Report - cz17443.tw1.ru/login/login.php

Report Overview

Submitted URL
cz17443.tw1.ru/login/login.php
IP
185.114.247.232
ASN
#9123 TimeWeb Ltd.
Submitted
2024-04-26 17:31:20
Access
public
Website Title
Bienvenue
Final URL
cz17443.tw1.ru/login/login.php
Tags
la_banque_postale phishing suspicious
urlquery detections
Phishing - La Banque postale
Suspicious - Anti-debugging code

Detections

urlquery
40
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cz17443.tw1.ru	unknown	unknown	No data	No data	11 kB	2.1 MB	185.114.247.232

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	cz17443.tw1.ru/login/login.php	La Banque postale

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	cz17443.tw1.ru/assets/js/jquery.min.js	88 kB	2023-03-07	2024-05-07
Pretty URL cz17443.tw1.ru/assets/js/jquery.min.js IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-07 11:51:23 Times Seen8568 Hash 2f772fed444d5489079f275bd01e26cc a8927ac2830b2fdd4a729eb0eb7f80923539ceb9 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a Loading...

	cz17443.tw1.ru/assets/js/popper.min.js	20 kB	2023-03-07	2024-05-03
Pretty URL cz17443.tw1.ru/assets/js/popper.min.js IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-03 06:34:50 Times Seen4137 Hash 5644e6835941af44dcb5cead916c2b79 6eb1840d55338895ce6ecc3eab56132b1d152b93 315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58 Loading...

	cz17443.tw1.ru/assets/js/bootstrap.min.js	136 kB	2023-03-07	2024-05-03
Pretty URL cz17443.tw1.ru/assets/js/bootstrap.min.js IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-03 18:14:12 Times Seen1676 Hash 5e7d168ed3203dab385e83f97f98f725 6d19a7d83a87b427f2fc5ced2c0e86c92f58a142 2caa6404ddb0de2b9d191b1e2c8b5c35c68ca48f2a9521140bbf83b27c063700 Loading...

	cz17443.tw1.ru/assets/js/fontawesome.min.js	1.1 MB	2023-03-07	2024-05-03
Pretty URL cz17443.tw1.ru/assets/js/fontawesome.min.js IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-03 06:34:50 Times Seen2680 Hash a6756b0b8637e62f56d9d794b154ca12 5cd7e758e41375d85cef812d4578d5cd9b949ea7 21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e Loading...

	cz17443.tw1.ru/assets/js/main.js	1.9 kB	2023-03-07	2024-05-02
Pretty URL cz17443.tw1.ru/assets/js/main.js IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-02 12:46:02 Times Seen550 Hash cf6ff0eef580f3393e37146c85def933 dee034e0cd52594132ca4f73911c1386b660a1ff 6485f454bae479e9e556ac912a9bfeee8619437989c5ff4423b3d5d6e8e5e209 Loading...

	cz17443.tw1.ru/login/login.php	1.4 kB	2023-03-07	2024-05-05
Pretty URL cz17443.tw1.ru/login/login.php IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:42 Last Seen2024-05-05 09:05:23 Times Seen533 Hash b20b25f415094713fd3b7cc0c040c9fd 582a1c3cc915e315894e4e18676fe75dc8c5540b ef382e7fd566dc27b4038b15b232f54cd97cd07c3236d200c844cb5501110f8c Loading...

HTTP Transactions (22)

URL IP Response Size

cz17443.tw1.ru/assets/images/top-header-left.png

185.114.247.232

200 OK

7.8 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/top-header-left.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 582 x 46, 8-bit/color RGBA, non-interlaced
Size
7.8 kB (7766 bytes)
Hash
05d0bcebf3df7ee2a73dee6cded8748c
3a2063b7ea5f324dfba774b9cf2671480f387fd3
004c0d90d64d9266498f39a020a0a6fe4110b94f8447daea5b1373d3e7934aad

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/top-header-left.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 7766
last-modified: Sun, 21 Apr 2024 13:30:01 GMT
etag: "662514d9-1e56"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/top-header-left2.png

185.114.247.232

200 OK

1.4 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/top-header-left2.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 83 x 41, 8-bit/color RGB, non-interlaced
Size
1.4 kB (1402 bytes)
Hash
6c8bd7116fa86f2ae3c0180d903925ef
bf8ddfd792a103dc6d5aacd11e9d903072684c70
c96109fef3e6ae0c4dffe3fcc9026352c44a2147b9fd2c4d6e08d32cdcf2641f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/top-header-left2.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 1402
last-modified: Sun, 21 Apr 2024 13:29:58 GMT
etag: "662514d6-57a"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/top-header-right.png

185.114.247.232

200 OK

3.2 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/top-header-right.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 165 x 12, 8-bit/color RGBA, non-interlaced
Size
3.2 kB (3223 bytes)
Hash
a807d65c0c9d3f695f10e08980bc1b51
e1fa5b9f089087d9b0c94dfc1557d6de22fb6b8e
5b6cd7b81854519965959d1549226e565a77de441a694df48579868348513d21

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/top-header-right.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 3223
last-modified: Sun, 21 Apr 2024 13:29:54 GMT
etag: "662514d2-c97"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/header-left.png

185.114.247.232

200 OK

14 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/header-left.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 481 x 70, 8-bit/color RGBA, non-interlaced
Size
14 kB (13753 bytes)
Hash
7d9605f1532c3522c8bcbb0f29365c33
01d4c9d444aa4f64223febe842a7d1d371215dd1
c83e6ec9b5ceece6db819192b3f6f877fc64296b1ed27ec5b53cc5c4d86f8ab4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/header-left.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 13753
last-modified: Sun, 21 Apr 2024 13:30:02 GMT
etag: "662514da-35b9"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/logo.png

185.114.247.232

200 OK

6.4 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/logo.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
Size
6.4 kB (6360 bytes)
Hash
25722a7e1f0c794ae8b299897c61a03b
8657666cb41fd8fcd3e0202bb9c3327fba3f837f
f0f02c834c71eff3c9dbc749f81ea8be9c213326a6908e7b80a7da9cba637ae3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/logo.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 6360
last-modified: Sun, 21 Apr 2024 13:29:57 GMT
etag: "662514d5-18d8"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/header-right.png

185.114.247.232

200 OK

4.9 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/header-right.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 383 x 50, 8-bit/color RGBA, non-interlaced
Size
4.9 kB (4864 bytes)
Hash
2375d45e3a3f1902e9e5e3509b729ab0
611da0b1ef30ce60cb99fc53e8f4e68e2c4b89a6
dc76d1d3963947047b414b58209d235ff6e36043fe66514606a260a8c3d96cb0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/header-right.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 4864
last-modified: Sun, 21 Apr 2024 13:30:00 GMT
etag: "662514d8-1300"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/header-right2.png

185.114.247.232

200 OK

4.9 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/header-right2.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 503 x 50, 8-bit/color RGB, non-interlaced
Size
4.9 kB (4897 bytes)
Hash
9252aa94fff77064c1ff6bcc5b7398dd
b4ff8e78716f29cccb54b70906794a44fd7a1a21
37a288f0c7a73fecda634b2262ba8d7c23953e2268aa9a6dabc21955b5a174e9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/header-right2.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 4897
last-modified: Sun, 21 Apr 2024 13:29:54 GMT
etag: "662514d2-1321"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/header-right3.png

185.114.247.232

200 OK

1.2 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/header-right3.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 228 x 50, 8-bit/color RGB, non-interlaced
Size
1.2 kB (1187 bytes)
Hash
f2766a53f341aa32b32efef5152cb92b
472e5b58d6f177a1dae8c272b209aa0a4c7c2731
f209ec1d94d89a8fa9cdadffa82ac9f6bb696687d21caaf0a15007199fdbcbfc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/header-right3.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 1187
last-modified: Sun, 21 Apr 2024 13:29:53 GMT
etag: "662514d1-4a3"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/footer.png

185.114.247.232

200 OK

53 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/footer.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 907 x 595, 8-bit/color RGBA, non-interlaced
Size
53 kB (53035 bytes)
Hash
f96a98795792fd92b817f70089d30c31
b2ca6b578360c9f67c6af13a25568ac31fb08f7b
5bb399100f821a7bada7a8faa36de1e64dd19bcde8854eb9980b5b07cb74de1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/footer.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 53035
last-modified: Sun, 21 Apr 2024 13:29:58 GMT
etag: "662514d6-cf2b"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/fonts/secure-asterisk.woff

185.114.247.232

200 OK

3.2 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/fonts/secure-asterisk.woff
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
Web Open Font Format, TrueType, length 3176, version 0.0
Size
3.2 kB (3176 bytes)
Hash
374b020a914ea198d75d783535440a81
2dd183915d84f1a8deee4fdb1091af1cd2989e25
cc0b81d5e663b8abed0d6035739f40950ae99bcabb9a88f1e92eb910ae769cea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/fonts/secure-asterisk.woff HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/assets/css/fonts.css
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: application/font-woff
content-length: 3176
last-modified: Sun, 21 Apr 2024 13:30:20 GMT
etag: "662514ec-c68"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/content.png

185.114.247.232

200 OK

462 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/content.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 939 x 2166, 8-bit/color RGBA, non-interlaced
Size
462 kB (461751 bytes)
Hash
a163946bb2c40cfce6b8eb1f7c5a4f63
77405f7e4c20b1e6088ec70c468edacda7638aac
8f7220fde4861e61d5d1f84538771bf385a161f5889476028a61341ac01875d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/content.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/assets/css/main.css
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 461751
last-modified: Sun, 21 Apr 2024 13:29:57 GMT
etag: "662514d5-70bb7"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/images/favicon.png

185.114.247.232

200 OK

2.8 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/images/favicon.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
2.8 kB (2817 bytes)
Hash
95148d7f825922493ef706dd98457ff4
a0a5b1c2f52bb002000a04de5aa74d8ed25fc703
c78d2b529472912245060a36f2393b664716b51511b6bdcfa385fba224ba3811

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/images/favicon.png HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: image/png
content-length: 2817
last-modified: Sun, 21 Apr 2024 13:29:56 GMT
etag: "662514d4-b01"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/js/popper.min.js

185.114.247.232

200 OK

16 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/js/popper.min.js
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
16 kB (15886 bytes)
Hash
c93d0ef11c127aa00587ad2642fc9f29
dd054b2bb028607aa901ea5e9d33a154a43a2c59
5476c66e33b3e2bcdd1174f1d16a9ec8f7c2abbb96483da5783ca0602b6a4a63

HTTP Headers

GET /assets/js/popper.min.js HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: application/x-javascript
last-modified: Sun, 21 Apr 2024 13:30:07 GMT
vary: Accept-Encoding
etag: W/"662514df-4f74"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/js/main.js

185.114.247.232

200 OK

8.2 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/js/main.js
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
8.2 kB (8165 bytes)
Hash
d4862c7edd0cd9836134a77cdce56433
73786f3f6604248e3446df4035892dea8b3f1340
f4179da84ea100a6979cfcfe1e99e436e0b87a15c4f4dbf6c5e001157dfd0951

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /assets/js/main.js HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: application/x-javascript
last-modified: Sun, 21 Apr 2024 13:30:06 GMT
vary: Accept-Encoding
etag: W/"662514de-77c"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/css/helpers.css

185.114.247.232

200 OK

42 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/css/helpers.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with very long lines (41750), with CRLF line terminators
Size
42 kB (41752 bytes)
Hash
fd877f138d23d5a790645eb95167aec3
ee2f01ca01c5f7e6f674ad79a9fea30f78a66f2c
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/css/helpers.css HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: text/css
last-modified: Sun, 21 Apr 2024 13:29:50 GMT
vary: Accept-Encoding
etag: W/"662514ce-a318"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/js/jquery.min.js

185.114.247.232

200 OK

88 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/js/jquery.min.js
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators
Size
88 kB (88145 bytes)
Hash
2f772fed444d5489079f275bd01e26cc
a8927ac2830b2fdd4a729eb0eb7f80923539ceb9
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: application/x-javascript
last-modified: Sun, 21 Apr 2024 13:30:06 GMT
vary: Accept-Encoding
etag: W/"662514de-15851"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/css/bootstrap.min.css

185.114.247.232

200 OK

156 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/css/bootstrap.min.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with very long lines (65324)
Size
156 kB (155758 bytes)
Hash
a15c2ac3234aa8f6064ef9c1f7383c37
6e10354828454898fda80f55f3decb347fd9ed21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: text/css
last-modified: Sun, 21 Apr 2024 13:29:50 GMT
vary: Accept-Encoding
etag: W/"662514ce-2606e"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/js/fontawesome.min.js

185.114.247.232

200 OK

1.1 MB

URL GET HTTP/2
cz17443.tw1.ru/assets/js/fontawesome.min.js
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type

Size
1.1 MB (1061198 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/fontawesome.min.js HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: application/x-javascript
last-modified: Sun, 21 Apr 2024 13:30:09 GMT
vary: Accept-Encoding
etag: W/"662514e1-10314e"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/js/bootstrap.min.js

185.114.247.232

200 OK

136 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/js/bootstrap.min.js
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
JavaScript source, ASCII text, with very long lines (328), with CRLF, CR line terminators
Size
136 kB (136072 bytes)
Hash
5e7d168ed3203dab385e83f97f98f725
6d19a7d83a87b427f2fc5ced2c0e86c92f58a142
2caa6404ddb0de2b9d191b1e2c8b5c35c68ca48f2a9521140bbf83b27c063700

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/js/bootstrap.min.js HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: application/x-javascript
last-modified: Sun, 21 Apr 2024 13:30:07 GMT
vary: Accept-Encoding
etag: W/"662514df-21388"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/login/login.php

185.114.247.232

200 OK

10 kB

URL User Request GET HTTP/2
cz17443.tw1.ru/login/login.php
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type

Size
10 kB (10453 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	La Banque postale

HTTP Headers

GET /login/login.php HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/css/fonts.css

185.114.247.232

200 OK

1.8 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/css/fonts.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with very long lines (1817), with no line terminators
Size
1.8 kB (1751 bytes)
Hash
a96ab3b78425633d0dbf2f0285ccc550
8183b1c4e80de616c4fa96a32478d993b3e1ade6
4df52e83e87903f23044e3ceaf236659081ecad258807cfed440b0f93ff70c47

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/css/fonts.css HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: text/css
last-modified: Sun, 21 Apr 2024 13:29:51 GMT
vary: Accept-Encoding
etag: W/"662514cf-6d7"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

cz17443.tw1.ru/assets/css/main.css

185.114.247.232

200 OK

7.0 kB

URL GET HTTP/2
cz17443.tw1.ru/assets/css/main.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://cz17443.tw1.ru/login/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with very long lines (6977), with no line terminators
Size
7.0 kB (6951 bytes)
Hash
dd15b1c9feb20af2bfb80065dc24874b
7a46bbcf56f8bdc8ada3b9da5e7623c1b319b422
6bca7e062245492adc3f218a54392c572401f5fb617fb35ec253a8dad270f3e3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - La Banque postale

HTTP Headers

GET /assets/css/main.css HTTP/1.1
Host: cz17443.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cz17443.tw1.ru/login/login.php
Cookie: PHPSESSID=f4b1ec5ce16abdb0890e33a45ba6e263
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 17:30:55 GMT
content-type: text/css
last-modified: Sun, 21 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662514cd-1b27"
expires: Sat, 26 Apr 2025 17:30:55 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2