Report - rivierapub.fr/css/files/reboot/login/login.php

Report Overview

Submitted URL
rivierapub.fr/css/files/reboot/login/login.php
IP
213.186.33.18
ASN
#16276 OVH SAS
Submitted
2023-02-01 02:40:43
Access
Website Title
Final URL
Tags
union_bank financial phishing
urlquery detections
Phishing - Union Bank

Detections

urlquery
41
Network Intrusion Detection
1
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.89.193.125
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	388 B	984 B	142.250.74.138
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.76.226
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	142.250.74.131
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	406 B	1.7 kB	142.250.74.106
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	70 kB	34.120.237.76
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	369 B	21 kB	142.250.74.46
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	430 B	89 kB	31.13.72.12
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	416 B	6.9 kB	104.17.25.14
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-13T07:25:00Z	413 B	947 B	104.18.11.207
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.4 kB	93.184.220.29
www.rivierapub.fr	unknown	2016-01-11T19:13:13Z	2023-03-12T01:05:26Z	868 B	300 kB	213.186.33.18
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	956 B	33 kB	216.58.207.227
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	408 B	2.0 kB	142.250.74.35
rivierapub.fr	unknown	2017-01-29T12:48:47Z	2023-03-12T01:05:26Z	10 kB	4.6 MB	213.186.33.18
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-01 02:40:51	high	213.186.33.18	Client IP	ETPRO PHISHING Union Bank of the Philippines Phish Landing Page 2022-02-15

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	rivierapub.fr/css/files/reboot/login/login.php	The Union Bank of the Philippines

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/login.php	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/script.js	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/api.js	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download	Phishing
2023-02-01	medium	www.rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download	Phishing
2023-02-01	medium	rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	unknown	67 kB	2023-03-13	2023-03-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:47:17 Last Seen2023-03-13 13:47:17 Times Seen1 Hash bb7d014a91cc207df714cc48047e606c 084f772e2dc2b3ca4039fb8fc8ad49ccf015df6d 568094e5fa0d30d155c05ae2cc060ef98c7631839a4bc14eea2c39763a48e33d Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js	1.3 MB	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen32 Hash 507063643ab7d92bb142e5d95e8569c6 bf12da9b7e9cd816cfe4c31e28500e10a783e55b f716f9ec048441e37bfaed734ca9fbbd3ac496b736f684dbcb1b736978ed38e8 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js	1.3 MB	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/components.1bf376f9696bfb8874af.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen27 Hash 490e2962a5e8dcb1ffa51d2ea4dab1c2 b3ae0abe5c59da07be938923e05e2da53ee2685a 24573626435ac4aef93f207169afee030de75f86bad78d86a48962ac3e988e25 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/api.js	708 B	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/api.js IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen40 Hash a14455948d94f9a9ed0255ddffdc1eef cd95e227eb30c684473c1e26101bfbe1ce8f3137 e88fe96181aaff74f1fae525dab9641052853f643711f87e2307ed1cca4266b1 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html	68 B	2023-03-07	2024-04-06
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2024-04-06 19:22:00 Times Seen41 Hash e9b901c2efdf825332443f6125ac235a 50b0a91ce79f263c8a802096158cdbacd2660474 be65c20e36b71b50d335c36ef1cddb3c181f666c3e8daf543d0bddf27b207519 Loading...

	rivierapub.fr/css/files/reboot/login/script.js	393 B	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/script.js IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:23 Last Seen2023-08-17 17:35:39 Times Seen26 Hash 6a2e6dbb7e1b3f957d2cb45fb492668e f2680b4bf9b43296032575e74c6f522073c088b2 953ff524a462191b00e7966089eb722ce2f7d32334c603ebe06298b2ae5ba958 Loading...

	unknown	0 B	2023-03-07	2024-04-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 11:01:37 Times Seen37018737 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)	3.2 kB	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1) IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen38 Hash bed46e0f7a43ef971658bde3da164aea d4a3512ba6112886f55def602aad237dc2709501 3f6cfb2a107314566e4293ba29234e305a8d9e35dd8670fb41cbacc78f3bf22f Loading...

	rivierapub.fr/css/files/reboot/login/login.php	603 B	2023-03-07	2023-08-17
Pretty URL rivierapub.fr/css/files/reboot/login/login.php IP 213.186.33.18 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:24 Last Seen2023-08-17 17:35:39 Times Seen23 Hash 125f1d997065c052e3cca3c96f62370f 2f05e9985574278754d59addf2e5b10d90e316a2 d2e58df91b33affa22f9ddbd3c244d177b9ca5f1a69d25a39b0ed34d41d0b3fe Loading...

HTTP Transactions (68)

URL IP Response Size

rivierapub.fr/css/files/reboot/login/login.php

213.186.33.18

200 OK

6.6 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/login.php
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1470), with CRLF line terminators
Size
6.6 kB (6643 bytes)
Hash
5e088de29cab8e4ffa106f8dcf0550c4
82f8ded8ab3abb0f17c482b5722316f5cda4b0e0
55405d6b78093b6dc176b6c2efcf83a9f82fef12797c102952966a6a5df988be

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
openphish	The Union Bank of the Philippines
fortinet	Phishing

NIDS	Severity	Alert
suricata	high	ETPRO PHISHING Union Bank of the Philippines Phish Landing Page 2022-02-15

HTTP Headers

GET /css/files/reboot/login/login.php HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:31 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:984B_D5BA2112:0050_63D9D11F_3ECD:B3DD
x-iplb-instance: 27923

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10262
Expires: Wed, 01 Feb 2023 05:31:33 GMT
Date: Wed, 01 Feb 2023 02:40:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16892
Expires: Wed, 01 Feb 2023 07:22:03 GMT
Date: Wed, 01 Feb 2023 02:40:31 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 01:43:23 GMT
content-type: application/json
age: 3428
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3028
Expires: Wed, 01 Feb 2023 03:30:59 GMT
Date: Wed, 01 Feb 2023 02:40:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: mKZUwzQtpYBiYAiRMBmxMFkDbseoXwKm86KOR37qniR0wGMSJ/dahLhcWdt0qLf9ed4wNfGfGho=
x-amz-request-id: 8FW105BF6BBPJJKJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 02:22:27 GMT
age: 1085
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/script.js

213.186.33.18

200 OK

210 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/script.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
210 B (210 bytes)
Hash
7fc44b302d965a8942e3995ab61398f7
29ff2ae99f7cbaa592d66a08770b479ca323ea0f
101f8e0b59294b76959c7ccd61922d7d0ce1dee999368a7c5ece5265fe1e9504

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/script.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/javascript
content-length: 210
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:984B_D5BA2112:0050_63D9D11F_3ECE:B3DD
x-iplb-instance: 27923

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

104.17.25.14

200 OK

5.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
troff or preprocessor input, ASCII text, with very long lines (372)
Size
5.9 kB (5884 bytes)
Hash
aa712f2a9ab349290ddbc871138b13ba
2be3765114dbce70c84786dd7d2838c7edce486c
84dce905b67560d91a9993771337d6e5946c7f1e502b5bf06fb0ef6d34b97b57

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: text/css; charset=utf-8
content-length: 5884
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-9226"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1065628
expires: Mon, 22 Jan 2024 02:40:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k67OMzhEhgxCt6L%2B9pTxcpvATIg0py9N31DATzs6336SS7exr6wy6m84QvELCd24AbZ6jCO%2BHohYBvExXEBqrhNknATC%2FFwYYrDv8Jce5wvgf9lyJSfMh2ajXZorXp0kDrB1jD0y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 792752a89f130b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/api.js

213.186.33.18

200 OK

477 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/api.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (708), with no line terminators
Size
477 B (477 bytes)
Hash
46dd665b0ba594a9516d197417ae615c
ee09935166c1cbc3193004c8d1c554d537db3e8d
948c88110e9c152ca42ac39a9c727f1e23b011856566aaddb5fa0f706daeca76

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/api.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/javascript
content-length: 477
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:488A_D5BA2112:0050_63D9D120_1DE5:75A2
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.css

213.186.33.18

200 OK

680 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (3822)
Size
680 B (680 bytes)
Hash
8f497d424c58298907a2a7654b87f113
8755f92cbf5bdbefd767382b17922e05bfa50f9f
1fd3df798d205c39b40c3de2ad945501c1a38b119d5e9dcbd3a41766f30a4e94

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: text/css
content-length: 680
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:984B_D5BA2112:0050_63D9D120_3ED3:B3DD
x-iplb-instance: 27923

rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.css

213.186.33.18

200 OK

200 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
200 B (200 bytes)
Hash
c4f781837ac655ab868f76ebd0aa001c
1d792cae3ea99a6ccfc76761672ecac9f6ce47c3
2982815644bab9c7ebbec9a3e5adb18288054b91ca05e85c189f5e592778ea5a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: text/css
content-length: 200
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:6C4A_D5BA2112:0050_63D9D120_62AF:3FCD
x-iplb-instance: 27925

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

94 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (65468)
Size
94 kB (93877 bytes)
Hash
19018a0fd8f7b7ad4cfcc368dc82efee
b1e43c65f5078dd0c4a56516fa45a898b34d8453
ef738d8f6c6db55c8a9c179874e2ce3b2e4455b0575407f29367cd85c0af8c6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/12.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:505F_D5BA2112:0050_63D9D120_143F9:1C4E4
x-iplb-instance: 27926

rivierapub.fr/css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

101 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (38258)
Size
101 kB (101248 bytes)
Hash
adce3602de6cc5400042843a7ec47a11
32a73f9352523442918914e43d618e37f3b71da8
02b5e510ed1709166ad4901be0b8c39932a2b836af134a3f8d66e6794286a1d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/14.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:984B_D5BA2112:0050_63D9D120_3ED4:B3DD
x-iplb-instance: 27923

rivierapub.fr/css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

224 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (57168)
Size
224 kB (224032 bytes)
Hash
ef911797cabc3aea74bf896f4bf965fe
d36a8da6a68dd1e0404fefea90622bad4f9c7133
a8bb4a7114d3ac309167ee8183d440ce8c4e01785fd5616bcb7a434445b9dd32

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/base.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:D43B_D5BA2112:0050_63D9D120_80B2:2C859
x-iplb-instance: 27922

rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/7.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:488A_D5BA2112:0050_63D9D120_1DE6:75A2
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)

213.186.33.18

200 OK

3.2 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/sdk.js(1)
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (2088)
Size
3.2 kB (3224 bytes)
Hash
bed46e0f7a43ef971658bde3da164aea
d4a3512ba6112886f55def602aad237dc2709501
3f6cfb2a107314566e4293ba29234e305a8d9e35dd8670fb41cbacc78f3bf22f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/sdk.js(1) HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-length: 3224
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:29 GMT
accept-ranges: bytes
x-iplb-request-id: 5B5A2A9A:984B_D5BA2112:0050_63D9D120_3ED5:B3DD
x-iplb-instance: 27923

rivierapub.fr/css/files/reboot/login/unionbank_files/1.1bf376f9696bfb8874af.css

213.186.33.18

200 OK

505 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/1.1bf376f9696bfb8874af.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (741)
Size
505 B (505 bytes)
Hash
728411392aaecc12d4f6e7e25486f913
3912d707b4de8f469626cedca604f0e12cf7592d
f5d8d1120999d984080b0276602c0dec5b36534cfdf47a03233f17c99ff02e71

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/1.1bf376f9696bfb8874af.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: text/css
content-length: 505
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:488A_D5BA2112:0050_63D9D120_1DE8:75A2
x-iplb-instance: 27924

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2263
Cache-Control: max-age=89173
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:32 GMT
Etag: "63d8819e-118"
Expires: Thu, 02 Feb 2023 03:26:45 GMT
Last-Modified: Tue, 31 Jan 2023 02:49:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 01:49:04 GMT
age: 3088
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,700|Open+Sans:300

142.250.74.106

200 OK

1.1 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,700|Open+Sans:300
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.1 kB (1069 bytes)
Hash
dacbf0511b93986561675cc4721b4065
08bce1a4068e513731aa2b7baa4196c27351612f
86435a3518b41ad3e22a463e158cdf5fb560fec4e2a8f5172744ef2a42deb80a

HTTP Headers

GET /css?family=Roboto:400,700|Open+Sans:300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 02:40:32 GMT
date: Wed, 01 Feb 2023 02:40:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17473
Expires: Wed, 01 Feb 2023 07:31:45 GMT
Date: Wed, 01 Feb 2023 02:40:32 GMT
Connection: keep-alive

rivierapub.fr/css/files/reboot/login/style.css

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/style.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/style.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://rivierapub.fr/css/files/reboot/login/style.css
x-iplb-request-id: 5B5A2A9A:6C4A_D5BA2112:0050_63D9D120_62B0:3FCD
x-iplb-instance: 27925

rivierapub.fr/css/files/reboot/login/unionbank_files/1200px-Unionbank_2018_logo.svg.png

213.186.33.18

200 OK

21 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/1200px-Unionbank_2018_logo.svg.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 1200 x 368, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20846 bytes)
Hash
70f65465e7c6d090d9277be5ce120b45
8ce111118f53f497079d066a4216f61b72347b87
2e916e6e4167cd80e0f126a9d67f8c4f40af081e5d28e56516fbe492700f5fc8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/1200px-Unionbank_2018_logo.svg.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: image/png
content-length: 20846
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
x-iplb-request-id: 5B5A2A9A:488A_D5BA2112:0050_63D9D120_1DED:75A2
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png

213.186.33.18

200 OK

7.1 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 140 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
7.1 kB (7050 bytes)
Hash
6c52619633aaf102bd2a577e2688fa86
83296c14c2b7c884714936baf650d47325aaf894
032cf6c781dfb488e0e19248594759087e8c2d9a18d356b977b8da35a7b20649

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/6c52619633aaf102bd2a577e2688fa86.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: image/png
content-length: 7050
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
x-iplb-request-id: 5B5A2A9A:D43B_D5BA2112:0050_63D9D120_80BA:2C859
x-iplb-instance: 27922

rivierapub.fr/css/files/reboot/login/unionbank_files/77bcca0a353436ad0ea0.png

213.186.33.18

200 OK

84 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/77bcca0a353436ad0ea0.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 3509 x 2482, 8-bit/color RGBA, non-interlaced\012- data
Size
84 kB (84281 bytes)
Hash
b64412453cb5996f63de49d397617504
d908c3f17df3c7c1287438c1f2690e43dd3e91d5
98beb0e665f5d2724b955f00a4b80a0c5db2ba5bb8830054482a75c4384eedaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/77bcca0a353436ad0ea0.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: image/png
content-length: 84281
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
x-iplb-request-id: 5B5A2A9A:505F_D5BA2112:0050_63D9D120_14404:1C4E4
x-iplb-instance: 27926

push.services.mozilla.com/

52.89.193.125

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.193.125:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6PUn16MmOf0UwZ4+AJCqSw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: d4Yyk71CwYlngaPg1PdDGgJruM0=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ef3c22d24621673a210abf9208b5050d
4584c88867cb36c9081195aeec08f9f84d322102
11a241192763c56911e72b6052df2f1a3bead3e5fd8483b6c6fc89d8afe7ec80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11A241192763C56911E72B6052DF2F1A3BEAD3E5FD8483B6C6FC89D8AFE7EC80"
Last-Modified: Tue, 31 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 01 Feb 2023 08:40:33 GMT
Date: Wed, 01 Feb 2023 02:40:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3581
Expires: Wed, 01 Feb 2023 03:40:15 GMT
Date: Wed, 01 Feb 2023 02:40:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3581
Expires: Wed, 01 Feb 2023 03:40:15 GMT
Date: Wed, 01 Feb 2023 02:40:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3581
Expires: Wed, 01 Feb 2023 03:40:15 GMT
Date: Wed, 01 Feb 2023 02:40:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3581
Expires: Wed, 01 Feb 2023 03:40:15 GMT
Date: Wed, 01 Feb 2023 02:40:34 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6819 bytes)
Hash
ec7e808a5e82552c46c3417a5b32b836
f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd
f16d982224dfeb0753eaf9d4eb87d80fd1111f682fd8fa36f3177aad5bf926a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6819
x-amzn-requestid: a0368695-4182-40bd-9a28-c50ae783a7a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRHGnoAMF0Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-624285eb16110b8c2360dec5;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4MpUHqMYJoNA7QuRuQwbJIodNkhizq6EL5SPbIoSKFQjtoAKQgLuEg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:25 GMT
age: 17349
etag: "f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d72f205-6434-46dc-85c2-d0bf41653e1f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8415 bytes)
Hash
6544847aa1270cea1c780e4ee562f2a2
7be75a9f2e5f9e945f60a20a5da70849ad32f72d
d820b25b833d644358c0d9d5a3dc05817770095c06a098a6fc8ed9b7230c80e3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d72f205-6434-46dc-85c2-d0bf41653e1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8415
x-amzn-requestid: 0d44aaae-d472-410f-9438-7527da366b10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCuGHRqoAMFxeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e4c0-7e7330ab2de5c1ba3e87df4b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:15:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zPgCVRUn1Y1HukfmbqB_Pl8L9lNUQfaFWMcIYh-vFn_Z8pM9MFsOhw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 05:03:01 GMT
age: 77853
etag: "7be75a9f2e5f9e945f60a20a5da70849ad32f72d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15656 bytes)
Hash
a4392f298c9e98515493f1235810838f
b89eebf2b8adac69487262100b07da8bc171ecf7
b368d87d3a0fe4e1a8ddc82bed704b3056ad2874b8d325111b399b18807c1e5e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15656
x-amzn-requestid: 6723d22f-8b16-4fb2-af92-9b3257fc2a1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIHpRoAMFRYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-03b1c6646f63ba716a6298e1;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fLrUWOhE6x_v3sqe6kr1hacSgt9H53ld51XXKvh7dL04gc-NDJKmOg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 07:25:12 GMT
age: 69322
etag: "b89eebf2b8adac69487262100b07da8bc171ecf7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3e99cd9-0681-47a5-bd03-80ff73a169b8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (14809 bytes)
Hash
1ad49e3ca0f9935c7ff8f922039e5864
6382ee41cb26e42293e1ba5d9f0d3af64ddb672c
7a838e4e1aff60581fbf939920955ea67dae8fb3fa4e31572787c773404d071e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3e99cd9-0681-47a5-bd03-80ff73a169b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14809
x-amzn-requestid: fc920367-4bb1-40fd-9f1d-1d50b27cfc77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaXEQEoAMF3Zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-0f70e0252fc3a3e5248bb372;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8SGqBRt27x1A3p1Z55UzPW8myS3BPu1ows_X76xLB8KY5xNnfs1pUw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:45:15 GMT
age: 17719
etag: "6382ee41cb26e42293e1ba5d9f0d3af64ddb672c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8735 bytes)
Hash
23db22ce2120fbb0ae6109e1a046062d
2068c8d9a5bc30a17be658e198e26c64a80703cf
f307ba6c4929d9f0c9354334b7baea878da379138489d9689bb777c4da308dab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: f466c962-7b12-4923-a4be-7ff9fce372a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaWFP_IAMF9wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-7a8c027d58f5b9132bb68a33;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hjIm9dNf6UE9rpIlKWeLwWuF7Pm6yJeAZgbwchvJcuDy-zkXEr502w==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:18 GMT
age: 17356
etag: "2068c8d9a5bc30a17be658e198e26c64a80703cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49ea501c-c491-40c1-82ec-c750680af9df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9282 bytes)
Hash
e4354120b504a8b1d1c3f4e206eb4611
ba854dec74347525b20dbf3b4e5c13876d56aa1c
bc921fe78a71864819998207c13b5c3ca7913275a4503119c5d105ad7827c377

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49ea501c-c491-40c1-82ec-c750680af9df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9282
x-amzn-requestid: f448477b-b445-46fa-8aee-8c5c527ee95b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: feqp8FuToAMFxDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5be3f-30fbf0dd70d17878651809a0;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 00:30:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wOmkr070swJe2KlHn_SbFTSuqgpv4oxECzMVHR0ryygDutjwH5_55A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 09:06:06 GMT
age: 63268
etag: "ba854dec74347525b20dbf3b4e5c13876d56aa1c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html

213.186.33.18

200 OK

9.8 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10169)
Size
9.8 kB (9754 bytes)
Hash
11a17050b89dd812fe29f5c3c973081a
eec8122840759b1037d5a93be304fb8aa7e3431c
0755e5452a877151eeaf0c6163657c974532f32229e5cf10df3c8f683af48585

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/anchor.html HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:37 GMT
content-type: text/html
content-length: 9754
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:488A_D5BA2112:0050_63D9D120_1DF0:75A2
x-iplb-instance: 27924

www.rivierapub.fr/css/files/reboot/login/style.css

213.186.33.18

404 Not Found

299 kB

URL HTTP/2
www.rivierapub.fr/css/files/reboot/login/style.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26343), with CRLF, LF line terminators
Size
299 kB (299288 bytes)
Hash
44c089ff2ae88067d1509843a978ff74
1a8b4db22e876abd1155c14cae0441946c03933d
8ce5efa5b917bab038e2f51aa077b8dbc66844e1c0c5fb4a3951b7c8a3ad5839

HTTP Headers

GET /css/files/reboot/login/style.css HTTP/1.1
Host: www.rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
date: Wed, 01 Feb 2023 02:40:37 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.rivierapub.fr/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
789b41f1f8027d4275a66ac9cb2f124d
c5eff6750f9a50fc52a7a6ec6e30a7afaf28fc79
e053b0b29fc44721473ed39ddfe41064f09b56b3531c765228fa322d599e770f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

rivierapub.fr/css/files/reboot/login/unionbank_files/styles__ltr.css

213.186.33.18

200 OK

26 kB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/styles__ltr.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (50696), with no line terminators
Size
26 kB (25550 bytes)
Hash
ca5350ed9a4d4472bdbc0f04b81094e4
c33e8ed8a0c934225f54a0782750289082e060fb
3377025fa55128ffe598611154e05d0cab872cf792c8a1f5bd8ccdd7c15c9ce4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/styles__ltr.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:37 GMT
content-type: text/css
content-length: 25550
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:29 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:37 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:488A_D5BA2112:0050_63D9D125_1E00:75A2
x-iplb-instance: 27924

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
789b41f1f8027d4275a66ac9cb2f124d
c5eff6750f9a50fc52a7a6ec6e30a7afaf28fc79
e053b0b29fc44721473ed39ddfe41064f09b56b3531c765228fa322d599e770f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rivierapub.fr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 189517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rivierapub.fr
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 48691
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
789b41f1f8027d4275a66ac9cb2f124d
c5eff6750f9a50fc52a7a6ec6e30a7afaf28fc79
e053b0b29fc44721473ed39ddfe41064f09b56b3531c765228fa322d599e770f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a72c84c41c5e0adf55862720ffab859c
671408b7eb5f09e4a2dac07a7ee2150ea7be1972
0aada318970f4e1d24d6411787b9f43b8ce0c1d64d76b61b5ac0589a1323f066

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2583
Cache-Control: max-age=90908
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:38 GMT
Etag: "63d8872b-1d7"
Expires: Thu, 02 Feb 2023 03:55:46 GMT
Last-Modified: Tue, 31 Jan 2023 03:12:43 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 01 Feb 2023 01:45:20 GMT
expires: Wed, 01 Feb 2023 03:45:20 GMT
cache-control: public, max-age=7200
age: 3318
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

connect.facebook.net/en_US/sdk.js?hash=43076a9dd9f24fdb8cd3e0cc0cc4be7a

31.13.72.12

200 OK

88 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=43076a9dd9f24fdb8cd3e0cc0cc4be7a
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (18530)
Size
88 kB (88433 bytes)
Hash
b8c04bbffacf1abeac4b084a480dcab9
5ad501ba041db9f83592b0415ced63c70a9e0022
6642f44269ca97f00e2d49ce4a7b5d9aa777efdf01e2816a4ce9bb7d76eaf8bf

HTTP Headers

GET /en_US/sdk.js?hash=43076a9dd9f24fdb8cd3e0cc0cc4be7a HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rivierapub.fr
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 8de1139fe03faa0c272dd36da2c71d3f
etag: "1ca875882c1c4ca74f249310f46dd5ae"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 31 Jan 2024 00:35:32 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: uMBLv/rPGr6sSwhKSA3KuQ==
x-fb-debug: kdpa3tde3lxTr6VbDUEEs+fMkz/ua1TB9oaMZaeEvjpUVsKO7heGgOLj6BjO9dHprDw+kMtp/Qb4U7jSS8WN9A==
content-length: 88433
x-fb-trip-id: 1904183273
date: Wed, 01 Feb 2023 02:40:38 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 02:40:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
4926634f3217cdd97e97202504c0c3b7
f7ea00d740096e4e17e8d884b177d47004bea11e
4dc4be86e5dfd0ab45d7c2235760fe07f49bbfabf1c108c8ddae955aa5760a91

HTTP Headers

GET /recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Wed, 01 Feb 2023 02:40:38 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html

HTTP/1.1 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:38 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
x-iplb-request-id: 5B5A2A9A:BEC0_D5BA2112:0050_63D9D120_4BB1:3FCC
x-iplb-instance: 27925

rivierapub.fr/css/files/reboot/login/unionbank_files/background.png

213.186.33.18

200 OK

4.0 MB

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/background.png
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type
PNG image data, 2054 x 1297, 8-bit/color RGB, non-interlaced\012- data
Size
4.0 MB (4034936 bytes)
Hash
b96ca6c086ae1da6eb5a5d1de5e0f3ad
a122544b2c6afd43e071ea3590cc4b37c05316b8
6aa4661e2ad0927c9c8bcadea3e57a5642798572f44a7bd411d12a4b3815be30

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/background.png HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:37 GMT
content-type: image/png
content-length: 4034936
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:37 GMT
x-iplb-request-id: 5B5A2A9A:505F_D5BA2112:0050_63D9D120_1442F:1C4E4
x-iplb-instance: 27926

rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank

HTTP Headers

GET /css/files/reboot/login/unionbank_files/favicon.ico HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:38 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico
x-iplb-request-id: 5B5A2A9A:488A_D5BA2112:0050_63D9D125_1E01:75A2
x-iplb-instance: 27924

rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Union Bank
urlquery	phishing	Phishing - Union Bank
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/recaptcha__en.js.download HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/unionbank_files/anchor.html

HTTP/1.1 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:39 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download
x-iplb-request-id: 5B5A2A9A:D43B_D5BA2112:0050_63D9D125_811B:2C859
x-iplb-instance: 27922

ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

142.250.74.138

200 OK

0 B

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33018
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 15:42:19 GMT
expires: Tue, 30 Jan 2024 15:42:19 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 125893
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/style.css

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/2
rivierapub.fr/css/files/reboot/login/style.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/files/reboot/login/style.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:35 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/style.css
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/2
rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:39 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/2
rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/recaptcha__en.js.download HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:40 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/unionbank_files/recaptcha__en.js.download
X-Firefox-Spdy: h2

www.rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download

213.186.33.18

404 Not Found

0 B

URL HTTP/2
www.rivierapub.fr/css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/dvDKLY21EpsggPpYe7mLhx2vZ59WAsI8UCV0Rb2v1fM.js.download HTTP/1.1
Host: www.rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
date: Wed, 01 Feb 2023 02:40:40 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.rivierapub.fr/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js

213.186.33.18

200 OK

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.js HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: application/javascript
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:505F_D5BA2112:0050_63D9D120_143FB:1C4E4
x-iplb-instance: 27926

rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.css

213.186.33.18

200 OK

0 B

URL HTTP/1.1
rivierapub.fr/css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.css
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/files/reboot/login/unionbank_files/bundle.1bf376f9696bfb8874af.css HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rivierapub.fr/css/files/reboot/login/login.php

HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: text/css
transfer-encoding: chunked
server: Apache
last-modified: Fri, 27 Jan 2023 09:39:28 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 01 Feb 2023 02:55:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-iplb-request-id: 5B5A2A9A:BEC0_D5BA2112:0050_63D9D120_4BB0:3FCC
x-iplb-instance: 27925

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.11.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rivierapub.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 02:40:32 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 03/12/2022 14:32:07
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: d59b1bc690982b057c0e17bb58696d82
cdn-cache: HIT
cf-cache-status: HIT
age: 1670548
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 792752ab6c80b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico

213.186.33.18

301 Moved Permanently

0 B

URL HTTP/2
rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico
IP
213.186.33.18:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/files/reboot/login/unionbank_files/favicon.ico HTTP/1.1
Host: rivierapub.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rivierapub.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 02:40:39 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.4
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
x-redirect-by: WordPress
location: https://www.rivierapub.fr/css/files/reboot/login/unionbank_files/favicon.ico
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by