Report - ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier

Report Overview

Visited public
2023-10-03 00:55:23
Tags
phishing credit_agricole finacial
URL
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Finishing URL
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
IP / ASN
63.250.43.132
#22612 NAMECHEAP-NET
Title
Accès CR - Crédit Agricole
Phishing - Credit Agricole

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-02 18:12:06	1.7 kB	3.5 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-02 21:16:04	2.3 kB	199 kB	216.58.211.3
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-02 22:25:51	500 B	26 kB	142.250.74.42
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-10-02 21:05:15	330 B	964 B	104.18.15.101
ca-frregion-d3ddfa.ingress-erytho.ewp.live	unknown	2022-05-26	2023-10-01 18:21:59	2023-10-02 08:49:29	7.3 kB	673 kB	63.250.43.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-07
Pretty URL ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/jquery.min.js IP 63.250.43.132 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 21:25 Times Seen3657 Hash 2f772fed444d5489079f275bd01e26cc a8927ac2830b2fdd4a729eb0eb7f80923539ceb9 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a Loading...

	ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/popper.min.js	ScriptElement	20 kB	2023-03-07	2025-05-07
Pretty URL ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/popper.min.js IP 63.250.43.132 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 22:46 Times Seen1698 Hash 5644e6835941af44dcb5cead916c2b79 6eb1840d55338895ce6ecc3eab56132b1d152b93 315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58 Loading...

	ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/bootstrap.min.js	ScriptElement	59 kB	2023-03-07	2025-04-22
Pretty URL ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/bootstrap.min.js IP 63.250.43.132 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33 Last Seen2025-04-22 11:03 Times Seen542 Hash 0f9ea8d6bb66dbed6e0966f9da35b7fd 8095a33f75ca53aa5409b8bf00ea30372755092d 306ab8dd287ef041231a510b7e4c027a11e28b20c3408a9185d895c091dc72a4 Loading...

	ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/fontawesome.js	ScriptElement	1.1 MB	2023-03-07	2025-05-04
Pretty URL ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/fontawesome.js IP 63.250.43.132 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-04 18:06 Times Seen1371 Hash a6756b0b8637e62f56d9d794b154ca12 5cd7e758e41375d85cef812d4578d5cd9b949ea7 21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e Loading...

	ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/main.js	ScriptElement	4.4 kB	2023-03-07	2025-04-22
Pretty URL ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/main.js IP 63.250.43.132 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33 Last Seen2025-04-22 11:03 Times Seen364 Hash def4a999cf8f389438ebe315c275cb73 90b28790feddac38637591835420fe87a6071ce8 3fbc9360e36438e4cdcda3f25cb6dad97b6fe96cbba9455ad4bb75183e5fc2dc Loading...

HTTP Transactions (24)

URL IP Response Size

ocsp.sectigo.com/

104.18.15.101

472 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
aed6e1660f7c59dcd1aaf4d261f46b3e
77540bbbc7f73183a283264fed5dcf19ae678005
21385405b6a6944e4b4923c82e0d77587c8ca06e0d68d6ac5adc2cc3adde6b20

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 00:55:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 30 Sep 2023 22:55:58 GMT
Expires: Sat, 07 Oct 2023 22:55:57 GMT
Etag: "77540bbbc7f73183a283264fed5dcf19ae678005"
Cache-Control: max-age=424251,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 810137b42cec5695-OSL

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier

63.250.43.132

200 OK

2.3 kB

URL User Request GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.3 kB (2342 bytes)
Hash
5016dcbf339f02d25a7a0a1d54922e25
829b9a07076677c9b23f29d3866f3bbb432b5ba2
58ade567a43644e2e2118279425ba565b91b7557da8dc775c81c2e35033bcce2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/23745aadab288b8/region.php?particulier HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 05:43:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, public
pragma: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 69074
accept-ranges: bytes
x-cache: HIT
content-length: 2342
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/bootstrap.min.css

63.250.43.132

200 OK

21 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/bootstrap.min.css
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
21 kB (21050 bytes)
Hash
04aca1f4cd3ec3c05a75a879f3be75a3
675fcf28f9fbf37139d3b2c0b676f96f601a4203
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/css/bootstrap.min.css HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:34 GMT
last-modified: Sat, 30 Sep 2023 16:25:18 GMT
etag: "65184bee-22688"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28592
accept-ranges: bytes
x-cache: HIT
content-length: 21050
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/helpers.css

63.250.43.132

200 OK

4.6 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/helpers.css
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (40872), with CRLF line terminators
Size
4.6 kB (4564 bytes)
Hash
88f7c4adad498784690f48f5d2c8206c
a0b92390b80b2a16175cc9d89d9735bcd08390a1
007d273e883c81c8c462037d144b2a46cc07d4999a80395c2e29d61538134fac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/css/helpers.css HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:34 GMT
last-modified: Sat, 30 Sep 2023 16:25:18 GMT
etag: "65184bee-9faa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28592
accept-ranges: bytes
x-cache: HIT
content-length: 4564
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/fonts.css

63.250.43.132

200 OK

278 B

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/fonts.css
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
278 B (278 bytes)
Hash
f4e34e95813148762c730a06b2df64d1
95e811f907c37d56a261316d44dc8863fe68264d
98b62b715000035bde65a6ada525f27da578202c9996ef4acfd8bcd725a7374c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/css/fonts.css HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:34 GMT
last-modified: Sat, 30 Sep 2023 16:25:18 GMT
etag: "65184bee-570"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28592
accept-ranges: bytes
x-cache: HIT
content-length: 278
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/main.css

63.250.43.132

200 OK

2.3 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/main.css
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (10330), with CRLF line terminators
Size
2.3 kB (2317 bytes)
Hash
3c007128eba9b52512276b8dc04730e0
1983e6db9a31ac00bcb0b0370f1f470a6077c4a1
b5ec4481a0e5b1ea5153b691b2247a74b765bb3a62757d851438a4393170272c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/css/main.css HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:34 GMT
last-modified: Sat, 30 Sep 2023 16:25:18 GMT
etag: "65184bee-285c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28592
accept-ranges: bytes
x-cache: HIT
content-length: 2317
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e5f6e486c8889a5acbd7d70a581183ba
d405bd576e9d403941292dd76fba7df0314cbe86
b4dfaae022a707cd4f7135ba4ff1a6627b426e49d9a636e585be06a9b7fbbef0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Oct 2023 00:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/images/calogo.png

63.250.43.132

200 OK

19 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/images/calogo.png
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
PNG image data, 350 x 105, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (18782 bytes)
Hash
71cb5c78702e00ffb116f88d9280896a
d32b9b4f245643b1e4477f923b12a4d17d50cc3d
f8e9befa13e3ff93d974729ae3c727461555d582bb63bb388a4bd497619ef20b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/images/calogo.png HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:34 GMT
last-modified: Sat, 30 Sep 2023 16:25:20 GMT
etag: "65184bf0-495e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 18782
x-cacheable: YES
age: 28592
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/jquery.min.js

63.250.43.132

200 OK

31 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/jquery.min.js
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
31 kB (30719 bytes)
Hash
2f772fed444d5489079f275bd01e26cc
a8927ac2830b2fdd4a729eb0eb7f80923539ceb9
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/js/jquery.min.js HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:34 GMT
last-modified: Sat, 30 Sep 2023 16:25:24 GMT
etag: "65184bf4-15851"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28591
accept-ranges: bytes
x-cache: HIT
content-length: 30719
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e5f6e486c8889a5acbd7d70a581183ba
d405bd576e9d403941292dd76fba7df0314cbe86
b4dfaae022a707cd4f7135ba4ff1a6627b426e49d9a636e585be06a9b7fbbef0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Oct 2023 00:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/popper.min.js

63.250.43.132

200 OK

7.2 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/popper.min.js
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20164), with CRLF line terminators
Size
7.2 kB (7243 bytes)
Hash
5644e6835941af44dcb5cead916c2b79
6eb1840d55338895ce6ecc3eab56132b1d152b93
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/js/popper.min.js HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:35 GMT
last-modified: Sat, 30 Sep 2023 16:25:26 GMT
etag: "65184bf6-4f74"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28591
accept-ranges: bytes
x-cache: HIT
content-length: 7243
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/bootstrap.min.js

63.250.43.132

200 OK

15 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/bootstrap.min.js
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (59058), with no line terminators
Size
15 kB (15336 bytes)
Hash
0f9ea8d6bb66dbed6e0966f9da35b7fd
8095a33f75ca53aa5409b8bf00ea30372755092d
306ab8dd287ef041231a510b7e4c027a11e28b20c3408a9185d895c091dc72a4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/js/bootstrap.min.js HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:35 GMT
last-modified: Sat, 30 Sep 2023 16:25:24 GMT
etag: "65184bf4-e6b2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28591
accept-ranges: bytes
x-cache: HIT
content-length: 15336
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/main.js

63.250.43.132

200 OK

963 B

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/main.js
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
Algol 68 source text\012- Pascal source, ASCII text, with CRLF line terminators
Size
963 B (963 bytes)
Hash
def4a999cf8f389438ebe315c275cb73
90b28790feddac38637591835420fe87a6071ce8
3fbc9360e36438e4cdcda3f25cb6dad97b6fe96cbba9455ad4bb75183e5fc2dc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/js/main.js HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:35 GMT
last-modified: Sat, 30 Sep 2023 16:25:26 GMT
etag: "65184bf6-111f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28590
accept-ranges: bytes
x-cache: HIT
content-length: 963
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
32f2305a36b37feb95f082367d6e8964
9eb1ecece89eb335dfa3be60f006503592455da5
0d68b687e8760f8f620648ce22b0f7450d09a1bf2dbb49db79b9266166e88547

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Oct 2023 00:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.211.3

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 26 Sep 2023 09:00:39 GMT
expires: Wed, 25 Sep 2024 09:00:39 GMT
cache-control: public, max-age=31536000
age: 575668
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
32f2305a36b37feb95f082367d6e8964
9eb1ecece89eb335dfa3be60f006503592455da5
0d68b687e8760f8f620648ce22b0f7450d09a1bf2dbb49db79b9266166e88547

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Oct 2023 00:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.211.3

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 26 Sep 2023 09:00:39 GMT
expires: Wed, 25 Sep 2024 09:00:39 GMT
cache-control: public, max-age=31536000
age: 575668
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

216.58.211.3

200 OK

50 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 50368, version 1.0\012- data
Size
50 kB (50368 bytes)
Hash
4facfd6ff39e147b7e39c4b1abe4117d
0f7c0d978c209d21eb3f55950fc43e77c196ec3b
a246c4de8a0f1f1fdb6ee52565018dc341063aa9efe8481034bc3ef7d697e334

HTTP Headers

GET /s/opensans/v36/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 50368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 29 Sep 2023 21:03:55 GMT
expires: Sat, 28 Sep 2024 21:03:55 GMT
cache-control: public, max-age=31536000
age: 273072
last-modified: Thu, 14 Sep 2023 01:04:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.211.3

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 26 Sep 2023 09:00:39 GMT
expires: Wed, 25 Sep 2024 09:00:39 GMT
cache-control: public, max-age=31536000
age: 575668
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/fontawesome.js

63.250.43.132

200 OK

387 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/js/fontawesome.js
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65347), with CRLF line terminators
Size
387 kB (387147 bytes)
Hash
a6756b0b8637e62f56d9d794b154ca12
5cd7e758e41375d85cef812d4578d5cd9b949ea7
21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/js/fontawesome.js HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:35 GMT
last-modified: Sat, 30 Sep 2023 16:25:24 GMT
etag: "65184bf4-10314e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28591
accept-ranges: bytes
x-cache: HIT
content-length: 387147
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
32f2305a36b37feb95f082367d6e8964
9eb1ecece89eb335dfa3be60f006503592455da5
0d68b687e8760f8f620648ce22b0f7450d09a1bf2dbb49db79b9266166e88547

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Oct 2023 00:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/images/particuliers.jpg

63.250.43.132

200 OK

171 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/images/particuliers.jpg
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1080x1080, components 3\012- data
Size
171 kB (171158 bytes)
Hash
c9c60cec5c629ce82d64ff8b268a4eda
ecde69714dfe8b58cf40f31ed1e00d81056b16a5
40eebb3469219ff9cea327b5f7ae1f68ba59a52d539e4a07303cdd8c8cbfc7cb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/images/particuliers.jpg HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 22:19:56 GMT
last-modified: Sat, 30 Sep 2023 16:25:22 GMT
etag: "65184bf2-29c96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/jpeg
content-length: 171158
x-cacheable: YES
age: 9310
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/images/favicon.png

63.250.43.132

200 OK

1.8 kB

URL GET HTTP/2
ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/assets/images/favicon.png
IP
63.250.43.132:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerSectigo Limited
Subject*.ingress-erytho.ewp.live
Fingerprint0B:7E:46:4A:A9:E1:EF:7C:25:39:AC:43:51:61:F5:C8:99:5F:35:E9
ValidityTue, 09 May 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.8 kB (1793 bytes)
Hash
ed9c56116b458dfeef180879add56940
f661f922f0bfdf0d2d470aea158eb77d49b5bb26
0c6849d4541c1b5d297b7e48dc2c13d43c357610effd13e1a90929b6638205e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /passlip/z0n51-ca/assets/images/favicon.png HTTP/1.1
Host: ca-frregion-d3ddfa.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 02 Oct 2023 16:58:34 GMT
last-modified: Sat, 30 Sep 2023 16:25:20 GMT
etag: "65184bf0-701"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 1793
x-cacheable: YES
age: 28593
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800

142.250.74.42

200 OK

25 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/passlip/z0n51-ca/23745aadab288b8/region.php?particulier
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text
Size
25 kB (24860 bytes)
Hash
b61191c920a332ff4fbac575d407c7bb
40be9b56875b9a8ab9088a4e5c9948b18e06cc86
51de5d2ed4b010302eebe389505be809815f05beaf9cb870a5db1ca74c513266

HTTP Headers

GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ca-frregion-d3ddfa.ingress-erytho.ewp.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 03 Oct 2023 00:55:07 GMT
date: Tue, 03 Oct 2023 00:55:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate