Report - competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca

Report Overview

URL

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
IP

213.32.105.173

ASN

#16276 OVH SAS
Submitted

2023-01-29T20:37:55Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

12

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782	2374	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413	5844	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333	391	34.117.237.239
competent-margulis.213-32-105-173.plesk.page (20)	unknown	2023-01-27T02:36:42Z	2023-03-03T10:02:02Z	12208	557211	213.32.105.173
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606	127	44.228.1.109
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3246	52404	34.120.237.76
r3.o.lencr.org (8)	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2704	7091	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca	Credit Agricole S.A.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/CA_Logo_seul-1.svg	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/token.json	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/fonts/gotham/Gotham-Bold.woff2	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/jquery.min.aaffcbf7942d5bedb07855e48cbc1afa.js	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlibHeader.min.9b997b2ac9fca6031bd046f1edd29d81.js	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/utils.min.423ec59365a85ebded314ad7311ef508.js	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlib-npc-components.min.b6efd65ae8c18d73875a5e228a1dc167.js	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlib-bootstrap-jquery.min.1661914e05c676ce450674555cc1e5b0.js	Phishing
2023-01-29	medium	competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/granite.min.579a107dd681c49bc61dae63734043cb.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

HTTP Transactions (39)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a2104f935c638b4767ca5ae0d738ef23

85c6af15af749be0ceeae6de17c36925b750f166

5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4988
Expires: Sun, 29 Jan 2023 22:00:52 GMT
Date: Sun, 29 Jan 2023 20:37:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

3eb88dea4fe00db1182370e72683c3ab

ca520abf1e91bfd2aef40c6a1270a911071e8922

d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19052
Expires: Mon, 30 Jan 2023 01:55:16 GMT
Date: Sun, 29 Jan 2023 20:37:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

03092d1a1bc7ac91ee342a1a7ab2a562

52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a

03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2974
Expires: Sun, 29 Jan 2023 21:27:18 GMT
Date: Sun, 29 Jan 2023 20:37:44 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

dcd75ca6daca51c5e39d431468511793

07f76d3bf23d65c9110d810fa71a994e39e085d3

73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 19:43:09 GMT
content-type: application/json
age: 3275
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: O80q0yYdEUrzGeA63bO/SztmEiZbxR6TKdj/XetTHEWhNzZcZO0fD9V/EO++75cKMPemiO+B3Nk=
x-amz-request-id: KMN4XW3E4RZA7K2X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 19:50:27 GMT
age: 2837
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c99e899d38146b0c350458a70469dc59

0d8cf9a26ebd9230851a8d97607ffe5b1102dbae

223e4c357ad40a5943da63d99ee95f6b5b251796938e22238cbabd7027cc07e5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "223E4C357AD40A5943DA63D99EE95F6B5B251796938E22238CBABD7027CC07E5"
Last-Modified: Sun, 29 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18318
Expires: Mon, 30 Jan 2023 01:43:02 GMT
Date: Sun, 29 Jan 2023 20:37:44 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca

213.32.105.173

200 OK

9557

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13501)

Size

9557
Hash

5ba8bd79fd4ccd4a3fa6e98867189360

f269ba7e905e1db5eceb1d02877ffc798090eb4d

771d6a7e346919e4f649ce918f2ae16d33a3993a49452772deb759edfc0402da

Detections

Analyzer	Verdict	Alert
openphish	Credit Agricole S.A.
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/43e4f0e21afc6eb/region.php?lca HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: text/html; charset=UTF-8
content-length: 9557
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.27, PleskLin
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibBoutonVertPart.min.d41d8cd98f00b204e9800998ecf8427e.css

213.32.105.173

200 OK

185

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibBoutonVertPart.min.d41d8cd98f00b204e9800998ecf8427e.css
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Unicode text, UTF-8 text, with CRLF line terminators

Size

185
Hash

54cf8a02ff9a6bd7e26cbbcc8165890b

cb7d736bba9aa57a57b28b2225d702141f019585

715b5a56e5be0adb8b864e91c07e8f92fe6310f2d3946f942d6f8a9df7f2ecb2

HTTP Headers

                                        GET /credit-agricol/region/assets/css/clientlibBoutonVertPart.min.d41d8cd98f00b204e9800998ecf8427e.css HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: text/css
content-length: 185
x-accel-version: 0.01
last-modified: Sat, 23 Jul 2022 19:05:32 GMT
etag: "111-5e47da2819700-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg

213.32.105.173

200 OK

22541

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators

Size

22541
Hash

8a6438815d53936ba84ffbef78c8bcfc

e178faa510c663b51d88b5979bbc53c73fcaf3e1

5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: image/svg+xml
content-length: 22541
last-modified: Mon, 11 Jul 2022 13:01:48 GMT
etag: "62cc1f3c-580d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/CA_Logo_seul-1.svg

213.32.105.173

200 OK

16248

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/CA_Logo_seul-1.svg
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators

Size

16248
Hash

267925c136126fd813e021bb85ef59d8

a6bae108371ab294c00d28c01f3e415feb7ed36f

4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/images/CA_Logo_seul-1.svg HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: image/svg+xml
content-length: 16248
last-modified: Mon, 11 Jul 2022 12:41:22 GMT
etag: "62cc1a72-3f78"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/logo_ca.png

213.32.105.173

200 OK

2037

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/logo_ca.png
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

PNG image data, 83 x 64, 8-bit/color RGB, non-interlaced\012- data

Size

2037
Hash

a5777291aa794d7d07285c839571662a

284f3d6b64462c946a640072bb57e512307bf8ab

1c8399c9f4f09feb8f95fe39465cc7e70597b0097ad92da954db82646ec68dc3

HTTP Headers

                                        GET /credit-agricol/region/assets/images/logo_ca.png HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: image/png
content-length: 2037
last-modified: Mon, 11 Jul 2022 13:10:54 GMT
etag: "62cc215e-7f5"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 19:41:41 GMT
age: 3363
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

16a7b6a7128312e2f985d30df18c4487

6017bff79ffb525d9c7f9f32b999b74b5dc69602

663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17594
Expires: Mon, 30 Jan 2023 01:30:59 GMT
Date: Sun, 29 Jan 2023 20:37:45 GMT
Connection: keep-alive

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorT34Part.min.f3d31862687057258256810db3499be7.css

213.32.105.173

200 OK

46257

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorT34Part.min.f3d31862687057258256810db3499be7.css
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Unicode text, UTF-8 text, with very long lines (1706)

Size

46257
Hash

20e462830ed61266ce0b70aa888d8df9

49e2018be0cc555e4c534b3d1e8bf7bdbbeffce4

8a3ec200ef68c0e30b580148ff5a541886791416d0849b64e4196d8aec8c527b

HTTP Headers

                                        GET /credit-agricol/region/assets/css/clientlibStoreLocatorT34Part.min.f3d31862687057258256810db3499be7.css HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: text/css
last-modified: Sat, 23 Jul 2022 19:05:32 GMT
etag: W/"62dc467c-4c3b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/token.json

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/token.json
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

JSON data\012- , ASCII text, with no line terminators

Size

2
Hash

99914b932bd37a50b983c5e7c90ae93b

bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/token.json HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:45 GMT
content-type: application/json
content-length: 2
x-accel-version: 0.01
last-modified: Mon, 11 Jul 2022 14:34:12 GMT
etag: "2-5e388720c0100"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/acces_cr_part_carre.jpg

213.32.105.173

200 OK

243919

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/acces_cr_part_carre.jpg
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=791, bps=218, PhotometricIntepretation=RGB, description=Diverse culture people using mobile smartphone outdoor - Happy friends having fun with technology trends - Youth, new generatio, manufacturer=SONY, model=ILCE-7M2, orientation=upper-left, width=1326], progressive, precision 8, 960x960, components 3\012- data

Size

243919
Hash

b259c4797d838add41da1047021d2480

13de10f5a348efa8ff3d856f2e347eeff8a33579

c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8

HTTP Headers

                                        GET /credit-agricol/region/assets/images/acces_cr_part_carre.jpg HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:45 GMT
content-type: image/jpeg
content-length: 243919
last-modified: Mon, 11 Jul 2022 13:09:26 GMT
etag: "62cc2106-3b8cf"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/fonts/gotham/Gotham-Bold.woff2

213.32.105.173

200 OK

39264

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/fonts/gotham/Gotham-Bold.woff2
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Web Open Font Format (Version 2), TrueType, length 39264, version 3.19726\012- data

Size

39264
Hash

003e90cf8cb3f8b4bef30d6764da18ed

512e44f40b54d0e5e081dda9fd5ea8a4429a508c

319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/fonts/gotham/Gotham-Bold.woff2 HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlib-part.min.ea256277357fa8db5612c74f1e54f567.css
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:45 GMT
content-type: font/woff2
content-length: 39264
last-modified: Mon, 11 Jul 2022 15:00:50 GMT
etag: "62cc3b22-9960"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorPart.min.804c7ef8e65f13b908c3b5f2466ea356.css

213.32.105.173

200 OK

43713

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorPart.min.804c7ef8e65f13b908c3b5f2466ea356.css
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Unicode text, UTF-8 text, with very long lines (1706)

Size

43713
Hash

d24ab15fd942dcef23c90a6abad2d599

a702762e6e35c6ea51f85bc9ad95f366c1b18c36

c519b922ce014f83b4cd1806724ef05e94b0c2317c939f0f22560f4ece65671b

HTTP Headers

                                        GET /credit-agricol/region/assets/css/clientlibStoreLocatorPart.min.804c7ef8e65f13b908c3b5f2466ea356.css HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: text/css
last-modified: Sat, 23 Jul 2022 19:05:32 GMT
etag: W/"62dc467c-32e3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorAccesCRPart.min.ddd3469fd6c3f8f331e0d3b3d56134c3.css

213.32.105.173

200 OK

44752

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorAccesCRPart.min.ddd3469fd6c3f8f331e0d3b3d56134c3.css
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Unicode text, UTF-8 text, with very long lines (1706)

Size

44752
Hash

e54372fcabd6b8cfc6753d588d5e16c8

8b429e2659142eea6f4435af23c1ab77c1da3ba9

2b97305fc044861d6940bf225fd8707c38df819cfe95233900ad9f305f85978e

HTTP Headers

                                        GET /credit-agricol/region/assets/css/clientlibStoreLocatorAccesCRPart.min.ddd3469fd6c3f8f331e0d3b3d56134c3.css HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: text/css
last-modified: Sat, 23 Jul 2022 19:05:32 GMT
etag: W/"62dc467c-30b7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/jquery.min.aaffcbf7942d5bedb07855e48cbc1afa.js

213.32.105.173

200 OK

57783

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/jquery.min.aaffcbf7942d5bedb07855e48cbc1afa.js
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Unicode text, UTF-8 text, with very long lines (585)

Size

57783
Hash

89395b00bde8db1bc0cce7255598b711

69b4ce872afbda3acd2d607969af6c768bb30f22

24fc9a3f0be8290caaaf2a1e0c9a3832e0f745d2f4f3a1fe81934cc2a2ef3194

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/js/jquery.min.aaffcbf7942d5bedb07855e48cbc1afa.js HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: application/javascript
last-modified: Sat, 23 Jul 2022 19:11:06 GMT
etag: W/"62dc47ca-2509e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/favicon.png

213.32.105.173

200 OK

25841

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/images/favicon.png
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1125x782, components 3\012- data

Size

25841
Hash

b97344aec9a8c00a0037b00de3cb65b8

b2499fd6933a79e99d530e2dcbc09a36feef7d4e

d9225828a2b4df13f9895b1ea331221239370d7787927c0038b30a725cf3d908

HTTP Headers

                                        GET /credit-agricol/region/assets/images/favicon.png HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:45 GMT
content-type: image/png
content-length: 25841
last-modified: Wed, 29 Jun 2022 00:12:08 GMT
etag: "62bb98d8-64f1"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.228.1.109

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

44.228.1.109:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: L4WCLawcn9wtuMkqFil0Rg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LAYVNJ3VgDOeonf68FXV/2gYw2s=

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f2a0c2c0f25bdd19baf87cbb3a87dcdb

bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a

c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3623
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:37:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f2a0c2c0f25bdd19baf87cbb3a87dcdb

bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a

c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3623
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:37:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f2a0c2c0f25bdd19baf87cbb3a87dcdb

bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a

c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3623
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:37:46 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg

34.120.237.76

200 OK

5594

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5594
Hash

4c77437e3a7361861aed8bfecbfe6bd6

fefd238c13c0fdfb7d964c90fcc8a8cbbf953034

282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: a13a8181-5783-42c1-9fda-1fcf8db4f0f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVpetFv-oAMF_Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d222c4-68165b34525ca2a054f0b505;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 06:50:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rJbdYq3bZDatEVvC83VR5WiWOFwNwVZEB16ez21KdnQJJrgJ-yKPCg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 14:55:48 GMT
age: 20518
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4475

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4475
Hash

4205d8106659e00fff1cbe9262918b8c

ab4f6528594a1725934727dc7d834c028a79c609

31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:56:46 GMT
age: 81660
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10168

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10168
Hash

d5ed99a9aed6f367efc5c9498ce87ff1

3123eb6f550c51fe17fc62eff943b3739e239a9b

536f45bf2eb41f7056df8b34964538005d6a0a4c6157def3fbdd9487f8c79027

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10168
x-amzn-requestid: fe58fe3c-dd23-4614-b5a2-e91ef68c2ab7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFOD7H-NIAMFcxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb907f-687fc51741d7ff97182d1955;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:13:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SORDxKQP-GudaCfRIbrmexyEeJXBExRipfF8sPHI-UkaYhR_RkDjvQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 00:55:27 GMT
age: 70939
etag: "3123eb6f550c51fe17fc62eff943b3739e239a9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5198

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5198
Hash

57ff6665d99a17d06b75c8fe64c90ab3

05648eed6830a794aa7e30ba4da526ed4c45b0ca

728b809756a0faff1a55bb03f13f33e31518f321e50dd944a0267d585c09264c

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5198
x-amzn-requestid: 8117f45b-926a-4cbe-b152-dae983bc3526
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOYdlG6XIAMF_vA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf3abd-7ce531f65f66ac3a73970841;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:56:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: naZHCCrUSwrLi2eWi3LOrir9zOGQcNUBJ1iS9wUewWoV3WM2E0kE2w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:47:00 GMT
age: 82246
etag: "05648eed6830a794aa7e30ba4da526ed4c45b0ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11470

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

11470
Hash

10a6491e2c1dfde68c7cd7297e70700f

d0f195319825a6d3e5e50ad15b2fcab27cb65896

4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 04:01:15 GMT
age: 59791
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9167

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9167
Hash

3be81f83687ddb6c93d3ff3c09a9dba2

50a48e737310d3f31840db4301b25927fbcc12c5

e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 20:46:16 GMT
age: 85890
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorT33Part.min.1f61aaac8fd08ba4c317656d6f0e4a62.css

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlibStoreLocatorT33Part.min.1f61aaac8fd08ba4c317656d6f0e4a62.css
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

HTTP Headers

                                        GET /credit-agricol/region/assets/css/clientlibStoreLocatorT33Part.min.1f61aaac8fd08ba4c317656d6f0e4a62.css HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: text/css
last-modified: Sat, 23 Jul 2022 19:05:32 GMT
etag: W/"62dc467c-3ed5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlibHeader.min.9b997b2ac9fca6031bd046f1edd29d81.js

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlibHeader.min.9b997b2ac9fca6031bd046f1edd29d81.js
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/js/clientlibHeader.min.9b997b2ac9fca6031bd046f1edd29d81.js HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: application/javascript
last-modified: Wed, 27 Jul 2022 01:07:36 GMT
etag: W/"62e08fd8-1e334"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/utils.min.423ec59365a85ebded314ad7311ef508.js

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/utils.min.423ec59365a85ebded314ad7311ef508.js
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/js/utils.min.423ec59365a85ebded314ad7311ef508.js HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: application/javascript
last-modified: Sat, 23 Jul 2022 19:11:06 GMT
etag: W/"62dc47ca-2dea"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlib-npc-components.min.b6efd65ae8c18d73875a5e228a1dc167.js

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlib-npc-components.min.b6efd65ae8c18d73875a5e228a1dc167.js
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/js/clientlib-npc-components.min.b6efd65ae8c18d73875a5e228a1dc167.js HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: application/javascript
last-modified: Tue, 26 Jul 2022 18:40:06 GMT
etag: W/"62e03506-c1966"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlib-bootstrap-jquery.min.1661914e05c676ce450674555cc1e5b0.js

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/clientlib-bootstrap-jquery.min.1661914e05c676ce450674555cc1e5b0.js
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/js/clientlib-bootstrap-jquery.min.1661914e05c676ce450674555cc1e5b0.js HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: application/javascript
last-modified: Wed, 27 Jul 2022 00:23:28 GMT
etag: W/"62e08580-741e3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlib-part.min.ea256277357fa8db5612c74f1e54f567.css

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/css/clientlib-part.min.ea256277357fa8db5612c74f1e54f567.css
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

HTTP Headers

                                        GET /credit-agricol/region/assets/css/clientlib-part.min.ea256277357fa8db5612c74f1e54f567.css HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: text/css
last-modified: Tue, 26 Jul 2022 12:22:28 GMT
etag: W/"62dfdc84-14414c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/granite.min.579a107dd681c49bc61dae63734043cb.js

213.32.105.173

200 OK

URL HTTP/2

competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/assets/js/granite.min.579a107dd681c49bc61dae63734043cb.js
IP

213.32.105.173:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /credit-agricol/region/assets/js/granite.min.579a107dd681c49bc61dae63734043cb.js HTTP/1.1
Host: competent-margulis.213-32-105-173.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://competent-margulis.213-32-105-173.plesk.page/credit-agricol/region/43e4f0e21afc6eb/region.php?lca
Cookie: PHPSESSID=amaff8fdfjc3d15hqk6std0mo9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:37:44 GMT
content-type: application/javascript
last-modified: Mon, 25 Jul 2022 21:46:54 GMT
etag: W/"62df0f4e-2111"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

#1 JS:Script (size: 8465)

#2 JS:Script (size: 475619)

#3 JS:Script (size: 123700)

#4 JS:Script (size: 792934)

#5 JS:Script (size: 158)

#6 JS:Script (size: 88)

#7 JS:Script (size: 151710)

#8 JS:Script (size: 11754)

HTTP Transactions (39)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size