Report - ct16323.tw1.ru/OR/Orange22/password.php

Report Overview

Submitted URL
ct16323.tw1.ru/OR/Orange22/password.php
IP
87.249.38.16
ASN
#9123 TimeWeb Ltd.
Submitted
2023-06-05 16:23:33
Access
public
Website Title
Final URL
Tags
orange telecommunication phishing
urlquery detections
Phishing - Orange

Detections

urlquery
24
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ct16323.tw1.ru	unknown	unknown	No data	No data	19 kB	698 kB	87.249.38.16
trust-system-eui.orange.fr	630834	2001-02-01	2020-10-13	2023-05-24	502 B	536 B	193.252.122.88
e.orange.fr	499838	2001-02-01	2017-02-09	2023-06-03	2.0 kB	14 kB	193.252.122.137
tpc.googlesyndication.com	126	2003-01-21	2020-01-16	2023-06-05	452 B	3.7 kB	172.217.21.161
tags.tiqcdn.com	969	2012-07-11	2013-01-15	2023-06-05	2.3 kB	5.4 kB	54.230.111.8
c.woopic.com	175029	2002-10-18	2012-08-21	2023-06-03	10 kB	28 kB	193.252.122.137
cdn.woopic.com	216411	2002-10-18	2017-12-07	2023-06-03	1.9 kB	54 kB	193.252.122.137
r.orange.fr	289020	2001-02-01	2012-07-13	2023-06-03	2.0 kB	1.9 kB	81.52.142.222
sso.orange.fr	192829	2001-02-01	2013-04-30	2023-06-03	735 B	4.5 kB	193.251.215.153
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-05	1.3 kB	2.8 kB	142.250.74.131
code.jquery.com	634	2005-12-10	2012-05-21	2023-06-05	442 B	25 kB	69.16.175.42
cdn.adgtw.orangeads.fr	245758	2007-07-16	2017-01-29	2023-05-19	807 B	49 kB	193.252.122.137
gp.cdn.woopic.com	unknown	2002-10-18	2022-04-13	2023-06-03	6.8 kB	899 kB	193.252.122.137
confiant-integrations.global.ssl.fastly.net	1577	2011-04-18	2019-03-15	2023-06-05	1.1 kB	129 kB	151.101.65.194
996f5f9484d2d7907326671d40452523.safeframe.googlesyndication.com	unknown	unknown	No data	No data	491 B	3.7 kB	142.250.74.97
ocsp.globalsign.com	2075	1999-04-19	2012-07-20	2023-06-05	349 B	1.9 kB	104.18.21.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (55)

	URL	Size	First Seen	Last Seen
	ct16323.tw1.ru/OR/Orange22/password_fichiers/osd.js	76 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/osd.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen375 Hash 623b740374c5f0bfe11f72c8569ac3e1 c0da83676462f0157290b40521da18edf639ca0d 187f0e2d2331f649e0afc51f0567cf23ef47d57283aa928313452eb1a559efb4 Loading...

	ct16323.tw1.ru/OR/Orange22/password.php	3.8 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password.php IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen216 Hash ee2cf5efca2d15795385fe8244df55ba 584380e930532c68cee815b5638f4beb26f6a51d 32497586b68cfe675f175441dc52309541f8900acbfa891199441dd0e5e596c7 Loading...

	gp.cdn.woopic.com/libs/J06O120cS/common/js/common.js	75 kB	2023-05-24	2023-06-13
Pretty URL gp.cdn.woopic.com/libs/J06O120cS/common/js/common.js IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-24 14:36:27 Last Seen2023-06-13 00:23:12 Times Seen14 Hash 27fe85ad5d5e94d60db0081b00098965 3134b8b3f918409d2a65c6c26971d3af14c76403 35bddcae1ee26a3ed6b91ceb217186a713f52bb6339b4776bfa358c14f797c3d Loading...

	gp.cdn.woopic.com/magic/o_tealium.js?update	461 B	2023-03-07	2024-04-24
Pretty URL gp.cdn.woopic.com/magic/o_tealium.js?update IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen565 Hash c565a78bb5f5bf65a24ad7d69eecc911 2bfdd57e5b89e751d4054ddbeb4af6179538f9ca 48e3519db17530c83a984fda459577525b5a8e0b5d7eae6aff3983676df229d2 Loading...

	ct16323.tw1.ru/OR/Orange22/password.php	354 B	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password.php IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen216 Hash 45697da09724d945cd4dc1a704460ae5 0a04383f96dfe0d61143670960bd8fcddcefc805 46edca891d916a78bb375d83dcf9c2f2f937733ba87dad1b0eaf7d7cbe7bd97f Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.js	199 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen375 Hash 4fe8f7e93fbf013ab328ac614c9beb1e c6e554c9a20ae17a9e026d96d6dd4f27481d60c2 1dea5048e429a178a10583c16403d1894c61b47d1421f73c39e8c39f244ed54b Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_core.js	49 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_core.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 19:10:50 Times Seen295 Hash e466b0dfc1a9ef10f74b219d1e7c4edf acbd064b08faa860e22b41cefb23f7b40bfe42b8 9668ded257e371ef94eabc30a62a180d208124b92289e045528d52158398060c Loading...

	unknown	37 B	2023-04-11	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-04-26 09:29:09 Times Seen231646 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/ec.js	2.8 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/ec.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 19:10:50 Times Seen1644 Hash 7b430c6350a59a7cf22b9adeccba327b b48d3c289bcb6809bb52fffd8f013055ed6bcd65 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/configuration.json	1.1 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/configuration.json IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen852 Hash ef3828e134882e1c876dab2fa4d4adb9 ccae070757372ba1361cf4017fa7c95765483f42 110fc0d903269e07466e6046d1133356354f9344421364cf22d04c477785e512 Loading...

	tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881	2 B	2023-03-07	2024-04-26
Pretty URL tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-26 09:41:27 Times Seen21805 Hash 7bc0ee636b3b83484fc3b9348863bd22 ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610 a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Loading...

	confiant-integrations.global.ssl.fastly.net/Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js	209 kB	2023-06-05	2023-06-05
Pretty URL confiant-integrations.global.ssl.fastly.net/Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js IP 151.101.65.194 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 18:23:47 Last Seen2023-06-05 18:23:48 Times Seen2 Hash 37f91da54f11784e8e74da975126286b 3f47f3593c8c9d7d56ff5245e6a7e7fdef74e2ef d570807649d0e7b8ffccabbeab9b212235129e788b660c08c78445cd255d0467 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/oan_common-async-3.js	224 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/oan_common-async-3.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen284 Hash 2cb760e239cac01daf0ec447345d3f51 f1a78abd7c2b1b69938d4f4bec9f70c274a7cdf6 873eb75ff8b0b0bc721cb7b240a89311abae74d8e0447ec45c9fdd51cda79189 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/integrator.js	109 B	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/integrator.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 19:10:50 Times Seen503 Hash 82bb040bd5729e459f7cc5a09981cc86 6729b40c106631dd384a6161580dfec5a6643fa8 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073 Loading...

	cdn.adgtw.orangeads.fr/build/lib/px.js?ch=2	346 B	2023-03-07	2024-04-26
Pretty URL cdn.adgtw.orangeads.fr/build/lib/px.js?ch=2 IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-26 08:58:00 Times Seen43552 Hash f84f931c0dd37448e03f0dabf4e4ca9f 9c2c50edcf576453ccc07bf65668bd23c76e8663 5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/ABPlanning.json	106 B	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/ABPlanning.json IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen346 Hash cf9b9da1f2124678596cb0db68f19fcc c705ff82c357017892c9d6e92adbd5fec37a24e8 6f6b02609eaa139e7cb337db713e87b1339c2f4f1a20b6e672fcdcf93d565cac Loading...

	code.jquery.com/jquery-3.5.1.slim.min.js	72 kB	2023-03-07	2024-04-25
Pretty URL code.jquery.com/jquery-3.5.1.slim.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:10 Last Seen2024-04-25 17:28:39 Times Seen3215 Hash fb8409a092adc6e8be17e87d59e0595e cf8d9821552d51bb50ce572e696aba1309065800 e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/utag.js	23 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/utag.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen380 Hash 3103c2f4a9dc018935af5b05c8da5771 8366ed8e5e28ed007ff5604466b6ea0649e059eb f8d67952948993a17415668bcd6d30bf01fd77de3f707d3ec8dc7244386ce098 Loading...

	securepubads.g.doubleclick.net/tag/js/gpt.js	13 kB	2023-04-05	2024-04-26
Pretty URL securepubads.g.doubleclick.net/tag/js/gpt.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 04:46:03 Last Seen2024-04-26 09:26:29 Times Seen30726 Hash 0c9ed134ae3d5ffe972da2a3e59dc428 620df222551395592e46e4c5f425cf23dcdad891 5f9efa604bfe2aee8c1a90376125a098306ba390530a6f9b2ecb0a67cdac178d Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap_002.js	116 kB	2023-04-12	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap_002.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 22:51:54 Last Seen2024-04-24 19:10:50 Times Seen189 Hash b71aaebb0a1d9d501a806094c02554c5 94965947bfb661c0074814c06c6bd9d144a1525d 9d1bd6f95be7df2a494f082b0304bbf0ac79ca902d1418e96971e4e854020789 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap.js	147 kB	2023-04-12	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 22:51:54 Last Seen2024-04-24 19:10:50 Times Seen189 Hash dae9aaebde815f27a5daa37e7603f9b9 92ddcb8649a20851ac538c37751a67622c9a366d a36d3e11a45c70931593cc6e3f6c6124aeca1fd80162915ffa5078c2a2b2db54 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/gpt.js	56 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/gpt.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:10 Last Seen2024-04-24 19:10:50 Times Seen234 Hash 106619947b1e25411ce93455af1218bc fc17d3fa7d4483b4bf95efd9c2f70215139667d9 2db57f6929e4a82a9fcf9ed3804adbed41d44ae000fd72f074d6ba5b72dee212 Loading...

	unknown	79 B	2023-04-11	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-04-26 09:29:08 Times Seen124501 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	gp.cdn.woopic.com/magic/oneI.res.desktop.5.0.3.json	74 kB	2023-05-15	2023-07-20
Pretty URL gp.cdn.woopic.com/magic/oneI.res.desktop.5.0.3.json IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-15 11:49:29 Last Seen2023-07-20 05:16:02 Times Seen198 Hash f0b503601684b93349983fd0777ee90c fa385d36531d2a33cf93aa8ad6223fb5b614635a ecb5165446c8d676308da549df22f919b8a7fe87a57165b4aef0cdd95eec5323 Loading...

	unknown	10 B	2023-04-12	2024-04-26
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-04-12 19:36:05 Last Seen2024-04-26 01:55:16 Times Seen581 Hash 3909b073ead7dbc3d10023cf6336903e f9c1172685620881b482cb5582ab2f78ec51782c cab4aeaee24247015e08bf50b1fa6c55be2a1a15498261733119bef265b09f6a Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/analytics.js	47 kB	2023-03-07	2024-04-25
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/analytics.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 19:48:01 Times Seen571 Hash 53ee95b384d866e8692bb1aef923b763 a82812b87b667d32a8e51514c578a5175edd94b4 e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b Loading...

	ct16323.tw1.ru/OR/Orange22/password.php	409 B	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password.php IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 19:10:50 Times Seen216 Hash cd9476fcdbbca8afc88c0a148f1f12f0 7e445a3648e1933b79a3deb9ef18858645289fa2 d166c1be17c353ad3910c2197005b77482d0bb26f27f75d6f4bac7b92337c043 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/o_load_responsive.js	48 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/o_load_responsive.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 19:10:50 Times Seen305 Hash 24608491cc178eb96b93183c72bb356e b5400c213e4e2c494bf0fb872b0728c895b16f84 981533b57b1ade011c28086311f0a9f84f572d7cca6d729c52ab845a482a199d Loading...

	tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js	7.4 kB	2023-04-12	2023-07-18
Pretty URL tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 22:43:46 Last Seen2023-07-18 06:42:59 Times Seen186 Hash 6b967f813c93121ef7c535583e260632 c04b18ebf085535b51614295067b49ee7cec5399 420a690eb56c9e4ad93992a9e914317462c345f1675d49d23c538e82e5afa931 Loading...

	gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_core.all.desktop.YMsdcLhX.js	447 kB	2023-05-22	2023-06-05
Pretty URL gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_core.all.desktop.YMsdcLhX.js IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 23:36:23 Last Seen2023-06-05 18:23:48 Times Seen24 Hash 04e0feaaef643601e0514897eed8120f ea8264122c12c786291faabd6bd2c0c8144451c8 62a097af3424ef383c700570ef72bcb0f5158711e10c5d72c9db600231c05ddc Loading...

	cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/trust-latest/datadome.js	136 kB	2023-03-08	2024-02-13
Pretty URL cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/trust-latest/datadome.js IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:03:40 Last Seen2024-02-13 12:00:16 Times Seen632 Hash 4999233b500efc6427ccaa25ce97ad92 92847ef22ea3403cf2c34e5eac439c1f5dda19b8 047a8a23da5cb0bd6d8f997310054fdce09af1965507bb03d45db87bf2b8efd6 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/pubads_impl_2020120701.js	286 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/pubads_impl_2020120701.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen361 Hash 433dd0f28ab0f64447ff9ad5484edb0c a60ea1400da3faf6738ee8572be9215a9f9bb11d 9ff097bb2a8986d45348ac893bede5cafd713e7164381c9a5e8f4f7aef9e30bc Loading...

	gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_desktop.js	62 kB	2023-04-21	2023-06-13
Pretty URL gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_desktop.js IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-21 11:28:38 Last Seen2023-06-13 00:23:12 Times Seen73 Hash 7bdf57f95ac940a24edb076735bdd14c eb3cc7f7440317fa97dda5e4378aa1b280ffad86 ef90c4d1643cd5d7dc71ac097bd79c66e1eb77d3851cf9bbed1d35ee465b54f1 Loading...

	ct16323.tw1.ru/OR/Orange22/functions/hideShow/hideShowPassword.min.js	8.2 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/functions/hideShow/hideShowPassword.min.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:10 Last Seen2024-04-24 19:10:50 Times Seen210 Hash c15627cb41cad912398a622533f74fd4 6129adb095e47a2be94cf3bba382099fdc6562e6 b6a63849f3e8066cdf340498b1701223621633fcc4b498a618d6f51a8380713e Loading...

	ct16323.tw1.ru/OR/Orange22/sandbox%20eval%20code	136 B	2023-04-11	2024-04-26
Pretty URL ct16323.tw1.ru/OR/Orange22/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-04-26 09:26:29 Times Seen31290 Hash fb4eb094524daea58bf7f82331598541 f5ca39eb98fa1685f8647514a627d3d7f216f7ef 7cbf1e77bb9277bac7030ded2087246adf5c59564a5a1f28ce8c09be6ef48683 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/datadome.js	137 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/datadome.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen371 Hash eec7704cb9ea3860a2cc47c7794a88da 78d1aa7a123cdd71824ab1b015fc54b1ed6a00f2 b16556cd55d68160a36aca0b3c164d0e4fd4d7dcd962bd66882371831ca098a8 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/oneI.json	202 kB	2023-04-12	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/oneI.json IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 22:51:54 Last Seen2024-04-24 19:10:50 Times Seen176 Hash d2ec8498f1a75ae3cfbe47b2d13c87b6 67ea8f446a0be7292cd1acfb80e32eb47060bb59 4951566669a3548639772d2c9aef9ee5c93173f1b6e8ce8029356a22e7934532 Loading...

	cdn.adgtw.orangeads.fr/build/oan_common-async-3.2.min.js?f1a78abd7c2b1b69938d4f4bec9f70c274a7cdf6	182 kB	2023-06-05	2023-06-05
Pretty URL cdn.adgtw.orangeads.fr/build/oan_common-async-3.2.min.js?f1a78abd7c2b1b69938d4f4bec9f70c274a7cdf6 IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 18:23:48 Last Seen2023-06-05 18:23:48 Times Seen2 Hash 2cf7f574731d76c62e2b0d719cb96753 d536732d8ba0bb6ee77015552072cbd3a2d04fd8 108da7c81c543549c8f9fe21ca400402aaad501d29e6a4e2241e3e7d478f196c Loading...

	tags.tiqcdn.com/utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448	23 kB	2023-03-07	2024-04-24
Pretty URL tags.tiqcdn.com/utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen336 Hash df3655216296cd975678739cf019d210 36ffac1d00e150c3c5497c6f9dd600fad1700518 302250648059af75394872898dad346bd9184cb77a1dd27a57515c824168cbf8 Loading...

	gp.cdn.woopic.com/libs/J06O120cS/common/js/external/search/o_completion.js	365 kB	2023-04-19	2024-04-03
Pretty URL gp.cdn.woopic.com/libs/J06O120cS/common/js/external/search/o_completion.js IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-19 20:18:36 Last Seen2024-04-03 07:57:41 Times Seen612 Hash 4408b5afa6988edf6352ccb441882154 9258152dc87e8cff27d6475c4ce0eb7e8148f341 27007b1a1e4933f175f888fa8c0527619b043c6d94cca9f1ed7a2c1471d00c23 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/ora_authen.identification	3.8 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/ora_authen.identification IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:10 Last Seen2024-04-24 19:10:50 Times Seen241 Hash 8bfbacf1d217ca8c35b670f6e6ef31c6 2c43a9177cf05c997fa035f897f2734aed941a7b 7e9e645bcb0d35d7bde7ac7a901917d98d03190aeab77bb65f6acce6310da751 Loading...

	ct16323.tw1.ru/OR/Orange22/sandbox%20eval%20code	126 B	2023-04-11	2024-04-26
Pretty URL ct16323.tw1.ru/OR/Orange22/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 22:49:15 Last Seen2024-04-26 02:03:51 Times Seen2780 Hash 975e7ae1f57ea799db15a55fffc7541e 83f68e7f7a42773a66cd38fe8de9c2ec8ab7cc6a 96029c27f896e37c76d2e9f2060a04531cc6ab6010d20d485ae59c8bcaf14103 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_desktop.js	49 kB	2023-04-12	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_desktop.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 22:51:54 Last Seen2024-04-24 19:10:50 Times Seen188 Hash bc2e6f9fb9584eb16506661c34a93f67 5a0210591e60d2054a9152fab5af87393df4e33a f6f60c09052b873fb865aaefc832c7d1e158ae496c40265607242d1662a415e5 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/o_completion.js	112 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/o_completion.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen353 Hash 198322b5cdb62d03d2f10dda59e3d417 3314edc8cd60151744957a309ec8872512b13e05 5fe4503dc83e2c1c9b76c24f03244b59db16ddfcce9300909b3a86c4ca7c2bed Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/config.js	52 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/config.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen383 Hash f052c4ff346c90fb144734bf619a7c0f 01e4df392976368190595df473bc8e5c5d225efd 8d9b3f46abc454c620056257fceb35d9c69a88b907c177b02d9de26129fb1e22 Loading...

	c.woopic.com/libs/common/o_load_responsive.js	51 kB	2023-06-03	2023-06-05
Pretty URL c.woopic.com/libs/common/o_load_responsive.js IP 193.252.122.137 ASN #24600 Orange Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-03 04:48:27 Last Seen2023-06-05 18:23:48 Times Seen4 Hash e8e69d0eb6803ac8959872894b621a3b d9f985fa48d33bc043e0707b2260ad565a02ad4b 38840ec2434592be4ca56c7ff3ea8a1450e2339add0f298531dc3837bb1f75ae Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_002.js	29 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_002.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen382 Hash 2f146474317068a16a596c1fa8a581bb b2551854df5886193274a1358afd011eafd2d70f 29e49450a2aa5777ddae401bc9b08db87e247108ede5246b744c8c42010578a9 Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_003.js	1.2 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_003.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 19:10:50 Times Seen331 Hash adc847a44c527dfec076e1e841692e88 4a5af36ff3dd6c8656ab1b359062a05b2e299630 f9694462a39c1a319ac9db6cb051272af288ab6a0d1d3e9ab430f6aeeb49199a Loading...

	ct16323.tw1.ru/OR/Orange22/password_fichiers/common.js	40 kB	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password_fichiers/common.js IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen331 Hash 0b8f1f0070747a2340cf272686b0ca3e 80bbffc846222ea37c96b6772ffdce535af352cf 422e6c2e0785856e5e1aaa5b21b358465c62a9fdc60d41148e474ea0acd2835c Loading...

	ct16323.tw1.ru/OR/Orange22/password.php	621 B	2023-03-07	2024-04-24
Pretty URL ct16323.tw1.ru/OR/Orange22/password.php IP 87.249.38.16 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:10 Last Seen2024-04-24 19:10:50 Times Seen137 Hash 34d4a0c75e547cdb7a167d2f61cb702e 817ff6247e824843d82365030be786f1b4425676 0119f0e61703ad7a445bf74e9844e2520ba9c41779e412fea06d051064499cb3 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 23c5e5dd4de7a7d4637d41efefc6cb2e	242 B	2023-03-08	2023-11-09
Pretty Observations First Seen2023-03-08 13:03:40 Last Seen2023-11-09 03:42:49 Times Seen228 Hash 23c5e5dd4de7a7d4637d41efefc6cb2e dfa70ab2e0984c24cb81aefe70fcccfc4ad97bbc fa233e0fe1fab34984920d153cfb2ea516dd1558cef1219a94bcfc4033c48269 Loading...

	#2 Eval - 8d1890074319fec1a36cf72b9aee8486	27 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen378 Hash 8d1890074319fec1a36cf72b9aee8486 afeda00e601c589f4bd4e2dc80dd49438bbc0437 e2ecea2e21c41b23d401e31d09eeaf8d6acfaef0242ef7b670df3234c6b37cb8 Loading...

	#3 Eval - 5799f946754bb0b69579f8335ca11db8	362 B	2023-03-08	2023-11-09
Pretty Observations First Seen2023-03-08 13:03:40 Last Seen2023-11-09 03:42:49 Times Seen228 Hash 5799f946754bb0b69579f8335ca11db8 e4b52f15989bc7fbde239bb7d89aec86e6a04277 df9bb976ad91df06a9e4f3df739ef7cbd6d48f1b3ab058136da0cd76ef958b33 Loading...

	#4 Eval - 59736908631620f5074c83231758cffd	28 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen379 Hash 59736908631620f5074c83231758cffd 4ec4826c9a66c2855cd1c2113bce4da79df1e88a d133386fae64c2ed350e673d62e02921a8c38935ec4834081add9fccba3a5f37 Loading...

		Size	First Seen	Last Seen
	#1 Write - 809fc2613503323db59da7236d16ad13	104 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:10:50 Times Seen220 Hash 809fc2613503323db59da7236d16ad13 6126ef0830991567a50b387de85d3e29aaca47f2 3b5237a1f1079fd53ae6e24da914ecaafbeaf14381955f57eacd41f3dfa9834e Loading...

HTTP Transactions (121)

URL IP Response Size

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

1.4 kB

URL
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
598b57a4c93cca0b698e339ed2727682
8077f9d8ad3e0816039cd2d66bff8465dbfa0a9b
5b4f63b53e1ad2f54c925b8215b621c317da660726d04b1cd6bf477a970e09c8

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 09 Jun 2023 14:59:12 GMT
ETag: "8077f9d8ad3e0816039cd2d66bff8465dbfa0a9b"
Last-Modified: Mon, 05 Jun 2023 14:59:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3336
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d29c230d90cfab4-OSL

ct16323.tw1.ru/OR/Orange22/password.php

87.249.38.16

14 kB

URL User Request GET
ct16323.tw1.ru/OR/Orange22/password.php
IP
87.249.38.16:0
ASN
#9123 TimeWeb Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (52420), with CRLF line terminators
Size
14 kB (14043 bytes)
Hash
1a92eeaeb746cbecd2030e7aa1783efe
2e8af3c875e8cc12edbdfdf9a8c926e61e3cefbc
ecae069a91969d38da8846e6ed4c031bf381a7219232fead51a83366b11c2d79

HTTP Headers

GET /OR/Orange22/password.php HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/integrator.js

87.249.38.16

200 OK

109 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/integrator.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with no line terminators
Size
109 B (109 bytes)
Hash
82bb040bd5729e459f7cc5a09981cc86
6729b40c106631dd384a6161580dfec5a6643fa8
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/integrator.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Content-Length: 109
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Connection: keep-alive
ETag: "6477970f-6d"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/ec.js

87.249.38.16

200 OK

1.3 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/ec.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (523)
Size
1.3 kB (1292 bytes)
Hash
7b430c6350a59a7cf22b9adeccba327b
b48d3c289bcb6809bb52fffd8f013055ed6bcd65
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

HTTP Headers

GET /OR/Orange22/password_fichiers/ec.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-adb"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css

87.249.38.16

200 OK

32 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (822)
Size
32 kB (31813 bytes)
Hash
826c37c3759790ba2f54df579b525402
d4dda8921ec3c4a163fc2402670e5389b8ccace8
c648eb5e5dd5917f98d40cc6d9ed068f20f25319ff8c9f200da08a02c280b638

HTTP Headers

GET /OR/Orange22/password_fichiers/bundle.css HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: text/css
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-3658e"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/osd.js

87.249.38.16

200 OK

28 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/osd.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (65425)
Size
28 kB (28240 bytes)
Hash
623b740374c5f0bfe11f72c8569ac3e1
c0da83676462f0157290b40521da18edf639ca0d
187f0e2d2331f649e0afc51f0567cf23ef47d57283aa928313452eb1a559efb4

HTTP Headers

GET /OR/Orange22/password_fichiers/osd.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-1277a"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_002.js

87.249.38.16

200 OK

9.2 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_002.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document, ASCII text, with very long lines (2272)
Size
9.2 kB (9235 bytes)
Hash
2f146474317068a16a596c1fa8a581bb
b2551854df5886193274a1358afd011eafd2d70f
29e49450a2aa5777ddae401bc9b08db87e247108ede5246b744c8c42010578a9

HTTP Headers

GET /OR/Orange22/password_fichiers/utag_002.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-71a6"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap_002.js

87.249.38.16

200 OK

34 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap_002.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (22342), with LF, NEL line terminators
Size
34 kB (34414 bytes)
Hash
83426b7ee6fb9b722ca402b2368ffd91
7762d5fe5a302506784f0a7baff8670fee96108c
47beda598efc303a2d1c94f2a769fe560609c4874288960f1ea6b8e9f1fe2baf

HTTP Headers

GET /OR/Orange22/password_fichiers/wrap_002.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-1c73a"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/analytics.js

87.249.38.16

200 OK

19 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/analytics.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (1325)
Size
19 kB (18817 bytes)
Hash
53ee95b384d866e8692bb1aef923b763
a82812b87b667d32a8e51514c578a5175edd94b4
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

HTTP Headers

GET /OR/Orange22/password_fichiers/analytics.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-b7cb"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/o_load_responsive.js

87.249.38.16

200 OK

14 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/o_load_responsive.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
C source, Unicode text, UTF-8 text, with very long lines (31978)
Size
14 kB (14494 bytes)
Hash
24608491cc178eb96b93183c72bb356e
b5400c213e4e2c494bf0fb872b0728c895b16f84
981533b57b1ade011c28086311f0a9f84f572d7cca6d729c52ab845a482a199d

HTTP Headers

GET /OR/Orange22/password_fichiers/o_load_responsive.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-bc1e"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap.js

87.249.38.16

200 OK

47 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/wrap.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (40931)
Size
47 kB (46629 bytes)
Hash
20f0a62b6efd2b7a30e2e6d59ba43da4
3b9f6f4c832d2da868d2853af926d7f2abbb980d
70c6274d94af8fd8e0e2c9654297c5c29a919cf405f684dcf67e1a06d859e9f9

HTTP Headers

GET /OR/Orange22/password_fichiers/wrap.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-23de7"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

code.jquery.com/jquery-3.5.1.slim.min.js

69.16.175.42

200 OK

25 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.slim.min.js
IP
69.16.175.42:443
ASN
#20446 STACKPATH-CDN

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65245)
Size
25 kB (24606 bytes)
Hash
fb8409a092adc6e8be17e87d59e0595e
cf8d9821552d51bb50ce572e696aba1309065800
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

HTTP Headers

GET /jquery-3.5.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 16:23:10 GMT
content-encoding: gzip
content-length: 24606
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-11abc"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1685982190.dop222.sk1.t,1685982190.cds065.sk1.hn,1685982190.cds202.sk1.c
X-Firefox-Spdy: h2

ct16323.tw1.ru/OR/Orange22/password_fichiers/common.js

87.249.38.16

200 OK

12 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/common.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (31981)
Size
12 kB (12289 bytes)
Hash
0b8f1f0070747a2340cf272686b0ca3e
80bbffc846222ea37c96b6772ffdce535af352cf
422e6c2e0785856e5e1aaa5b21b358465c62a9fdc60d41148e474ea0acd2835c

HTTP Headers

GET /OR/Orange22/password_fichiers/common.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-9e37"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/common.css

87.249.38.16

200 OK

314 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/common.css
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (1210), with no line terminators
Size
314 B (314 bytes)
Hash
9c50986b94d7129e2c17ba91f2f99c44
c7ef726fa5dc8c6e513ff1ba95173659cd0df697
9d203ca69703024402ebf53d83e6a7aff3aec17c7b63993a63228aa467b463aa

HTTP Headers

GET /OR/Orange22/password_fichiers/common.css HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: text/css
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-4ba"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/configuration.json

87.249.38.16

200 OK

366 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/configuration.json
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text
Size
366 B (366 bytes)
Hash
ef3828e134882e1c876dab2fa4d4adb9
ccae070757372ba1361cf4017fa7c95765483f42
110fc0d903269e07466e6046d1133356354f9344421364cf22d04c477785e512

HTTP Headers

GET /OR/Orange22/password_fichiers/configuration.json HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
ETag: W/"41e-5fd01ccbc3bf5"
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.js

87.249.38.16

200 OK

53 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (65451)
Size
53 kB (52665 bytes)
Hash
4fe8f7e93fbf013ab328ac614c9beb1e
c6e554c9a20ae17a9e026d96d6dd4f27481d60c2
1dea5048e429a178a10583c16403d1894c61b47d1421f73c39e8c39f244ed54b

HTTP Headers

GET /OR/Orange22/password_fichiers/bundle.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-30a67"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/o_tealium.js

87.249.38.16

200 OK

461 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/o_tealium.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
exported SGML document, ASCII text
Size
461 B (461 bytes)
Hash
c565a78bb5f5bf65a24ad7d69eecc911
2bfdd57e5b89e751d4054ddbeb4af6179538f9ca
48e3519db17530c83a984fda459577525b5a8e0b5d7eae6aff3983676df229d2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/o_tealium.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Content-Length: 461
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Connection: keep-alive
ETag: "6477970f-1cd"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_003.js

87.249.38.16

200 OK

572 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/utag_003.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document, ASCII text, with very long lines (403)
Size
572 B (572 bytes)
Hash
adc847a44c527dfec076e1e841692e88
4a5af36ff3dd6c8656ab1b359062a05b2e299630
f9694462a39c1a319ac9db6cb051272af288ab6a0d1d3e9ab430f6aeeb49199a

HTTP Headers

GET /OR/Orange22/password_fichiers/utag_003.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-4aa"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_core.js

87.249.38.16

200 OK

12 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_core.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (31797)
Size
12 kB (11861 bytes)
Hash
e466b0dfc1a9ef10f74b219d1e7c4edf
acbd064b08faa860e22b41cefb23f7b40bfe42b8
9668ded257e371ef94eabc30a62a180d208124b92289e045528d52158398060c

HTTP Headers

GET /OR/Orange22/password_fichiers/o_onei_core.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-c0b6"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_desktop.js

87.249.38.16

200 OK

11 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_desktop.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (31955)
Size
11 kB (11139 bytes)
Hash
667c109f2350e518a6b82320c7ea3eb4
f5e32800e1918543468cebe4211e5e13ed7355f3
3ab27256fba79a23e584d985d1ac54785178a77ddafae1e573b2c34bb2954369

HTTP Headers

GET /OR/Orange22/password_fichiers/o_onei_desktop.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-bdb1"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/datadome.js

87.249.38.16

200 OK

22 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/datadome.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (65433)
Size
22 kB (22327 bytes)
Hash
eec7704cb9ea3860a2cc47c7794a88da
78d1aa7a123cdd71824ab1b015fc54b1ed6a00f2
b16556cd55d68160a36aca0b3c164d0e4fd4d7dcd962bd66882371831ca098a8

HTTP Headers

GET /OR/Orange22/password_fichiers/datadome.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-2179d"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/ora_authen.identification

87.249.38.16

200 OK

3.8 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/ora_authen.identification
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text
Size
3.8 kB (3812 bytes)
Hash
8bfbacf1d217ca8c35b670f6e6ef31c6
2c43a9177cf05c997fa035f897f2734aed941a7b
7e9e645bcb0d35d7bde7ac7a901917d98d03190aeab77bb65f6acce6310da751

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/ora_authen.identification HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Length: 3812
Connection: keep-alive
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
ETag: "ee4-5fd01ccbe8db4"
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_responsive.css

87.249.38.16

200 OK

18 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/o_onei_responsive.css
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (65536), with no line terminators
Size
18 kB (17610 bytes)
Hash
d6e2a659478284f2d0fc13fb0c9a6f46
893bac880e322e3e1193b0173693704ef7647eee
eadfe869ae51069f151a344771463206574c3c4482b33a60081c89f312479267

HTTP Headers

GET /OR/Orange22/password_fichiers/o_onei_responsive.css HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: text/css
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-2e31e"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/o_completion.js

87.249.38.16

200 OK

26 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/o_completion.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (31992)
Size
26 kB (26173 bytes)
Hash
198322b5cdb62d03d2f10dda59e3d417
3314edc8cd60151744957a309ec8872512b13e05
5fe4503dc83e2c1c9b76c24f03244b59db16ddfcce9300909b3a86c4ca7c2bed

HTTP Headers

GET /OR/Orange22/password_fichiers/o_completion.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-1b77e"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/oneI.json

87.249.38.16

200 OK

14 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/oneI.json
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (443)
Size
14 kB (13844 bytes)
Hash
427e80995454dd59a35ce0845d427eaf
5a32f7d33c74eecf210912f936374c13ae526246
ed85dfe388a20021f09bcfe91e1632de22d135e903780ba16d5d18f7394b87b2

HTTP Headers

GET /OR/Orange22/password_fichiers/oneI.json HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
ETag: W/"31476-5fd01ccbe7e14"
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/ABPlanning.json

87.249.38.16

200 OK

106 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/ABPlanning.json
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text
Size
106 B (106 bytes)
Hash
cf9b9da1f2124678596cb0db68f19fcc
c705ff82c357017892c9d6e92adbd5fec37a24e8
6f6b02609eaa139e7cb337db713e87b1339c2f4f1a20b6e672fcdcf93d565cac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/ABPlanning.json HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/json
Content-Length: 106
Connection: keep-alive
Last-Modified: Wed, 31 May 2023 18:50:54 GMT
ETag: "6a-5fd01ccb69e77"
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/oan_common-async-3.js

87.249.38.16

200 OK

63 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/oan_common-async-3.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (41696), with LF, NEL line terminators
Size
63 kB (63265 bytes)
Hash
2cb760e239cac01daf0ec447345d3f51
f1a78abd7c2b1b69938d4f4bec9f70c274a7cdf6
873eb75ff8b0b0bc721cb7b240a89311abae74d8e0447ec45c9fdd51cda79189

HTTP Headers

GET /OR/Orange22/password_fichiers/oan_common-async-3.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-36948"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/px.js

87.249.38.16

200 OK

346 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/px.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (346), with no line terminators
Size
346 B (346 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/px.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Content-Length: 346
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Connection: keep-alive
ETag: "6477970f-15a"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/utag.js

87.249.38.16

200 OK

5.5 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/utag.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (1204)
Size
5.5 kB (5472 bytes)
Hash
3103c2f4a9dc018935af5b05c8da5771
8366ed8e5e28ed007ff5604466b6ea0649e059eb
f8d67952948993a17415668bcd6d30bf01fd77de3f707d3ec8dc7244386ce098

HTTP Headers

GET /OR/Orange22/password_fichiers/utag.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-5969"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/config.js

87.249.38.16

200 OK

12 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/config.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (46153)
Size
12 kB (11489 bytes)
Hash
f052c4ff346c90fb144734bf619a7c0f
01e4df392976368190595df473bc8e5c5d225efd
8d9b3f46abc454c620056257fceb35d9c69a88b907c177b02d9de26129fb1e22

HTTP Headers

GET /OR/Orange22/password_fichiers/config.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-c968"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/gpt.js

87.249.38.16

200 OK

19 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/gpt.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (56157)
Size
19 kB (18882 bytes)
Hash
106619947b1e25411ce93455af1218bc
fc17d3fa7d4483b4bf95efd9c2f70215139667d9
2db57f6929e4a82a9fcf9ed3804adbed41d44ae000fd72f074d6ba5b72dee212

HTTP Headers

GET /OR/Orange22/password_fichiers/gpt.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-dc43"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/functions/hideShow/hideShowPassword.min.js

87.249.38.16

200 OK

2.6 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/functions/hideShow/hideShowPassword.min.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (8234), with no line terminators
Size
2.6 kB (2606 bytes)
Hash
c15627cb41cad912398a622533f74fd4
6129adb095e47a2be94cf3bba382099fdc6562e6
b6a63849f3e8066cdf340498b1701223621633fcc4b498a618d6f51a8380713e

HTTP Headers

GET /OR/Orange22/functions/hideShow/hideShowPassword.min.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970e-202a"
Expires: Thu, 06 Jul 2023 16:23:11 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/password_fichiers/pubads_impl_2020120701.js

87.249.38.16

200 OK

100 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/pubads_impl_2020120701.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (65439)
Size
100 kB (99539 bytes)
Hash
433dd0f28ab0f64447ff9ad5484edb0c
a60ea1400da3faf6738ee8572be9215a9f9bb11d
9ff097bb2a8986d45348ac893bede5cafd713e7164381c9a5e8f4f7aef9e30bc

HTTP Headers

GET /OR/Orange22/password_fichiers/pubads_impl_2020120701.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:10 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6477970f-45cde"
Expires: Thu, 06 Jul 2023 16:23:10 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip

ct16323.tw1.ru/OR/Orange22/functions/getinput/jquery.get-input-type.js

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/functions/getinput/jquery.get-input-type.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/functions/getinput/jquery.get-input-type.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ct16323.tw1.ru/OR/Orange22/password_fichiers/logo-orange.png

87.249.38.16

200 OK

3.4 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/logo-orange.png
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
PNG image data, 250 x 250, 8-bit colormap, non-interlaced\012- data
Size
3.4 kB (3354 bytes)
Hash
ba58c4c13a8cce3745d4891ece04159e
f06787352d2f6c0a8ae701ff27a066d4ba646a6c
b36e8ca10880ffc8a3903cd991589fbbe8aa75cbff6315f475be1ed0e9bda472

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/logo-orange.png HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: image/png
Content-Length: 3354
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Connection: keep-alive
ETag: "6477970f-d1a"
Expires: Thu, 06 Jul 2023 16:23:11 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/567x302_OBANK_Levier01_PUSH_20201109a.jpg

87.249.38.16

200 OK

94 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/567x302_OBANK_Levier01_PUSH_20201109a.jpg
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 567x302, components 3\012- data
Size
94 kB (94192 bytes)
Hash
8174f3d7001a76ab6ed2be5ceda24053
9fab890f69769c6e05e37213dae3129f773fdf55
2d543c630aa02d4fbb2a7e3ee34bb5267d781f4f5c3f59deb8e09c9d89b4e364

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/567x302_OBANK_Levier01_PUSH_20201109a.jpg HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: image/jpeg
Content-Length: 94192
Last-Modified: Wed, 31 May 2023 18:50:54 GMT
Connection: keep-alive
ETag: "6477970e-16ff0"
Expires: Thu, 06 Jul 2023 16:23:11 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/img_event_elcos-desktop_noelarrive.png

87.249.38.16

200 OK

8.8 kB

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/img_event_elcos-desktop_noelarrive.png
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
PNG image data, 162 x 50, 8-bit/color RGB, interlaced\012- data
Size
8.8 kB (8754 bytes)
Hash
20c688296b476b68d978bf5e9af9fbe8
17068f17339b5d05ea988a8ddc9fd9f523d357ac
1f877ab6934b3bef3b096e4bb526b510f34f6d2fe9b7eba551333e14fd4c4c94

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/img_event_elcos-desktop_noelarrive.png HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: image/png
Content-Length: 8754
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Connection: keep-alive
ETag: "6477970f-2232"
Expires: Thu, 06 Jul 2023 16:23:11 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/Logo_MC_noir_fond_transparent_small.png

87.249.38.16

200 OK

853 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/Logo_MC_noir_fond_transparent_small.png
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
PNG image data, 20 x 30, 8-bit/color RGBA, non-interlaced\012- data
Size
853 B (853 bytes)
Hash
bbfb3a4e950d63bd020add300cf15332
3ccb7cfe0d1409489ac3c40b6fa5c9c7b9a47c6c
4ae42e92bba9df8768146f10ff90e5be5d949425d05752f87a6fd8d2e27ece88

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/Logo_MC_noir_fond_transparent_small.png HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: image/png
Content-Length: 853
Last-Modified: Wed, 31 May 2023 18:50:54 GMT
Connection: keep-alive
ETag: "6477970e-355"
Expires: Thu, 06 Jul 2023 16:23:11 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/Logo_MC_orange_fond_transparent_small.png

87.249.38.16

200 OK

858 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/Logo_MC_orange_fond_transparent_small.png
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
PNG image data, 20 x 30, 8-bit/color RGBA, non-interlaced\012- data
Size
858 B (858 bytes)
Hash
6000d3e42563def838266719364eba06
e850fa48a787af8f1450bab7f47925e311977c06
27ffcc2c1144b73849cddaab57af25ea3ecb95a0434936d03e9dce93683a3c85

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/Logo_MC_orange_fond_transparent_small.png HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: image/png
Content-Length: 858
Last-Modified: Wed, 31 May 2023 18:50:54 GMT
Connection: keep-alive
ETag: "6477970e-35a"
Expires: Thu, 06 Jul 2023 16:23:11 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

ct16323.tw1.ru/OR/Orange22/password_fichiers/z.gif

87.249.38.16

200 OK

43 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/password_fichiers/z.gif
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/password_fichiers/z.gif HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Wed, 31 May 2023 18:50:55 GMT
Connection: keep-alive
ETag: "6477970f-2b"
Expires: Thu, 06 Jul 2023 16:23:11 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes

tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js

54.230.111.8

200 OK

167 B

URL GET HTTP/2
tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js
IP
54.230.111.8:443
ASN
#16509 AMAZON-02

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerAmazon
Subjecttags.tiqcdn.com
Fingerprint6B:C4:49:CA:3C:06:E1:FA:8B:24:5C:78:97:D9:86:D7:EB:CA:09:62
ValidityTue, 18 Apr 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /utag/orange/abtesting/prod/utag.sync.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/javascript
Content-Length: 167
Connection: keep-alive
Location: https://tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js
X-Cache: Redirect from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QmJgoH9sFow9bgZo5DdQnDui0SOPug2Dzdsx5zpoQiQuMrUotwo4pw==
Cache-Control: max-age=300

c.woopic.com/Magic/configuration.tgif.json

193.252.122.137

302 Moved Temporarily

178 B

URL GET HTTP/1.1
c.woopic.com/Magic/configuration.tgif.json
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Magic/configuration.tgif.json HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/Magic/configuration.tgif.json

c.woopic.com/Magic/o_tealium.js?update

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/Magic/o_tealium.js?update
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Magic/o_tealium.js?update HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/Magic/o_tealium.js?update?update

c.woopic.com/libs/common/o_load_responsive.js

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/libs/common/o_load_responsive.js
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /libs/common/o_load_responsive.js HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/libs/common/o_load_responsive.js

c.woopic.com/libs/3fb1499fd0cd5b1b9a87c93d6d21cb38/common/js/common.js

193.252.122.137

302 Moved Temporarily

178 B

URL GET HTTP/1.1
c.woopic.com/libs/3fb1499fd0cd5b1b9a87c93d6d21cb38/common/js/common.js
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /libs/3fb1499fd0cd5b1b9a87c93d6d21cb38/common/js/common.js HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/libs/3fb1499fd0cd5b1b9a87c93d6d21cb38/common/js/common.js

c.woopic.com/libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css

c.woopic.com/Magic/oneI.res.desktop.4.5.5.json

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/Magic/oneI.res.desktop.4.5.5.json
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Magic/oneI.res.desktop.4.5.5.json HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/Magic/oneI.res.desktop.4.5.5.json

cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/trust-latest/datadome.js

193.252.122.137

200 OK

22 kB

URL GET HTTP/1.1
cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/trust-latest/datadome.js
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65432)
Size
22 kB (22133 bytes)
Hash
4999233b500efc6427ccaa25ce97ad92
92847ef22ea3403cf2c34e5eac439c1f5dda19b8
047a8a23da5cb0bd6d8f997310054fdce09af1965507bb03d45db87bf2b8efd6

HTTP Headers

GET /c15d9d8fc98141b084d96f795046449b/trust-latest/datadome.js HTTP/1.1
Host: cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin,Accept-Encoding
Last-Modified: Fri, 28 May 2021 09:08:23 GMT
X-Timestamp: 1622192902.48024
X-Object-Meta-Mtime: 1622192884.931981
X-Trans-Id: txa2a638ebd9cf4d509b714-00645b5311
Cache-Control: max-age=31536000
Age: 2275550
X-Mid: pr4b
X-Cache: HIT
x-server: bgl
Content-Encoding: gzip

c.woopic.com/Magic/configuration.tgif.json

193.252.122.137

302 Moved Temporarily

154 B

URL GET HTTP/1.1
c.woopic.com/Magic/configuration.tgif.json
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /Magic/configuration.tgif.json HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://r.orange.fr/r/Oerreur_403
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

c.woopic.com/libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css

193.252.122.137

301 Moved Permanently

154 B

URL GET HTTP/1.1
c.woopic.com/libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://r.orange.fr/r/Oerreur_403
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

c.woopic.com/libs/3fb1499fd0cd5b1b9a87c93d6d21cb38/common/js/common.js

193.252.122.137

302 Moved Temporarily

154 B

URL GET HTTP/1.1
c.woopic.com/libs/3fb1499fd0cd5b1b9a87c93d6d21cb38/common/js/common.js
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /libs/3fb1499fd0cd5b1b9a87c93d6d21cb38/common/js/common.js HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://r.orange.fr/r/Oerreur_403
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js

54.230.111.8

200 OK

1.5 kB

URL GET HTTP/2
tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js
IP
54.230.111.8:443
ASN
#16509 AMAZON-02

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerAmazon
Subjecttags.tiqcdn.com
Fingerprint6B:C4:49:CA:3C:06:E1:FA:8B:24:5C:78:97:D9:86:D7:EB:CA:09:62
ValidityTue, 18 Apr 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (2695)
Size
1.5 kB (1540 bytes)
Hash
6b967f813c93121ef7c535583e260632
c04b18ebf085535b51614295067b49ee7cec5399
420a690eb56c9e4ad93992a9e914317462c345f1675d49d23c538e82e5afa931

HTTP Headers

GET /utag/orange/abtesting/prod/utag.sync.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 11 Apr 2023 14:30:32 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 97rDJ_fUbAi_w4P_Xm7Lw_S09WIYM_UE
server: AmazonS3
content-encoding: br
date: Mon, 05 Jun 2023 16:18:34 GMT
etag: W/"6b967f813c93121ef7c535583e260632"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NGBJFDBs3An68j8NQRzzqcAkmvN-iB87ZERPia3mhBaYYm6BacpdHQ==
age: 297
cache-control: max-age=300
X-Firefox-Spdy: h2

c.woopic.com/libs/common/o_load_responsive.js

193.252.122.137

301 Moved Permanently

15 kB

URL GET HTTP/1.1
c.woopic.com/libs/common/o_load_responsive.js
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (31947)
Size
15 kB (15198 bytes)
Hash
e8e69d0eb6803ac8959872894b621a3b
d9f985fa48d33bc043e0707b2260ad565a02ad4b
38840ec2434592be4ca56c7ff3ea8a1450e2339add0f298531dc3837bb1f75ae

HTTP Headers

GET /libs/common/o_load_responsive.js HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/javascript
Content-Length: 15198
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 08:57:30 GMT
Etag: e8e69d0eb6803ac8959872894b621a3b
X-Timestamp: 1685437049.09811
Cache-Control: s-maxage=60, max-age=0
X-Trans-Id: tx2551592015284c66b6dfa-00647e0bd6
Vary: Origin, Accept-Encoding
Content-Encoding: gzip
Age: 25
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.17.2/images/services_comm/om_desktop.png

193.252.122.137

200 OK

29 kB

URL GET HTTP/1.1
cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.17.2/images/services_comm/om_desktop.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
PNG image data, 300 x 320, 8-bit/color RGB, non-interlaced\012- data
Size
29 kB (29367 bytes)
Hash
bfd2858e4707255b0200abbe93131293
f693dffde9c8263e2aab90fb16a0ff070b5b4104
8dab2dc2566251e916a476c846ea0ed1ce459d26917a088146765ea6b2bef997

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /c15d9d8fc98141b084d96f795046449b/auth-2.17.2/images/services_comm/om_desktop.png HTTP/1.1
Host: cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: image/png
Content-Length: 29367
Connection: keep-alive
Vary: Origin,Accept-Encoding
Last-Modified: Tue, 18 Aug 2020 15:38:09 GMT
Etag: bfd2858e4707255b0200abbe93131293
X-Timestamp: 1597765088.67657
X-Object-Meta-Mtime: 1597764295.000000
X-Trans-Id: tx2e6f95b966cf41a7a3ea3-00647e0b64
Cache-Control: max-age=31536000
Age: 139
X-Mid: pr4b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

c.woopic.com/fonts/o-icomoon.woff2?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/o-icomoon.woff2?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/o-icomoon.woff2?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/o-icomoon.woff2?20201014?20201014

ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue55_W1G.woff2

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue55_W1G.woff2
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/fonts/HelvNeue55_W1G.woff2 HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css
Cookie: utag_main=v_id:01888c5e9b05001db144971b003305046002e00900918$_sn:1$_ss:1$_st:1685983990342$ses_id:1685982190342%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue75_W1G.woff2

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue75_W1G.woff2
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/fonts/HelvNeue75_W1G.woff2 HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css
Cookie: utag_main=v_id:01888c5e9b05001db144971b003305046002e00900918$_sn:1$_ss:1$_st:1685983990342$ses_id:1685982190342%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

c.woopic.com/fonts/HelvNeue55_W1G.woff2?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/HelvNeue55_W1G.woff2?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/HelvNeue55_W1G.woff2?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/HelvNeue55_W1G.woff2?20201014?20201014

c.woopic.com/fonts/HelvNeue75_W1G.woff2?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/HelvNeue75_W1G.woff2?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/HelvNeue75_W1G.woff2?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/HelvNeue75_W1G.woff2?20201014?20201014

ct16323.tw1.ru/OR/Orange22/functions/getinput/jquery.get-input-type.js

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/functions/getinput/jquery.get-input-type.js
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/functions/getinput/jquery.get-input-type.js HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password.php
Cookie: utag_main=v_id:01888c5e9b05001db144971b003305046002e00900918$_sn:1$_ss:1$_st:1685983990342$ses_id:1685982190342%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

cdn.adgtw.orangeads.fr/build/lib/px.js?ch=2

193.252.122.137

200 OK

242 B

URL GET HTTP/1.1
cdn.adgtw.orangeads.fr/build/lib/px.js?ch=2
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (346), with no line terminators
Size
242 B (242 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /build/lib/px.js?ch=2 HTTP/1.1
Host: cdn.adgtw.orangeads.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 02 Jun 2023 06:19:49 GMT
X-Timestamp: 1685686788.01195
Cache-Control: public, max-age=604800
X-Trans-Id: tx97c189096c91415485ae6-0064798a1b
Age: 295379
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Content-Encoding: gzip

tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js

54.230.111.8

200 OK

167 B

URL GET HTTP/2
tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js
IP
54.230.111.8:443
ASN
#16509 AMAZON-02

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerAmazon
Subjecttags.tiqcdn.com
Fingerprint6B:C4:49:CA:3C:06:E1:FA:8B:24:5C:78:97:D9:86:D7:EB:CA:09:62
ValidityTue, 18 Apr 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /utag/orange/abtesting/prod/utag.sync.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/javascript
Content-Length: 167
Connection: keep-alive
Location: https://tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js
X-Cache: Redirect from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5zwb_NOLJAnHnNtpECB52sh3gVjzDvuaPaKUJhnjsK-D3f48P059Wg==
Cache-Control: max-age=300

ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue55_W1G.woff

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue55_W1G.woff
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/fonts/HelvNeue55_W1G.woff HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css
Cookie: utag_main=v_id:01888c5e9b05001db144971b003305046002e00900918$_sn:1$_ss:1$_st:1685983990342$ses_id:1685982190342%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue75_W1G.woff

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue75_W1G.woff
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/fonts/HelvNeue75_W1G.woff HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css
Cookie: utag_main=v_id:01888c5e9b05001db144971b003305046002e00900918$_sn:1$_ss:1$_st:1685983990342$ses_id:1685982190342%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

tags.tiqcdn.com/utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448

54.230.111.8

301 Moved Permanently

167 B

URL GET HTTP/1.1
tags.tiqcdn.com/utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448
IP
54.230.111.8:80
ASN
#16509 AMAZON-02

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/javascript
Content-Length: 167
Connection: keep-alive
Location: https://tags.tiqcdn.com/utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448
X-Cache: Redirect from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1hLmHjMKkvGDox6yvZPZgQ7lu4wtAOmZ8Mk2wxIXueP4CJvDx3tq3Q==
Cache-Control: max-age=1296000

cdn.adgtw.orangeads.fr/build/oan_common-async-3.2.min.js?f1a78abd7c2b1b69938d4f4bec9f70c274a7cdf6

193.252.122.137

200 OK

48 kB

URL GET HTTP/1.1
cdn.adgtw.orangeads.fr/build/oan_common-async-3.2.min.js?f1a78abd7c2b1b69938d4f4bec9f70c274a7cdf6
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (65465)
Size
48 kB (48014 bytes)
Hash
2cf7f574731d76c62e2b0d719cb96753
d536732d8ba0bb6ee77015552072cbd3a2d04fd8
108da7c81c543549c8f9fe21ca400402aaad501d29e6a4e2241e3e7d478f196c

HTTP Headers

GET /build/oan_common-async-3.2.min.js?f1a78abd7c2b1b69938d4f4bec9f70c274a7cdf6 HTTP/1.1
Host: cdn.adgtw.orangeads.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 02 Jun 2023 06:19:25 GMT
X-Timestamp: 1685686764.17036
Cache-Control: public, max-age=604800
X-Trans-Id: tx20b7e8e351964430a54e8-00647e0bef
Age: 0
X-Mid: pr1b
X-Cache: MISS
x-server: bgl
Content-Encoding: gzip

c.woopic.com/Magic/oneI.res.desktop.4.5.5.json

193.252.122.137

301 Moved Permanently

154 B

URL GET HTTP/1.1
c.woopic.com/Magic/oneI.res.desktop.4.5.5.json
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /Magic/oneI.res.desktop.4.5.5.json HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://r.orange.fr/r/Oerreur_403
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

trust-system-eui.orange.fr/js

193.252.122.88

200 OK

227 B

URL POST HTTP/1.1
trust-system-eui.orange.fr/js
IP
193.252.122.88:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectlogin.orange.fr
Fingerprint53:5F:62:9C:5D:47:59:ED:E4:D2:A5:BB:D5:EB:75:C3:4E:51:51:66
ValidityWed, 17 Aug 2022 00:00:00 GMT - Tue, 29 Aug 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
aa4291feb02c6abd77708f70ea4b7b5f
6ee4cd93e785f6430d43419b2730c14dae1e2e72
a07ed35feaf6e1aadb0b78e4708afd8924f036df1f632f7f4c4fc479a8ae6405

HTTP Headers

POST /js HTTP/1.1
Host: trust-system-eui.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 2526
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 16:23:11 GMT
Server: DataDome
access-control-allow-origin: *
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
content-type: application/json;charset=utf-8
content-length: 227
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

gp.cdn.woopic.com/libs/J06O120cS/common/css/common.css

193.252.122.137

200 OK

318 B

URL GET HTTP/1.1
gp.cdn.woopic.com/libs/J06O120cS/common/css/common.css
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (1270), with no line terminators
Size
318 B (318 bytes)
Hash
adf9b849879d64823051612b3d9d4b04
1eb06014995283ca83d2e13eca1473fa2cd92def
8be5ae17528bfe2afdbc8baade09375837ec60bb02b54c4bf43eeee81b065634

HTTP Headers

GET /libs/J06O120cS/common/css/common.css HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/css
Content-Length: 318
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 08:57:24 GMT
X-Timestamp: 1685437043.37494
Cache-Control: max-age=15552000
X-Trans-Id: tx0f4d9a81a88f46a0b5b34-006475ba75
ETag: W/adf9b849879d64823051612b3d9d4b04
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Age: 545146
X-Mid: pr1b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/magic/configuration.tgif.json

193.252.122.137

372 B

URL GET
gp.cdn.woopic.com/magic/configuration.tgif.json
IP
193.252.122.137:0
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text
Size
372 B (372 bytes)
Hash
ef3828e134882e1c876dab2fa4d4adb9
ccae070757372ba1361cf4017fa7c95765483f42
110fc0d903269e07466e6046d1133356354f9344421364cf22d04c477785e512

HTTP Headers

GET /magic/configuration.tgif.json HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Feb 2022 14:56:54 GMT
X-Timestamp: 1645801013.83939
X-Trans-Id: tx77a0157b22d24026808d3-00647dfe69
Vary: Accept-Encoding, Origin
Cache-Control: max-age=3600
Age: 3462
X-Mid: pr1b
X-Cache: HIT
x-server: bgl
Content-Encoding: gzip

gp.cdn.woopic.com/magic/o_tealium.js?update

193.252.122.137

200 OK

283 B

URL GET HTTP/1.1
gp.cdn.woopic.com/magic/o_tealium.js?update
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
exported SGML document, ASCII text
Size
283 B (283 bytes)
Hash
c565a78bb5f5bf65a24ad7d69eecc911
2bfdd57e5b89e751d4054ddbeb4af6179538f9ca
48e3519db17530c83a984fda459577525b5a8e0b5d7eae6aff3983676df229d2

HTTP Headers

GET /magic/o_tealium.js?update HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 11 Apr 2023 10:05:03 GMT
X-Timestamp: 1681207502.30185
X-Trans-Id: tx24002a4a9baf45b0aec55-00647e04ab
Vary: Accept-Encoding, Origin
Cache-Control: max-age=3600
Age: 1860
X-Mid: pr3b
X-Cache: HIT
x-server: bgl
Content-Encoding: gzip

gp.cdn.woopic.com/libs/J06O120cS/common/js/common.js

193.252.122.137

200 OK

21 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/libs/J06O120cS/common/js/common.js
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (31951)
Size
21 kB (21379 bytes)
Hash
27fe85ad5d5e94d60db0081b00098965
3134b8b3f918409d2a65c6c26971d3af14c76403
35bddcae1ee26a3ed6b91ceb217186a713f52bb6339b4776bfa358c14f797c3d

HTTP Headers

GET /libs/J06O120cS/common/js/common.js HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/javascript
Content-Length: 21379
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 08:57:25 GMT
X-Timestamp: 1685437044.05118
Cache-Control: max-age=15552000
X-Trans-Id: tx0c8cb6105f9f4f1588a0c-006475ba75
ETag: W/27fe85ad5d5e94d60db0081b00098965
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Age: 545146
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

confiant-integrations.global.ssl.fastly.net/native/202012081025/wrap.js

151.101.65.194

200 OK

35 kB

URL GET HTTP/1.1
confiant-integrations.global.ssl.fastly.net/native/202012081025/wrap.js
IP
151.101.65.194:80
ASN
#54113 FASTLY

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (22342), with LF, NEL line terminators
Size
35 kB (34644 bytes)
Hash
83426b7ee6fb9b722ca402b2368ffd91
7762d5fe5a302506784f0a7baff8670fee96108c
47beda598efc303a2d1c94f2a769fe560609c4874288960f1ea6b8e9f1fe2baf

HTTP Headers

GET /native/202012081025/wrap.js HTTP/1.1
Host: confiant-integrations.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 34644
x-amz-id-2: rRNllVFLCquVHVTE7AdYcpu940ABuHd9srYaQj9XQI/zjUuH7GVZ1UeSX/++FmixBGvos1V4eJs=
x-amz-request-id: 7J8AKVCSJ06REVZF
Last-Modified: Tue, 08 Dec 2020 16:26:32 GMT
ETag: "1e44e6ee79c6ec09c22f19bd2054c6f1"
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Content-Encoding: gzip
Content-Type: application/javascript; charset=utf-8
Server: AmazonS3
Accept-Ranges: bytes
Date: Mon, 05 Jun 2023 16:23:12 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1666-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1685982192.773190,VS0,VE494

confiant-integrations.global.ssl.fastly.net/gpt/202009091622/wrap.js

151.101.65.194

200 OK

47 kB

URL GET HTTP/1.1
confiant-integrations.global.ssl.fastly.net/gpt/202009091622/wrap.js
IP
151.101.65.194:80
ASN
#54113 FASTLY

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (40931)
Size
47 kB (47003 bytes)
Hash
20f0a62b6efd2b7a30e2e6d59ba43da4
3b9f6f4c832d2da868d2853af926d7f2abbb980d
70c6274d94af8fd8e0e2c9654297c5c29a919cf405f684dcf67e1a06d859e9f9

HTTP Headers

GET /gpt/202009091622/wrap.js HTTP/1.1
Host: confiant-integrations.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 47003
x-amz-id-2: 1iX2Oxl3yZLJY71/iDglrxNP29TdXRPuU1SSZ466FDcWf5VrMopcxdiPKdWj/vndK0mKNGu8RCc=
x-amz-request-id: 7J810ED37NXDJPBX
Last-Modified: Wed, 09 Sep 2020 20:45:44 GMT
ETag: "8534fa9f2d46d1a8d5d7bd06db517739"
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Content-Encoding: gzip
Content-Type: application/javascript; charset=utf-8
Server: AmazonS3
Accept-Ranges: bytes
Date: Mon, 05 Jun 2023 16:23:12 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1666-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1685982192.772086,VS0,VE499

tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881

54.230.111.8

301 Moved Permanently

167 B

URL GET HTTP/1.1
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881
IP
54.230.111.8:80
ASN
#16509 AMAZON-02

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: application/javascript
Content-Length: 167
Connection: keep-alive
Location: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881
X-Cache: Redirect from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: zxr_flzGngfdnxxa9wtC_yNopzG1STKARsbIosdpob3e_J3J8j7kqQ==
Cache-Control: max-age=300

tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881

54.230.111.8

301 Moved Permanently

2 B

URL GET HTTP/1.1
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881
IP
54.230.111.8:80
ASN
#16509 AMAZON-02

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
7bc0ee636b3b83484fc3b9348863bd22
ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

HTTP Headers

GET /utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1685982191881 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Jun 2023 16:20:55 GMT
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cwJPPkM0X4hreiJBA2ultElLbMlkCSAqcgx8udwzmcQIZMSiE9l5qA==
age: 138
cache-control: max-age=300
X-Firefox-Spdy: h2

r.orange.fr/r/Oerreur_403

81.52.142.222

301 Moved Permanently

0 B

URL GET HTTP/1.1
r.orange.fr/r/Oerreur_403
IP
81.52.142.222:443
ASN
#8891 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectr.orange.fr
Fingerprint95:02:27:2A:A5:53:5B:4D:AA:8A:17:01:79:AE:59:14:2C:5E:DD:49
ValidityWed, 26 Oct 2022 00:00:00 GMT - Tue, 26 Sep 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/Oerreur_403 HTTP/1.1
Host: r.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Content-Length: 0
Date: Mon, 05 Jun 2023 16:23:12 GMT
Expires: 0
Location: https://e.orange.fr/error403.html
Server: Apache
X-Redirector-Request-Id: 08da29c6-45f5-4cec-735d-4c818fba7c00
X-Vcap-Request-Id: 08da29c6-45f5-4cec-735d-4c818fba7c00
Connection: close

r.orange.fr/r/Oerreur_403

81.52.142.222

301 Moved Permanently

0 B

URL GET HTTP/1.1
r.orange.fr/r/Oerreur_403
IP
81.52.142.222:443
ASN
#8891 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectr.orange.fr
Fingerprint95:02:27:2A:A5:53:5B:4D:AA:8A:17:01:79:AE:59:14:2C:5E:DD:49
ValidityWed, 26 Oct 2022 00:00:00 GMT - Tue, 26 Sep 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/Oerreur_403 HTTP/1.1
Host: r.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Content-Length: 0
Date: Mon, 05 Jun 2023 16:23:12 GMT
Expires: 0
Location: https://e.orange.fr/error403.html
Server: Apache
X-Redirector-Request-Id: 7d44e4c4-d0fb-4660-4a92-7de3f9b6f998
X-Vcap-Request-Id: 7d44e4c4-d0fb-4660-4a92-7de3f9b6f998
Connection: close

r.orange.fr/r/Oerreur_403

81.52.142.222

301 Moved Permanently

0 B

URL GET HTTP/1.1
r.orange.fr/r/Oerreur_403
IP
81.52.142.222:443
ASN
#8891 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectr.orange.fr
Fingerprint95:02:27:2A:A5:53:5B:4D:AA:8A:17:01:79:AE:59:14:2C:5E:DD:49
ValidityWed, 26 Oct 2022 00:00:00 GMT - Tue, 26 Sep 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/Oerreur_403 HTTP/1.1
Host: r.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Content-Length: 0
Date: Mon, 05 Jun 2023 16:23:12 GMT
Expires: 0
Location: https://e.orange.fr/error403.html
Server: Apache
X-Redirector-Request-Id: 3b1b7882-2632-48c9-6670-180f223446c2
X-Vcap-Request-Id: 3b1b7882-2632-48c9-6670-180f223446c2
Connection: close

r.orange.fr/r/Oerreur_403

81.52.142.222

301 Moved Permanently

0 B

URL GET HTTP/1.1
r.orange.fr/r/Oerreur_403
IP
81.52.142.222:443
ASN
#8891 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectr.orange.fr
Fingerprint95:02:27:2A:A5:53:5B:4D:AA:8A:17:01:79:AE:59:14:2C:5E:DD:49
ValidityWed, 26 Oct 2022 00:00:00 GMT - Tue, 26 Sep 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/Oerreur_403 HTTP/1.1
Host: r.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Content-Length: 0
Date: Mon, 05 Jun 2023 16:23:12 GMT
Expires: 0
Location: https://e.orange.fr/error403.html
Server: Apache
X-Redirector-Request-Id: 471bedfe-3f3d-4b94-77b7-c592589ceed5
X-Vcap-Request-Id: 471bedfe-3f3d-4b94-77b7-c592589ceed5
Connection: close

r.orange.fr/r/Oerreur_403

81.52.142.222

301 Moved Permanently

0 B

URL GET HTTP/1.1
r.orange.fr/r/Oerreur_403
IP
81.52.142.222:443
ASN
#8891 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectr.orange.fr
Fingerprint95:02:27:2A:A5:53:5B:4D:AA:8A:17:01:79:AE:59:14:2C:5E:DD:49
ValidityWed, 26 Oct 2022 00:00:00 GMT - Tue, 26 Sep 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/Oerreur_403 HTTP/1.1
Host: r.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Content-Length: 0
Date: Mon, 05 Jun 2023 16:23:12 GMT
Expires: 0
Location: https://e.orange.fr/error403.html
Server: Apache
X-Redirector-Request-Id: 37037b65-51a3-461b-438a-381dacb3cd14
X-Vcap-Request-Id: 37037b65-51a3-461b-438a-381dacb3cd14
Connection: close

ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue55_W1G.ttf

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue55_W1G.ttf
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/fonts/HelvNeue55_W1G.ttf HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css
Cookie: utag_main=v_id:01888c5e9b05001db144971b003305046002e00900918$_sn:1$_ss:1$_st:1685983990342$ses_id:1685982190342%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue75_W1G.ttf

87.249.38.16

404 Not Found

196 B

URL GET HTTP/1.1
ct16323.tw1.ru/OR/Orange22/fonts/HelvNeue75_W1G.ttf
IP
87.249.38.16:80
ASN
#9123 TimeWeb Ltd.

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /OR/Orange22/fonts/HelvNeue75_W1G.ttf HTTP/1.1
Host: ct16323.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/OR/Orange22/password_fichiers/bundle.css
Cookie: utag_main=v_id:01888c5e9b05001db144971b003305046002e00900918$_sn:1$_ss:1$_st:1685983990342$ses_id:1685982190342%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

c.woopic.com/fonts/o-icomoon.woff?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/o-icomoon.woff?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/o-icomoon.woff?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/o-icomoon.woff?20201014?20201014

c.woopic.com/fonts/HelvNeue55_W1G.woff?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/HelvNeue55_W1G.woff?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/HelvNeue55_W1G.woff?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/HelvNeue55_W1G.woff?20201014?20201014

c.woopic.com/fonts/HelvNeue75_W1G.woff?20201014

193.252.122.137

178 B

URL
c.woopic.com/fonts/HelvNeue75_W1G.woff?20201014
IP
193.252.122.137:0
ASN
#24600 Orange

Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/HelvNeue75_W1G.woff?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/HelvNeue75_W1G.woff?20201014?20201014

gp.cdn.woopic.com/fonts/HelvNeue55_W1G.woff2?20201014

193.252.122.137

200 OK

19 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/fonts/HelvNeue55_W1G.woff2?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Web Open Font Format (Version 2), TrueType, length 18684, version 1.0\012- data
Size
19 kB (18684 bytes)
Hash
7cacf6f3f310565b41c6b3f536419773
b3bfd7ddfe2b3c908b2c25d739bc710d24494cb8
a84ca6b96b545a4df7413f3bbe30dc209af87adff480ee3a5cd0ff73e94ebbbb

HTTP Headers

GET /fonts/HelvNeue55_W1G.woff2?20201014 HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://gp.cdn.woopic.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: application/octet-stream
Content-Length: 18684
Connection: keep-alive
Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age
Last-Modified: Thu, 11 May 2023 16:01:31 GMT
Etag: 7cacf6f3f310565b41c6b3f536419773
X-Timestamp: 1683820890.79915
Access-Control-Allow-Origin: *
X-Trans-Id: txd03dc46195ba44b7a622d-006477d7db
Cache-Control: max-age=15552000
Vary: Origin
Age: 406549
X-Mid: pr3b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/fonts/HelvNeue75_W1G.woff2?20201014

193.252.122.137

200 OK

18 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/fonts/HelvNeue75_W1G.woff2?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Web Open Font Format (Version 2), TrueType, length 18520, version 1.0\012- data
Size
18 kB (18520 bytes)
Hash
e54a5770b5f82d8d6d9a1727e440bd79
057464047783bfe4b217c9e81e48b71aab7b0082
9d091f8ac8f622ef32b06ef1d72e296675b8ac7a0eedb132e089d8a4d61ce5dd

HTTP Headers

GET /fonts/HelvNeue75_W1G.woff2?20201014 HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://gp.cdn.woopic.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: application/octet-stream
Content-Length: 18520
Connection: keep-alive
Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age
Last-Modified: Thu, 11 May 2023 16:01:28 GMT
Etag: e54a5770b5f82d8d6d9a1727e440bd79
X-Timestamp: 1683820887.10969
Access-Control-Allow-Origin: *
X-Trans-Id: tx14361b01c23e4158bba06-006477d7db
Cache-Control: max-age=15552000
Vary: Origin
Age: 406549
X-Mid: pr3b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

e.orange.fr/error403.html

193.252.122.137

403 Forbidden

2.4 kB

URL GET HTTP/1.1
e.orange.fr/error403.html
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectc.woopic.com
Fingerprint34:83:09:2D:08:4F:0E:50:ED:6A:F3:D6:97:94:63:2B:7B:E2:FC:20
ValidityMon, 18 Jul 2022 00:00:00 GMT - Tue, 01 Aug 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (317)
Size
2.4 kB (2354 bytes)
Hash
3f39620647124d65839bd31a1b3a83f2
4f9b6bfc70827f590569d4e212956d673fa71aa7
3320cc239b2fbfa44f7b5d9e42b5bea4321db9617368d928222114b37bcf20e8

HTTP Headers

GET /error403.html HTTP/1.1
Host: e.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 2354
Connection: keep-alive
Last-Modified: Thu, 16 Mar 2023 10:47:18 GMT
X-Timestamp: 1678963637.21927
X-Object-Meta-Cache-Control-Max-Age: 31540000
X-Trans-Id: txbaf52cafd79d49c6b1ad3-00646cbe4f
Cache-Control: max-age=31540000
ETag: W/3f39620647124d65839bd31a1b3a83f2
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 1133984
X-Mid: pr1b
X-Cache: HIT
x-server: bgl

e.orange.fr/error403.html

193.252.122.137

403 Forbidden

2.4 kB

URL GET HTTP/1.1
e.orange.fr/error403.html
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectc.woopic.com
Fingerprint34:83:09:2D:08:4F:0E:50:ED:6A:F3:D6:97:94:63:2B:7B:E2:FC:20
ValidityMon, 18 Jul 2022 00:00:00 GMT - Tue, 01 Aug 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (317)
Size
2.4 kB (2354 bytes)
Hash
3f39620647124d65839bd31a1b3a83f2
4f9b6bfc70827f590569d4e212956d673fa71aa7
3320cc239b2fbfa44f7b5d9e42b5bea4321db9617368d928222114b37bcf20e8

HTTP Headers

GET /error403.html HTTP/1.1
Host: e.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 2354
Connection: keep-alive
Last-Modified: Thu, 16 Mar 2023 10:47:18 GMT
X-Timestamp: 1678963637.21927
X-Object-Meta-Cache-Control-Max-Age: 31540000
X-Trans-Id: tx1853a925de464ba0bd93e-00645b4e45
Cache-Control: max-age=31540000
ETag: W/3f39620647124d65839bd31a1b3a83f2
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 2276779
X-Mid: pr3b
X-Cache: HIT
x-server: bgl

e.orange.fr/error403.html

193.252.122.137

403 Forbidden

2.4 kB

URL GET HTTP/1.1
e.orange.fr/error403.html
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectc.woopic.com
Fingerprint34:83:09:2D:08:4F:0E:50:ED:6A:F3:D6:97:94:63:2B:7B:E2:FC:20
ValidityMon, 18 Jul 2022 00:00:00 GMT - Tue, 01 Aug 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (317)
Size
2.4 kB (2354 bytes)
Hash
3f39620647124d65839bd31a1b3a83f2
4f9b6bfc70827f590569d4e212956d673fa71aa7
3320cc239b2fbfa44f7b5d9e42b5bea4321db9617368d928222114b37bcf20e8

HTTP Headers

GET /error403.html HTTP/1.1
Host: e.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 2354
Connection: keep-alive
Last-Modified: Thu, 16 Mar 2023 10:47:18 GMT
X-Timestamp: 1678963637.21927
X-Object-Meta-Cache-Control-Max-Age: 31540000
X-Trans-Id: tx1853a925de464ba0bd93e-00645b4e45
Cache-Control: max-age=31540000
ETag: W/3f39620647124d65839bd31a1b3a83f2
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 2276779
X-Mid: pr3b
X-Cache: HIT
x-server: bgl

e.orange.fr/error403.html

193.252.122.137

403 Forbidden

2.4 kB

URL GET HTTP/1.1
e.orange.fr/error403.html
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectc.woopic.com
Fingerprint34:83:09:2D:08:4F:0E:50:ED:6A:F3:D6:97:94:63:2B:7B:E2:FC:20
ValidityMon, 18 Jul 2022 00:00:00 GMT - Tue, 01 Aug 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (317)
Size
2.4 kB (2354 bytes)
Hash
3f39620647124d65839bd31a1b3a83f2
4f9b6bfc70827f590569d4e212956d673fa71aa7
3320cc239b2fbfa44f7b5d9e42b5bea4321db9617368d928222114b37bcf20e8

HTTP Headers

GET /error403.html HTTP/1.1
Host: e.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 2354
Connection: keep-alive
Last-Modified: Thu, 16 Mar 2023 10:47:18 GMT
X-Timestamp: 1678963637.21927
X-Object-Meta-Cache-Control-Max-Age: 31540000
X-Trans-Id: txbaf52cafd79d49c6b1ad3-00646cbe4f
Cache-Control: max-age=31540000
ETag: W/3f39620647124d65839bd31a1b3a83f2
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 1133984
X-Mid: pr1b
X-Cache: HIT
x-server: bgl

e.orange.fr/error403.html

193.252.122.137

403 Forbidden

2.4 kB

URL GET HTTP/1.1
e.orange.fr/error403.html
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectc.woopic.com
Fingerprint34:83:09:2D:08:4F:0E:50:ED:6A:F3:D6:97:94:63:2B:7B:E2:FC:20
ValidityMon, 18 Jul 2022 00:00:00 GMT - Tue, 01 Aug 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (317)
Size
2.4 kB (2354 bytes)
Hash
3f39620647124d65839bd31a1b3a83f2
4f9b6bfc70827f590569d4e212956d673fa71aa7
3320cc239b2fbfa44f7b5d9e42b5bea4321db9617368d928222114b37bcf20e8

HTTP Headers

GET /error403.html HTTP/1.1
Host: e.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 2354
Connection: keep-alive
Last-Modified: Thu, 16 Mar 2023 10:47:18 GMT
X-Timestamp: 1678963637.21927
X-Object-Meta-Cache-Control-Max-Age: 31540000
X-Trans-Id: tx1853a925de464ba0bd93e-00645b4e45
Cache-Control: max-age=31540000
ETag: W/3f39620647124d65839bd31a1b3a83f2
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 2276779
X-Mid: pr2b
X-Cache: HIT
x-server: bgl

c.woopic.com/fonts/HelvNeue55_W1G.ttf?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/HelvNeue55_W1G.ttf?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/HelvNeue55_W1G.ttf?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/HelvNeue55_W1G.ttf?20201014?20201014

c.woopic.com/fonts/o-icomoon.ttf?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/o-icomoon.ttf?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/o-icomoon.ttf?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/o-icomoon.ttf?20201014?20201014

c.woopic.com/fonts/HelvNeue75_W1G.ttf?20201014

193.252.122.137

301 Moved Permanently

178 B

URL GET HTTP/1.1
c.woopic.com/fonts/HelvNeue75_W1G.ttf?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /fonts/HelvNeue75_W1G.ttf?20201014 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 16:23:12 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://c.woopic.com/fonts/HelvNeue75_W1G.ttf?20201014?20201014

cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.17.2/icons/favicon-194x194.png

193.252.122.137

200 OK

680 B

URL GET HTTP/1.1
cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.17.2/icons/favicon-194x194.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
PNG image data, 194 x 194, 8-bit/color RGBA, non-interlaced\012- data
Size
680 B (680 bytes)
Hash
5608b8bfdb3b2102d558f69f2aede778
8844295cf7a92af84a35fe7711fb1b99c8e8e860
40613807e3b07197817a58c12d4c46ea117d76e3338a2cc995c7c4c88844882d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /c15d9d8fc98141b084d96f795046449b/auth-2.17.2/icons/favicon-194x194.png HTTP/1.1
Host: cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/png
Content-Length: 680
Connection: keep-alive
Vary: Origin,Accept-Encoding
Last-Modified: Tue, 18 Aug 2020 15:38:08 GMT
Etag: 5608b8bfdb3b2102d558f69f2aede778
X-Timestamp: 1597765087.00571
X-Object-Meta-Mtime: 1597764295.000000
X-Trans-Id: txf5f5cdb972a84888a810a-00647e0b65
Cache-Control: max-age=31536000
Age: 139
X-Mid: pr4b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_desktop.js

193.252.122.137

200 OK

14 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_desktop.js
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (31807)
Size
14 kB (14185 bytes)
Hash
7bdf57f95ac940a24edb076735bdd14c
eb3cc7f7440317fa97dda5e4378aa1b280ffad86
ef90c4d1643cd5d7dc71ac097bd79c66e1eb77d3851cf9bbed1d35ee465b54f1

HTTP Headers

GET /libs/J06O120cS/common/js/o_onei_desktop.js HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: text/javascript
Content-Length: 14185
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 08:57:25 GMT
X-Timestamp: 1685437044.23300
Cache-Control: max-age=15552000
X-Trans-Id: tx37c49851801a47cab40a9-006475ba75
ETag: W/7bdf57f95ac940a24edb076735bdd14c
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Age: 545148
X-Mid: pr1b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.17.2/icons/favicon-16x16.png

193.252.122.137

200 OK

156 B

URL GET HTTP/1.1
cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.17.2/icons/favicon-16x16.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
156 B (156 bytes)
Hash
626f69e7786315605b8ded76e6fcbc8b
b35aacdb793e2aecfbf1200804419130db0735c9
62a86ea8519b47dc4f5dcfc10ba55e26c34065a64f1a34ec2e6edd52c16b803d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /c15d9d8fc98141b084d96f795046449b/auth-2.17.2/icons/favicon-16x16.png HTTP/1.1
Host: cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/png
Content-Length: 156
Connection: keep-alive
Vary: Origin,Accept-Encoding
Last-Modified: Tue, 18 Aug 2020 15:38:08 GMT
Etag: 626f69e7786315605b8ded76e6fcbc8b
X-Timestamp: 1597765087.16158
X-Object-Meta-Mtime: 1597764295.000000
X-Trans-Id: txc3311a88e0c442a5b283f-00647e0bf1
Cache-Control: max-age=31536000
Age: 0
X-Mid: pr2b
X-Cache: MISS
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_core.all.desktop.YMsdcLhX.js

193.252.122.137

200 OK

90 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/libs/J06O120cS/common/js/o_onei_core.all.desktop.YMsdcLhX.js
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (33843), with NEL line terminators
Size
90 kB (90434 bytes)
Hash
04e0feaaef643601e0514897eed8120f
ea8264122c12c786291faabd6bd2c0c8144451c8
62a097af3424ef383c700570ef72bcb0f5158711e10c5d72c9db600231c05ddc

HTTP Headers

GET /libs/J06O120cS/common/js/o_onei_core.all.desktop.YMsdcLhX.js HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: text/javascript
Content-Length: 90434
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 08:57:25 GMT
X-Timestamp: 1685437044.19263
Cache-Control: max-age=15552000
X-Trans-Id: tx5f1b635e7eb54d5bb0eb9-006475ba75
ETag: W/04e0feaaef643601e0514897eed8120f
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Age: 545147
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/libs/J06O120cS/common/css/o_onei_responsive.css

193.252.122.137

200 OK

28 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/libs/J06O120cS/common/css/o_onei_responsive.css
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28047 bytes)
Hash
27c1e6e048e776a80723b7cf7fd3f61a
a31762e31e23050c5c9f9f1fc0e1bf5685954622
3cba37b4ce7180b2504a390ed12b9e8e3c65359f1864295471e0b5dec90ab37a

HTTP Headers

GET /libs/J06O120cS/common/css/o_onei_responsive.css HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: text/css
Content-Length: 28047
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 08:57:24 GMT
X-Timestamp: 1685437043.30349
Cache-Control: max-age=15552000
X-Trans-Id: tx9e05c5fe558347fbaf2c6-006475ba75
ETag: W/27c1e6e048e776a80723b7cf7fd3f61a
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Age: 545148
X-Mid: pr1b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/libs/J06O120cS/common/js/external/search/o_completion.js

193.252.122.137

200 OK

64 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/libs/J06O120cS/common/js/external/search/o_completion.js
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
HTML document, ASCII text
Size
64 kB (64012 bytes)
Hash
4408b5afa6988edf6352ccb441882154
9258152dc87e8cff27d6475c4ce0eb7e8148f341
27007b1a1e4933f175f888fa8c0527619b043c6d94cca9f1ed7a2c1471d00c23

HTTP Headers

GET /libs/J06O120cS/common/js/external/search/o_completion.js HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: text/javascript
Content-Length: 64012
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 08:57:25 GMT
X-Timestamp: 1685437044.22815
Cache-Control: max-age=15552000
X-Trans-Id: txa10f2b8c8c484735bc622-006475ba75
ETag: W/4408b5afa6988edf6352ccb441882154
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Age: 545148
X-Mid: pr3b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/magic/oneI.res.desktop.5.0.3.json

193.252.122.137

10 kB

URL GET
gp.cdn.woopic.com/magic/oneI.res.desktop.5.0.3.json
IP
193.252.122.137:0
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Unicode text, UTF-8 text, with very long lines (1337)
Size
10 kB (9968 bytes)
Hash
f0b503601684b93349983fd0777ee90c
fa385d36531d2a33cf93aa8ad6223fb5b614635a
ecb5165446c8d676308da549df22f919b8a7fe87a57165b4aef0cdd95eec5323

HTTP Headers

GET /magic/oneI.res.desktop.5.0.3.json HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 15 May 2023 08:49:14 GMT
X-Timestamp: 1684140553.83781
X-Trans-Id: tx87151055df4849b8b11f3-00647e04cb
Vary: Accept-Encoding, Origin
Cache-Control: max-age=3600
Age: 1830
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Content-Encoding: gzip

gp.cdn.woopic.com/fonts/o-icomoon.woff2?20201014

193.252.122.137

200 OK

14 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/fonts/o-icomoon.woff2?20201014
IP
193.252.122.137:80
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
Web Open Font Format (Version 2), TrueType, length 13644, version 1.0\012- data
Size
14 kB (13644 bytes)
Hash
9e0847145553460e0d4332843fdaf7b4
f0e1604dc368564192d3990a4bf7b94baabd5d00
bc29b9fbbe5fd57e9cd50049aaff479f15a236cd156e2a840d4f57594a097301

HTTP Headers

GET /fonts/o-icomoon.woff2?20201014 HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://gp.cdn.woopic.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: application/octet-stream
Content-Length: 13644
Connection: keep-alive
Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age
Last-Modified: Thu, 11 May 2023 16:01:35 GMT
Etag: 9e0847145553460e0d4332843fdaf7b4
X-Timestamp: 1683820894.08290
Access-Control-Allow-Origin: *
X-Trans-Id: tx9bf6cbb8913144cebe908-006477d7dc
Cache-Control: max-age=15552000
Vary: Origin
Age: 406549
X-Mid: pr3b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

c.woopic.com/z.gif?APP=elco&access=desktop&loaderLoaded=1481&libLoading=3076&libLoaded=3076&rendered=3228&end=3228

193.252.122.137

200 OK

43 B

URL GET HTTP/1.1
c.woopic.com/z.gif?APP=elco&access=desktop&loaderLoaded=1481&libLoading=3076&libLoaded=3076&rendered=3228&end=3228
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /z.gif?APP=elco&access=desktop&loaderLoaded=1481&libLoading=3076&libLoaded=3076&rendered=3228&end=3228 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-cache
X-Mid: N-pr2b
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

c.woopic.com/z.gif?APP=elco&access=desktop&loaderLoaded=1481&libLoading=3076&libLoaded=3076&rendered=3242&end=3242

193.252.122.137

200 OK

43 B

URL GET HTTP/1.1
c.woopic.com/z.gif?APP=elco&access=desktop&loaderLoaded=1481&libLoading=3076&libLoaded=3076&rendered=3242&end=3242
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /z.gif?APP=elco&access=desktop&loaderLoaded=1481&libLoading=3076&libLoaded=3076&rendered=3242&end=3242 HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-cache
X-Mid: N-pr4b
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

sso.orange.fr/pushms/advise/1.1/proposal?targets=TOP%5Borangefr_megamenu_mof_seg%3A1%2Corangefr_megamenu_mof_perso%3A99%2Corangefr_megamenu_int_seg%3A1%2Corangefr_megamenu_int_perso%3A99%2Corangefr_megamenu_pim_seg%3A1%2Corangefr_megamenu_pim_perso%3A99%2Corangefr_megamenu_corner_event%3A1%5D&canal=06o&canalPhysique=web

193.251.215.153

200 OK

3.6 kB

URL GET HTTP/1.1
sso.orange.fr/pushms/advise/1.1/proposal?targets=TOP%5Borangefr_megamenu_mof_seg%3A1%2Corangefr_megamenu_mof_perso%3A99%2Corangefr_megamenu_int_seg%3A1%2Corangefr_megamenu_int_perso%3A99%2Corangefr_megamenu_pim_seg%3A1%2Corangefr_megamenu_pim_perso%3A99%2Corangefr_megamenu_corner_event%3A1%5D&canal=06o&canalPhysique=web
IP
193.251.215.153:443
ASN
#3215 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectsso.orange.fr
FingerprintB0:8C:CC:20:C7:4F:3B:9F:B7:9E:61:29:65:38:66:25:B1:42:08:42
ValidityTue, 16 May 2023 00:00:00 GMT - Fri, 31 May 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (8854), with no line terminators
Size
3.6 kB (3649 bytes)
Hash
f60139b3dea0fd90f8034bd4aa524935
d6b7cc3d0a56a50069302b822b964e50d066c64e
9b6108b245ee8d6b90a643d773521565a12624d2006400ce2a11d86c351649fa

HTTP Headers

GET /pushms/advise/1.1/proposal?targets=TOP%5Borangefr_megamenu_mof_seg%3A1%2Corangefr_megamenu_mof_perso%3A99%2Corangefr_megamenu_int_seg%3A1%2Corangefr_megamenu_int_perso%3A99%2Corangefr_megamenu_pim_seg%3A1%2Corangefr_megamenu_pim_perso%3A99%2Corangefr_megamenu_corner_event%3A1%5D&canal=06o&canalPhysique=web HTTP/1.1
Host: sso.orange.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ct16323.tw1.ru
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 16:23:13 GMT
X-Request-Id: ZH4L8UUc4O9crAKFz8qR@wAAAFE
UNIQUE_ID: ZH4L8UUc4O9crAKFz8qR@wAAAFE
X-Adv-Status: 213
X-Adv-Med-et: 3451
X-Adv-RE-rtt: 12903
Vary: Origin,User-Agent,Accept-Encoding,Accept
Last-Modified: Mon, 05 Jun 2023 16:23:13 GMT
Content-Encoding: gzip
ETag: "-"
Cache-Control: private,max-age=0,s-maxage=0,must-revalidate
Content-Length: 3649
Content-Type: application/json
P3P: CP="NOI"
Connection: close
Set-Cookie: cookie_wt=!bMdzc/iC5bgBIWLycgeoogDF0hoFWQ7f0S40T8sRNqfWS93oUff9fE8jnxO0OSXUdvL/7C1kg6rnb+paW6Q/+zORT6ZEMa7Q9efSpIsoH1/92wZa0vtxj8IGsXsDkcap5Eo3egpP57jOtX/R+/+gKSjQ7PXjpVA=; path=/; Httponly; Secure ; SameSite=None
TS011e2867=01306ea61e0b63380937f04c619b4693846ac0a857877a19bbca2f3d5e170ed8bdfe322615e124e0ff2c226490c6673aaa4c9d72db; Path=/ ; Secure ; SameSite=None

c.woopic.com/logo-orange.png

193.252.122.137

200 OK

3.4 kB

URL GET HTTP/1.1
c.woopic.com/logo-orange.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
PNG image data, 250 x 250, 8-bit colormap, non-interlaced\012- data
Size
3.4 kB (3354 bytes)
Hash
ba58c4c13a8cce3745d4891ece04159e
f06787352d2f6c0a8ae701ff27a066d4ba646a6c
b36e8ca10880ffc8a3903cd991589fbbe8aa75cbff6315f475be1ed0e9bda472

HTTP Headers

GET /logo-orange.png HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/png
Content-Length: 3354
Connection: keep-alive
Last-Modified: Tue, 01 Mar 2022 10:11:08 GMT
Etag: ba58c4c13a8cce3745d4891ece04159e
X-Timestamp: 1646129467.21732
X-Object-Meta-Mtime: 1646129461.489712
X-Trans-Id: txa0a32f66fc6545e8902cc-00647e0ba0
Vary: Origin
Age: 81
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

gp.cdn.woopic.com/zema/1.0.0/assets/telesurveillance.2ff3839756.jpg

193.252.122.137

200 OK

24 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/zema/1.0.0/assets/telesurveillance.2ff3839756.jpg
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 567x302, components 3\012- data
Size
24 kB (23849 bytes)
Hash
b0b0c360cab2ba6afece4a071dd28678
851d403e70a2abe8e9e65e29e4cd38c8a9db578d
b9439e26b99ebb1b20132e210e241b5a23178c77a0a697477a464d97737f278c

HTTP Headers

GET /zema/1.0.0/assets/telesurveillance.2ff3839756.jpg HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/jpeg
Content-Length: 23849
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 13:49:18 GMT
Etag: b0b0c360cab2ba6afece4a071dd28678
X-Timestamp: 1685454557.56562
Cache-Control: max-age=15552000
X-Trans-Id: tx6cc6bb8f9c6640d6825d3-006475fedf
Vary: Origin
Age: 527634
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/zema/1.0.0/assets/Image-megamenu-banque-300123.c60297e301.png

193.252.122.137

200 OK

80 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/zema/1.0.0/assets/Image-megamenu-banque-300123.c60297e301.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 567x302, components 3\012- data
Size
80 kB (79993 bytes)
Hash
021b5026900aee57f5db9ee06a07d00f
227dd5f4224d0913ec6dceec572d2cc5eaf9a176
83cc5d6a3b32a5d7fbd23cb7b30e492a40558327201a2aec1cf9bc440abbf824

HTTP Headers

GET /zema/1.0.0/assets/Image-megamenu-banque-300123.c60297e301.png HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/png
Content-Length: 79993
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 13:49:16 GMT
Etag: 021b5026900aee57f5db9ee06a07d00f
X-Timestamp: 1685454555.90172
Cache-Control: max-age=15552000
X-Trans-Id: txb6e4ec663d3547f4b2999-006475fedf
Vary: Origin
Age: 527634
X-Mid: pr2b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/zema/1.0.0/assets/offres-forfaits.0dd24e2bfe.png

193.252.122.137

200 OK

190 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/zema/1.0.0/assets/offres-forfaits.0dd24e2bfe.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
PNG image data, 408 x 302, 8-bit/color RGBA, non-interlaced\012- data
Size
190 kB (190406 bytes)
Hash
1247cdc686cc780bf78ce055fd85722a
cbc599aedd70a315f92b60ae0437547474f2db26
4995cb754001cf4e3457ee1884adb145140dbb87b8d26b8109b0cdd62fc4df6c

HTTP Headers

GET /zema/1.0.0/assets/offres-forfaits.0dd24e2bfe.png HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/png
Content-Length: 190406
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 13:49:17 GMT
Etag: 1247cdc686cc780bf78ce055fd85722a
X-Timestamp: 1685454556.45417
Cache-Control: max-age=15552000
X-Trans-Id: txe6776fcdec764d47925f6-006475fedf
Vary: Origin
Age: 527634
X-Mid: pr1b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/zema/1.0.0/assets/offres-mobiles.dc002b241b.png

193.252.122.137

200 OK

168 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/zema/1.0.0/assets/offres-mobiles.dc002b241b.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
PNG image data, 408 x 302, 8-bit/color RGBA, non-interlaced\012- data
Size
168 kB (167895 bytes)
Hash
c7d2c9d8835445294ce16e336dfcace1
497a9c7b7d06fba477dc55dccbed889f94b2f1ca
309e1f498c78244626b47edef3290b99e8878d93f8f85ae3ae6dc8746357a3d1

HTTP Headers

GET /zema/1.0.0/assets/offres-mobiles.dc002b241b.png HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/png
Content-Length: 167895
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 13:49:17 GMT
Etag: c7d2c9d8835445294ce16e336dfcace1
X-Timestamp: 1685454556.79225
Cache-Control: max-age=15552000
X-Trans-Id: txedc0a08a7bb941a880042-006475fedf
Vary: Origin
Age: 527634
X-Mid: pr3b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

gp.cdn.woopic.com/zema/1.0.0/assets/VisuelMegaMenuIetM.4b12cc3626.png

193.252.122.137

200 OK

149 kB

URL GET HTTP/1.1
gp.cdn.woopic.com/zema/1.0.0/assets/VisuelMegaMenuIetM.4b12cc3626.png
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type
PNG image data, 567 x 302, 8-bit/color RGBA, non-interlaced\012- data
Size
149 kB (148895 bytes)
Hash
1646f6e41b400e24eb0a382221f2a1ed
b135fd65cde5ebcd45fd9fe1d6d6657bc0696ea2
fa7269f5630f79fcd24a27e751ac02403d73163746d6bb4e95abff3dd9abe216

HTTP Headers

GET /zema/1.0.0/assets/VisuelMegaMenuIetM.4b12cc3626.png HTTP/1.1
Host: gp.cdn.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 16:23:13 GMT
Content-Type: image/png
Content-Length: 148895
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 13:49:17 GMT
Etag: 1646f6e41b400e24eb0a382221f2a1ed
X-Timestamp: 1685454556.03655
Cache-Control: max-age=15552000
X-Trans-Id: tx7b4320d81bef46188f72d-006475fedf
Vary: Origin
Age: 527634
X-Mid: pr1b
X-Cache: HIT
x-server: bgl
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5a65ab604ecb4f6bc4d0b8f18872c757
5cc8c1fdb4fbf2b62c513edeea75b5cb7e8171b7
eebda0199d9f25f3d150aa63a7db585c04908ab1106684274ddaa15ac83dd7bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 16:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
700d09b8e20089cc4d5eebe096a9500f
8f71f91e9bf818f7f4c18053e22a3078d796a545
e34cbc6c7d50238eae68d853292214dde71df09f8a9d0dd1832b52e496acf2cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 16:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tpc.googlesyndication.com/safeframe/1-0-37/html/container.html

172.217.21.161

200 OK

3.0 kB

URL GET HTTP/2
tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
IP
172.217.21.161:443
ASN
#15169 GOOGLE

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerGoogle Trust Services LLC
Subjecttpc.googlesyndication.com
FingerprintFE:A7:82:21:40:84:DF:21:05:A7:26:90:B5:B0:82:DA:A9:6C:52:2A
ValidityFri, 19 May 2023 12:57:39 GMT - Fri, 11 Aug 2023 12:57:38 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5647)
Size
3.0 kB (2973 bytes)
Hash
94918a2321b72368fdfe5b171aa653cd
98b7880b6c2a5fed14b55458e175424d34fdcd69
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

HTTP Headers

GET /safeframe/1-0-37/html/container.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2973
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Jun 2023 08:59:15 GMT
expires: Sat, 01 Jun 2024 08:59:15 GMT
cache-control: public, immutable, max-age=31536000
age: 285841
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
content-type: text/html
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

996f5f9484d2d7907326671d40452523.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

142.250.74.97

200 OK

3.0 kB

URL GET HTTP/2
996f5f9484d2d7907326671d40452523.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint43:CE:FB:9F:15:CF:60:5A:60:72:25:27:C1:45:67:BF:C4:B1:1A:1E
ValidityFri, 19 May 2023 12:53:03 GMT - Fri, 11 Aug 2023 12:53:02 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5647)
Size
3.0 kB (2973 bytes)
Hash
94918a2321b72368fdfe5b171aa653cd
98b7880b6c2a5fed14b55458e175424d34fdcd69
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

HTTP Headers

GET /safeframe/1-0-37/html/container.html HTTP/1.1
Host: 996f5f9484d2d7907326671d40452523.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2973
date: Mon, 05 Jun 2023 16:23:16 GMT
expires: Tue, 04 Jun 2024 16:23:16 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5a65ab604ecb4f6bc4d0b8f18872c757
5cc8c1fdb4fbf2b62c513edeea75b5cb7e8171b7
eebda0199d9f25f3d150aa63a7db585c04908ab1106684274ddaa15ac83dd7bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 16:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5a65ab604ecb4f6bc4d0b8f18872c757
5cc8c1fdb4fbf2b62c513edeea75b5cb7e8171b7
eebda0199d9f25f3d150aa63a7db585c04908ab1106684274ddaa15ac83dd7bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 16:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

confiant-integrations.global.ssl.fastly.net/Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js

151.101.65.194

200 OK

46 kB

URL GET HTTP/1.1
confiant-integrations.global.ssl.fastly.net/Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js
IP
151.101.65.194:80
ASN
#54113 FASTLY

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php

File type
ASCII text, with very long lines (64490)
Size
46 kB (45751 bytes)
Hash
37f91da54f11784e8e74da975126286b
3f47f3593c8c9d7d56ff5245e6a7e7fdef74e2ef
d570807649d0e7b8ffccabbeab9b212235129e788b660c08c78445cd255d0467

HTTP Headers

GET /Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js HTTP/1.1
Host: confiant-integrations.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ct16323.tw1.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 45751
x-amz-id-2: PMNv/gzQ3GIGsWZ0xqiOq2DcYznrQpTt/QMfc1Rv5V5ou7RyZoggGJR0D5+jxTczLzck8Eo6YxY=
x-amz-request-id: PQEQKAPGTA981W6Z
Last-Modified: Mon, 05 Jun 2023 16:05:50 GMT
ETag: "41a22e5793ab1d0e2cb5f419ad9eb05d"
x-amz-server-side-encryption: AES256
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Content-Encoding: gzip
Content-Type: text/javascript
Server: AmazonS3
Accept-Ranges: bytes
Date: Mon, 05 Jun 2023 16:23:16 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1666-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1685982196.359139,VS0,VE466

c.woopic.com/Magic/o_tealium.js?update?update

193.252.122.137

302 Moved Temporarily

0 B

URL GET HTTP/1.1
c.woopic.com/Magic/o_tealium.js?update?update
IP
193.252.122.137:443
ASN
#24600 Orange

Requested by
http://ct16323.tw1.ru/OR/Orange22/password.php
Certificate
IssuerDigiCert Inc
Subjectcdn.woopic.com
Fingerprint86:3D:4E:DE:E4:E4:F2:E4:15:F2:97:34:00:C9:8F:85:F3:76:7C:00
ValidityFri, 14 Oct 2022 00:00:00 GMT - Tue, 27 Jun 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Magic/o_tealium.js?update?update HTTP/1.1
Host: c.woopic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ct16323.tw1.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Jun 2023 16:23:11 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://r.orange.fr/r/Oerreur_403
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL