Report - rivierapub.fr/css/files/reboot/login/login.php

Report Overview

Submitted URL
rivierapub.fr/css/files/reboot/login/login.php
IP
213.186.33.18
ASN
#16276 OVH SAS
Submitted
2023-01-31 18:37:58
Access
Website Title
Final URL
Tags
union_bank financial phishing
urlquery detections
Phishing - Union Bank

Detections

urlquery
33
Network Intrusion Detection
1
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.93.186
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	369 B	21 kB	142.250.74.110
www.rivierapub.fr	unknown	2016-01-11T19:13:13Z	2023-03-12T01:05:26Z	428 B	300 kB	213.186.33.18
rivierapub.fr	unknown	2017-01-29T12:48:47Z	2023-03-12T01:05:26Z	10 kB	4.9 MB	213.186.33.18
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	388 B	34 kB	142.250.74.138
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	69 kB	34.120.237.76
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	408 B	2.0 kB	142.250.74.99
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.4 kB	4.9 kB	142.250.74.3
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.0 kB	2.1 kB	93.184.220.29
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	430 B	89 kB	157.240.205.11
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	416 B	6.9 kB	104.17.25.14
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	1.4 kB	50 kB	142.250.74.163
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-13T07:25:00Z	413 B	947 B	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-31 18:38:03	high	213.186.33.18	Client IP	ETPRO PHISHING Union Bank of the Philippines Phish Landing Page 2022-02-15

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/login.php	The Union Bank of the Philippines

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/login.php	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/script.js	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/api.js	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/saved_resource(1).html	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download	Phishing
2023-01-31	medium	www.rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js	Phishing
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	rivierapub.fr/css/files/reboot/login/script.js	393 B	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/script.js IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:23 Last Seen2023-08-17 17:35:39 Times Seen26 Hash 6a2e6dbb7e1b3f957d2cb45fb492668e f2680b4bf9b43296032575e74c6f522073c088b2 953ff524a462191b00e7966089eb722ce2f7d32334c603ebe06298b2ae5ba958 Loading...

	unknown	62 kB	2023-03-13	2023-03-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:31:16 Last Seen2023-03-13 13:31:16 Times Seen1 Hash 99118b08293240f9b97c179d6e6296b5 fed47325bb9b9d3f63a341626580caa53e2e0112 9622f5cd8e9c79ee844c03365346e68cb77c2bff81205b39327698f7f121cfdc Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 09:56:21 Times Seen36956109 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js	93 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-19 07:56:42 Times Seen23210 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)	3.2 kB	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1) IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen38 Hash bed46e0f7a43ef971658bde3da164aea d4a3512ba6112886f55def602aad237dc2709501 3f6cfb2a107314566e4293ba29234e305a8d9e35dd8670fb41cbacc78f3bf22f Loading...

	rivierapub.fr/css/files/reboot/login/login.php	603 B	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/login.php IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen23 Hash 125f1d997065c052e3cca3c96f62370f 2f05e9985574278754d59addf2e5b10d90e316a2 d2e58df91b33affa22f9ddbd3c244d177b9ca5f1a69d25a39b0ed34d41d0b3fe Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js	398 kB	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen32 Hash b3ff7069fb30087eb69bf18b3cfc5b35 4cf232bd57407c61bb5138d17da5aded1d96219b bc4c57fdfb845c45382334a2ea04b63a21fea8f4a42ec56ce4e05bb948160cb1 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js	1.3 MB	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen27 Hash 490e2962a5e8dcb1ffa51d2ea4dab1c2 b3ae0abe5c59da07be938923e05e2da53ee2685a 24573626435ac4aef93f207169afee030de75f86bad78d86a48962ac3e988e25 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/api.js	708 B	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/api.js IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen40 Hash a14455948d94f9a9ed0255ddffdc1eef cd95e227eb30c684473c1e26101bfbe1ce8f3137 e88fe96181aaff74f1fae525dab9641052853f643711f87e2307ed1cca4266b1 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html	68 B	2023-03-07	2024-04-06
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2024-04-06 19:22:00 Times Seen41 Hash e9b901c2efdf825332443f6125ac235a 50b0a91ce79f263c8a802096158cdbacd2660474 be65c20e36b71b50d335c36ef1cddb3c181f666c3e8daf543d0bddf27b207519 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html	10 kB	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen21 Hash c4a6c9740d64f6b1635d72e9ebf66125 653722c36a050c05acd3fa29cbd3e04c437a2e53 c44bd95de33218ef62725bebe71e05235ce9574749dcf8c7c1dc6cc0e03fb72c Loading...

HTTP Transactions (66)

URL IP Response Size

rivierapub.fr/css/files/reboot/login/login.php

213.186.33.18

200 OK

6.6 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/login.php
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1470), with CRLF line terminators
Size
6.6 kB (6643 bytes)
Hash
5e088de29cab8e4ffa106f8dcf0550c4
82f8ded8ab3abb0f17c482b5722316f5cda4b0e0
55405d6b78093b6dc176b6c2efcf83a9f82fef12797c102952966a6a5df988be

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
openphish	The Union Bank of the Philippines
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ETPRO PHISHING Union Bank of the Philippines Phish Landing Page 2022-02-15

HTTP Headers

GET /css/files/reboot/login/login.php HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:45 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:49E4_D5BA2112:0050_63D95FF9_AD37:21746
x-iplb-instance: 27928

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9293
Expires: Tue, 31 Jan 2023 21:12:38 GMT
Date: Tue, 31 Jan 2023 18:37:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6809
Expires: Tue, 31 Jan 2023 20:31:14 GMT
Date: Tue, 31 Jan 2023 18:37:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 17:43:18 GMT
content-type: application/json
age: 3267
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3411
Expires: Tue, 31 Jan 2023 19:34:36 GMT
Date: Tue, 31 Jan 2023 18:37:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: yTJeOdJBfMpeM1lROxFQmkiwxe1CRIH175Ht7i5VVu3huceXSYEmFMMrnWRuURsZXJP8+BxYJE4=
x-amz-request-id: RTKY5M5AFS34XYGX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 17:51:15 GMT
age: 2791
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/script.js

213.186.33.18

200 OK

210 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/script.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
210 B (210 bytes)
Hash
7fc44b302d965a8942e3995ab61398f7
29ff2ae99f7cbaa592d66a08770b479ca323ea0f
101f8e0b59294b76959c7ccd61922d7d0ce1dee999368a7c5ece5265fe1e9504

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/script.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
content-length: 210
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:49E4_D5BA2112:0050_63D95FF9_AD39:21746
x-iplb-instance: 27928

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

104.17.25.14

200 OK

5.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
troff or preprocessor input, ASCII text, with very long lines (372)
Size
5.9 kB (5884 bytes)
Hash
aa712f2a9ab349290ddbc871138b13ba
2be3765114dbce70c84786dd7d2838c7edce486c
84dce905b67560d91a9993771337d6e5946c7f1e502b5bf06fb0ef6d34b97b57

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: text/css; charset=utf-8
content-length: 5884
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-9226"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1036662
expires: Sun, 21 Jan 2024 18:37:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8cu3N9r7LOWncUYojVS1TqgGszGLHNzNi%2B7JQhKXBr5n2ySSRc2DWKtuW6Rbf75vORyUfkuxEbPDDd0Svqse8pNxi%2FjXNv27k2U7kANEg1cOgyGaXk0XKOqplM%2Bvm5vkm5q1fsJ5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79248f7acf480afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)

213.186.33.18

200 OK

3.2 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (2088)
Size
3.2 kB (3224 bytes)
Hash
bed46e0f7a43ef971658bde3da164aea
d4a3512ba6112886f55def602aad237dc2709501
3f6cfb2a107314566e4293ba29234e305a8d9e35dd8670fb41cbacc78f3bf22f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/sdk.js(1) HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-length: 3224
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:29 GMT
accept-ranges: bytes
x-iplb-request-id: 5B5A2A9A:2DB0_D5BA2112:0050_63D95FFA_E332:6B05
x-iplb-instance: 27925

rivierapub.fr/css/files/reboot/login/unionbank_files/api.js

213.186.33.18

200 OK

477 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/api.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (708), with no line terminators
Size
477 B (477 bytes)
Hash
46dd665b0ba594a9516d197417ae615c
ee09935166c1cbc3193004c8d1c554d537db3e8d
948c88110e9c152ca42ac39a9c727f1e23b011856566aaddb5fa0f706daeca76

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/api.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
content-length: 477
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:993B_D5BA2112:0050_63D95FFA_144C5:A3A2
x-iplb-instance: 27924

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.css

213.186.33.18

200 OK

200 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
200 B (200 bytes)
Hash
c4f781837ac655ab868f76ebd0aa001c
1d792cae3ea99a6ccfc76761672ecac9f6ce47c3
2982815644bab9c7ebbec9a3e5adb18288054b91ca05e85c189f5e592778ea5a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: text/css
content-length: 200
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:FE75_D5BA2112:0050_63D95FFA_29D0:A39C
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.css

213.186.33.18

200 OK

680 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (3822)
Size
680 B (680 bytes)
Hash
8f497d424c58298907a2a7654b87f113
8755f92cbf5bdbefd767382b17922e05bfa50f9f
1fd3df798d205c39b40c3de2ad945501c1a38b119d5e9dcbd3a41766f30a4e94

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: text/css
content-length: 680
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:2DB0_D5BA2112:0050_63D95FFA_E333:6B05
x-iplb-instance: 27925

rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

94 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (65468)
Size
94 kB (93877 bytes)
Hash
19018a0fd8f7b7ad4cfcc368dc82efee
b1e43c65f5078dd0c4a56516fa45a898b34d8453
ef738d8f6c6db55c8a9c179874e2ce3b2e4455b0575407f29367cd85c0af8c6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:49E4_D5BA2112:0050_63D95FFA_AD40:21746
x-iplb-instance: 27928

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

142.250.74.138

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32089)
Size
33 kB (33018 bytes)
Hash
bf899cc5ba60c522341e4d712a5246bf
2c92c54c9919c8b81b4e77a97bfd4d8f202e1a6a
4f8b9bf1630c24cf17444ec093052451c370c9371212db74b4bf8b4fd71a2817

HTTP Headers

GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33018
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 15:42:19 GMT
expires: Tue, 30 Jan 2024 15:42:19 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 96927
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

250 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (32811), with LF, NEL line terminators
Size
250 kB (249453 bytes)
Hash
409b470a0b27aad7c1a6eb62883ac9dc
af0ba6f243fadc39009ae661e43986846aea34f6
152d10260284db5325893ec8be3df615b1dab0131132b4ac384dd02005db5d02

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:49E4_D5BA2112:0050_63D95FFA_AD42:21746
x-iplb-instance: 27928

rivierapub.fr/css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:29 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:C6B3_D5BA2112:0050_63D95FFA_2636:73EE
x-iplb-instance: 27929

rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.css

213.186.33.18

200 OK

471 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
data
Size
471 B (471 bytes)
Hash
0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e

HTTP Headers

GET /css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: text/css
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:4A51_D5BA2112:0050_63D95FFA_1382C:22A9B
x-iplb-instance: 27927

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3084
Cache-Control: max-age=118960
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:46 GMT
Etag: "63d8819e-118"
Expires: Thu, 02 Feb 2023 03:40:26 GMT
Last-Modified: Tue, 31 Jan 2023 02:49:02 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280

rivierapub.fr/css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

1.1 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
data
Size
1.1 kB (1069 bytes)
Hash
dacbf0511b93986561675cc4721b4065
08bce1a4068e513731aa2b7baa4196c27351612f
86435a3518b41ad3e22a463e158cdf5fb560fec4e2a8f5172744ef2a42deb80a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:C6B3_D5BA2112:0050_63D95FFA_2635:73EE
x-iplb-instance: 27929

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 17:49:04 GMT
age: 2922
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Tue, 31 Jan 2023 19:16:44 GMT
Date: Tue, 31 Jan 2023 18:37:46 GMT
Connection: keep-alive

rivierapub.fr/css/files/reboot/login/style.css

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/style.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/style.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 301 Moved Permanently
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://rivierapub.fr/css/files/reboot/login/style.css
x-iplb-request-id: 5B5A2A9A:2DB0_D5BA2112:0050_63D95FFA_E334:6B05
x-iplb-instance: 27925

rivierapub.fr/css/files/reboot/login/unionbank_files/77bcca0a353436ad0ea0.png

213.186.33.18

200 OK

84 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/77bcca0a353436ad0ea0.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 3509 x 2482, 8-bit/color RGBA, non-interlaced\012- data
Size
84 kB (84281 bytes)
Hash
b64412453cb5996f63de49d397617504
d908c3f17df3c7c1287438c1f2690e43dd3e91d5
98beb0e665f5d2724b955f00a4b80a0c5db2ba5bb8830054482a75c4384eedaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/77bcca0a353436ad0ea0.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: image/png
content-length: 84281
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
x-iplb-request-id: 5B5A2A9A:993B_D5BA2112:0050_63D95FFA_144D0:A3A2
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png

213.186.33.18

200 OK

7.1 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 140 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
7.1 kB (7050 bytes)
Hash
6c52619633aaf102bd2a577e2688fa86
83296c14c2b7c884714936baf650d47325aaf894
032cf6c781dfb488e0e19248594759087e8c2d9a18d356b977b8da35a7b20649

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: image/png
content-length: 7050
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
x-iplb-request-id: 5B5A2A9A:C6B3_D5BA2112:0050_63D95FFA_2638:73EE
x-iplb-instance: 27929

rivierapub.fr/css/files/reboot/login/unionbank_files/1200px-Unionbank_2018_logo.svg.png

213.186.33.18

200 OK

21 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/1200px-Unionbank_2018_logo.svg.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 1200 x 368, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20846 bytes)
Hash
70f65465e7c6d090d9277be5ce120b45
8ce111118f53f497079d066a4216f61b72347b87
2e916e6e4167cd80e0f126a9d67f8c4f40af081e5d28e56516fbe492700f5fc8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/1200px-Unionbank_2018_logo.svg.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: image/png
content-length: 20846
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
x-iplb-request-id: 5B5A2A9A:FE75_D5BA2112:0050_63D95FFA_29D4:A39C
x-iplb-instance: 27924

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3a7a2ac0ca8484742a93affb45fc9b70
7ad5dd5cecc7cbe7b32da190ac7368b0c6f7a26f
aff04d0a135d86a0b0a5bcf3b3337de66e3918e3e0c0107d60861b2cac85b9a0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AFF04D0A135D86A0B0A5BCF3B3337DE66E3918E3E0C0107D60861B2CAC85B9A0"
Last-Modified: Tue, 31 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21534
Expires: Wed, 01 Feb 2023 00:36:40 GMT
Date: Tue, 31 Jan 2023 18:37:46 GMT
Connection: keep-alive

push.services.mozilla.com/

54.149.93.186

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.93.186:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 85aC0QC5k7TkEauSGNNb3w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AsoNCN5I77nVEGclkVKJcFsZoYY=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4077
Expires: Tue, 31 Jan 2023 19:45:45 GMT
Date: Tue, 31 Jan 2023 18:37:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4077
Expires: Tue, 31 Jan 2023 19:45:45 GMT
Date: Tue, 31 Jan 2023 18:37:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4077
Expires: Tue, 31 Jan 2023 19:45:45 GMT
Date: Tue, 31 Jan 2023 18:37:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4077
Expires: Tue, 31 Jan 2023 19:45:45 GMT
Date: Tue, 31 Jan 2023 18:37:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13853 bytes)
Hash
d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUGjUSIkoacdmaO1jnMwIuNMONhjyVfAIcTQ3B5d5da_g9eEnCtW7g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:17 GMT
age: 74971
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12507 bytes)
Hash
5190c0bdc6abe0ee258e9f8c20ddaf51
d60f280f8a742480527dbc32d08f321f972d4fcf
874b38a04aa3736e65aaef72da2cc2efceb208618267107a495bdfe51ec58e58

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12507
x-amzn-requestid: 85c9adcd-b997-48ca-bbfb-ccdeaf3e8cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFaJoAMFqKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-2bcdd8c353d8429d2b1e95f6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yDsY-3qpBlHMG9YWRQNiMNN3Ml1H4xQNKIO3D9u57sOPFW5hu_bQXQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:54:44 GMT
age: 74584
etag: "d60f280f8a742480527dbc32d08f321f972d4fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9987 bytes)
Hash
2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gif_csWkacU59D_hnOrJpK6u2aPI8Ylf2JyQEJZ2RLNMCrXSmmMa9w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:56:35 GMT
age: 60073
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11129 bytes)
Hash
2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:50:52 GMT
age: 53216
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6844 bytes)
Hash
976dda397f9292a498ca9db5599c0378
dad9e9c3462907a2475046aee36d57f8309cd44e
7ed9ccf2ff75ca53f5ba56a1d2127e0f09b0ae941cad8b042e8df01ad01e614b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6844
x-amzn-requestid: 0542cf46-5045-459f-a35f-f6c0d3f5f7b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flZsxH0YIAMF9ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86feb-692d50f710a131df2ee49aa8;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oLMUuQVwUyKMuYAvTkA4wlVDb3-kZjStTJFfUZRb7JwKcK11waY0kQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:42:39 GMT
age: 60909
etag: "dad9e9c3462907a2475046aee36d57f8309cd44e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8558 bytes)
Hash
e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R29JYq4Z8V_Xuq2no0bKxk1K6h2PmTO5OSxzMa4zppDVk3j9rO9aTw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:24:36 GMT
age: 54792
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html

213.186.33.18

200 OK

9.8 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10169)
Size
9.8 kB (9754 bytes)
Hash
11a17050b89dd812fe29f5c3c973081a
eec8122840759b1037d5a93be304fb8aa7e3431c
0755e5452a877151eeaf0c6163657c974532f32229e5cf10df3c8f683af48585

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/anchor.html HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:49 GMT
content-type: text/html
content-length: 9754
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:993B_D5BA2112:0050_63D95FFA_144E8:A3A2
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/saved_resource(1).html

213.186.33.18

200 OK

148 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/saved_resource(1).html
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
148 B (148 bytes)
Hash
2e564a3905e8c87687ee0bd0b05ee76a
41e908564ec62189439e245c46b4e3efc2eebd5c
25125843e939ebb13040693deab070e1301d8cd4cbb364fef81d99788bc800c4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/saved_resource(1).html HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:49 GMT
content-type: text/html
content-length: 148
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:C6B3_D5BA2112:0050_63D95FFA_263D:73EE
x-iplb-instance: 27929

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rivierapub.fr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 03:13:04 GMT
expires: Fri, 26 Jan 2024 03:13:04 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 487485
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/styles__ltr.css

213.186.33.18

200 OK

26 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/styles__ltr.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (50696), with no line terminators
Size
26 kB (25550 bytes)
Hash
ca5350ed9a4d4472bdbc0f04b81094e4
c33e8ed8a0c934225f54a0782750289082e060fb
3377025fa55128ffe598611154e05d0cab872cf792c8a1f5bd8ccdd7c15c9ce4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/styles__ltr.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:49 GMT
content-type: text/css
content-length: 25550
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:29 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:49 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:993B_D5BA2112:0050_63D95FFD_1456F:A3A2
x-iplb-instance: 27924

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rivierapub.fr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 12:46:12 GMT
expires: Mon, 29 Jan 2024 12:46:12 GMT
cache-control: public, max-age=31536000
age: 193897
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a72c84c41c5e0adf55862720ffab859c
671408b7eb5f09e4a2dac07a7ee2150ea7be1972
0aada318970f4e1d24d6411787b9f43b8ce0c1d64d76b61b5ac0589a1323f066

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4476
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Last-Modified: Tue, 31 Jan 2023 17:23:13 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 31 Jan 2023 17:46:59 GMT
expires: Tue, 31 Jan 2023 19:46:59 GMT
cache-control: public, max-age=7200
age: 3050
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

rivierapub.fr/css/files/reboot/login/unionbank_files/background.png

213.186.33.18

200 OK

4.0 MB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/background.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 2054 x 1297, 8-bit/color RGB, non-interlaced\012- data
Size
4.0 MB (4034936 bytes)
Hash
b96ca6c086ae1da6eb5a5d1de5e0f3ad
a122544b2c6afd43e071ea3590cc4b37c05316b8
6aa4661e2ad0927c9c8bcadea3e57a5642798572f44a7bd411d12a4b3815be30

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/background.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:49 GMT
content-type: image/png
content-length: 4034936
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:49 GMT
x-iplb-request-id: 5B5A2A9A:FE75_D5BA2112:0050_63D95FFA_29E2:A39C
x-iplb-instance: 27924

connect.facebook.net/en_US/sdk.js?hash=43076a9dd9f24fdb8cd3e0cc0cc4be7a

157.240.205.11

200 OK

88 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=43076a9dd9f24fdb8cd3e0cc0cc4be7a
IP
157.240.205.11:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (18530)
Size
88 kB (88413 bytes)
Hash
0775219405912a60198bf04a09b2a9db
e55456a719823b8ae1d81a638496865d5f97a22e
df572bfa2def8caf47b3e433041ad9e4b5908869a70a048d06cc4c48277cf3e2

HTTP Headers

GET /en_US/sdk.js?hash=43076a9dd9f24fdb8cd3e0cc0cc4be7a HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rivierapub.fr
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 644e2cafbdb97b84fb82946810c31649
etag: "60db35edf1a6415237fe967820c8439f"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 30 Jan 2024 12:36:43 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: B3UhlAWRKmAZi/BKCbKp2w==
x-fb-debug: 9QSpeGUk87ILDY+njgXJQFQKIu9qCjRT1BEIuBDpOozfZ+mOZj6uvGRHR740jIx6HisZiti9bIluo1LVDjD3Ag==
priority: u=3,i
content-length: 88413
x-fb-trip-id: 1679558926
date: Tue, 31 Jan 2023 18:37:49 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js

142.250.74.99

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
4926634f3217cdd97e97202504c0c3b7
f7ea00d740096e4e17e8d884b177d47004bea11e
4dc4be86e5dfd0ab45d7c2235760fe07f49bbfabf1c108c8ddae955aa5760a91

HTTP Headers

GET /recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Tue, 31 Jan 2023 18:37:49 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a72c84c41c5e0adf55862720ffab859c
671408b7eb5f09e4a2dac07a7ee2150ea7be1972
0aada318970f4e1d24d6411787b9f43b8ce0c1d64d76b61b5ac0589a1323f066

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4476
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 18:37:49 GMT
Last-Modified: Tue, 31 Jan 2023 17:23:13 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html

HTTP/1.1 301 Moved Permanently
date: Tue, 31 Jan 2023 18:37:49 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
x-iplb-request-id: 5B5A2A9A:4A51_D5BA2112:0050_63D95FFA_13834:22A9B
x-iplb-instance: 27927

rivierapub.fr/css/files/reboot/login/style.css

213.186.33.18

301 Moved Permanently

299 kB

URL HTTP/2
rivierapub.fr/css/files/reboot/login/style.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26343), with CRLF, LF line terminators
Size
299 kB (299140 bytes)
Hash
64a7874f6deb95b81399bf25fd41dd41
7214005d966626abe8e7eed806df2eb71cfcf8f9
435c0a43405896d44e280c9ce5a6e47c84994c40fbc827fcdce2cb92c345f7ba

HTTP Headers

GET /css/files/reboot/login/style.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Tue, 31 Jan 2023 18:37:47 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/style.css
X-Firefox-Spdy: h2

www.rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download

213.186.33.18

404 Not Found

299 kB

URL HTTP/2
www.rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26343), with CRLF, LF line terminators
Size
299 kB (299312 bytes)
Hash
756d5903b292c623604b164f02829c32
cc40e35770c8613cdd981f77a1bb589a7b3269cc
28075ce90f61875905c6619dc56494a3f7cfe2f8af55a169e8913c49921d86a8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/recaptcha__en.js.download HTTP/1.1
Host: www.rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
date: Tue, 31 Jan 2023 18:37:51 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.rivierapub.fr/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico

213.186.33.18

301 Moved Permanently

15 kB

URL HTTP/2
rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /css/files/reboot/login/unionbank_files/favicon.ico HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Tue, 31 Jan 2023 18:37:50 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/1.1
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rivierapub.fr
Connection: keep-alive
Referer: http://rivierapub.fr/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 27 Jan 2023 03:41:55 GMT
Expires: Sat, 27 Jan 2024 03:41:55 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT
Content-Type: font/woff2
Age: 399356

rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/2
rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/recaptcha__en.js.download HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Tue, 31 Jan 2023 18:37:50 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.10.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 03/12/2022 14:32:07
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: d59b1bc690982b057c0e17bb58696d82
cdn-cache: HIT
cf-cache-status: HIT
age: 1641582
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79248f7d4c550b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/2
rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Tue, 31 Jan 2023 18:37:50 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:993B_D5BA2112:0050_63D95FFA_144C6:A3A2
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Tue, 31 Jan 2023 18:37:46 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Tue, 31 Jan 2023 18:52:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:FE75_D5BA2112:0050_63D95FFA_29D3:A39C
x-iplb-instance: 27924

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by