiciacgu.ar/cgu

54.237.128.192

200 OK

14 kB

URL User Request GET HTTP/2
galiciacgu.ar/cgu
IP
54.237.128.192:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectwww.galiciacgu.ar
FingerprintA7:F8:FF:B9:7D:B3:2D:33:35:E2:0B:CD:A8:05:11:6D:8B:E1:22:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type

Size
14 kB (13507 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco Galicia

HTTP Headers

GET /cgu HTTP/1.1
Host: galiciacgu.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InQ4VURFelRRVHJuamdWOXhhL3d1amc9PSIsInZhbHVlIjoiL2VoZThwQy9NRjV0YVpUTDBHc0pjTUxSMGlDQ1o4eis2YzE5UlJWM1RoOFB4SWhBbjFjUXZFa3RZcVEvYlZCWDJta1RRMzhSRmw5TWdHZ2dtSnFHb2xtZWtMTUthL1E1d1pRb3g4Y0ZabHhubkVWUmp4aUlmdGJ4YlBzNFErZmYiLCJtYWMiOiI3NDM4N2ZmZDg1MjU4ZjVhOWJhZThiOTBlMjMwNjM1ODIyYmVkYmY1MzBiODYwMzE4MDM1NTYyMGFmNWI0ZWFlIiwidGFnIjoiIn0%3D; galiciamove_session=eyJpdiI6IkkyTWExTlhsdktaTmFlOFJ4NllxTUE9PSIsInZhbHVlIjoiaERkckc3OEdsemRhQ1JQRVgveWlpNXp1SmpUbUpEdzBOSEozNk5iV21PTDFvN05ia0tySDc4SElWby9hbnNtQlVDU09MMmJDelFDSnkrVUY4OTRtOWY5alpTN3lHQVBqQzVpQk53bXMxSVR5Ull1TlRaK0VzbkU3VGVVcnNnZXciLCJtYWMiOiIyNDEzZDE4Njk2ODgzZTFkMzYxZDhjZGVhNDZhODE1ZjczZjMyMjk4MGJkMzhkNjllYWMxMzYwMmRlM2MzNmQzIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:11:06 GMT
content-type: text/html; charset=UTF-8
server: 
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies: all
feature-policy: fullscreen 'none'; microphone 'none'; geolocation 'self'; camera 'self'
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ik40a3FRQzhEYVVjank3QU5BSUVsVEE9PSIsInZhbHVlIjoiQVpReVMyVGs4YXZUYkFvZFJiMVNlSmFNNzNLeDFONmpqNjgvcWFJTi9NRGx3RWRXZlRqM1lKOVI0QURyTGw2b0hBbjQ4akpvZnZON2hxaVpINTJrSzh3eCtyS1lkUGZBaENxVkVoWldoRU5VQUlhR3lyVitrajhVRDhVY1NBN3QiLCJtYWMiOiIzOGY2YjY4YWY3MDNiZGFhOWQ2OTNhYjU1OGUxZmE5NDcxYjc2MzI3MGJiOTcwYTc2Mjg0ZTVjNWQ5MTMwNTY4IiwidGFnIjoiIn0%3D; expires=Fri, 29 Mar 2024 08:11:06 GMT; Max-Age=7200; path=/; secure; samesite=lax
galiciamove_session=eyJpdiI6Im1aOU94M0dwc2EvampGQmRNc291WHc9PSIsInZhbHVlIjoiTnpxeTEvTzAwNTF1Qng0c1Bpd0F6WFZJaHJKKzZDVnVzMmJGNkdrcHdyNFVrWW9Ed2kvY3dHaEJjRWRRczBSbUdDd0d3UmtabW5kNytnMy9lOWhNZUJHMFlsWG9hZ3gxUmI0UXhqMnJUMUpRT0V6WmZudklrM1Jnb2N0T1BmWkciLCJtYWMiOiJjNDQ1YWUwMTEwYzk5ZmE5MzMzOGE4ZmEzNjQ4NjE3NTAyN2Y1OWEzNWQwZTg1NjgzMTU2NzA5MWNlOWY4ZDliIiwidGFnIjoiIn0%3D; expires=Fri, 29 Mar 2024 08:11:06 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;media-src 'self' data:; default-src 'self' https://*.fls.doubleclick.net https://script.hotjar.com https://vars.hotjar.com;font-src 'self' https://script.hotjar.com fonts.gstatic.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.zoomauth.com https://www.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com/ https://www.facebook.net/ https://connect.facebook.net https://connect.facebook.com https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' data: https://t.co https://googleads.g.doubleclick.net https://googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://*.google.com.ar https://*.google.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://www.googletagmanager.com https://script.hotjar.com ;connect-src 'self' https://galiciamove-tmp-uploads.s3.amazonaws.com https://api.zoomauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net, frame-ancestors 'self';
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Inter:Regular

142.250.74.106

200 OK

2.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Inter:Regular
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
ASCII text, with very long lines (2436), with no line terminators
Size
2.4 kB (2380 bytes)
Hash
65362f802af56b92e51b2874e0d2c139
c6232bdf3efea218a2a404695044ae0cd735fec0
130efe18bbe5d7c483d0439f41f5906ed13765837c8f41777ef79bad13be42c4

HTTP Headers

GET /css?family=Inter:Regular HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 29 Mar 2024 06:11:06 GMT
date: Fri, 29 Mar 2024 06:11:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Inter&display=swap

142.250.74.106

200 OK

2.5 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Inter&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://galiciacgu.ar/cgu
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
ASCII text, with very long lines (2597), with no line terminators
Size
2.5 kB (2534 bytes)
Hash
ac63b64ec7437b1c3d021cd9bc74409a
a4ed901cfda1a43f675d2e91e45b213033db8f7f
97ef63fd7e749e589c410943a72dce0b87d04223b3cf7196809b9edae28f16c6

HTTP Headers

GET /css2?family=Inter&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galiciacgu.ar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 29 Mar 2024 06:11:06 GMT
date: Fri, 29 Mar 2024 06:11:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML