Report - orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325

Report Overview

Submitted URL
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325
IP
63.250.43.133
ASN
#22612 NAMECHEAP-NET
Submitted
2022-09-23 12:15:24
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	58 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
orsted-dans-bba1c7.ingress-erytho.ewp.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	44 kB	63.250.43.133
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	172.64.155.188
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.165.41.15
ocsp.usertrust.com	899	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	330 B	2.8 kB	172.64.155.188
cfspart.impots.gouv.fr	643420	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	3.3 kB	145.242.11.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery.maskedinput.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/auth.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/jquery-1.11.3.min.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/bootstrap.min.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/urls.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/auth.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/urls.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery-3.1.0.min.js	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/images/fermer.svg	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/Logo-Marianne_impots-gouv-fr.svg	Phishing
2022-09-23	medium	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery-3.1.0.min.js	86 kB	2023-03-07	2024-04-25
Pretty URL orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery-3.1.0.min.js IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-25 21:56:28 Times Seen7467 Hash 05e51b1db558320f1939f9789ccf5c8f c72c1735b4d903d90dd51225ebefb8c74ebbc51f 702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb Loading...

	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery.maskedinput.js	10 kB	2023-03-07	2024-04-22
Pretty URL orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery.maskedinput.js IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:11 Last Seen2024-04-22 09:38:49 Times Seen989 Hash 1cdeafe84120b621dcd953592a94c998 cedacae8a3b765d2d905a5c51769027733ef6823 7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020 Loading...

	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/	6.6 kB	2023-03-07	2024-04-20
Pretty URL orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/ IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-04-20 08:22:15 Times Seen45 Hash e319fc21368a5a1a0beda97e4fb3e792 ee4cb86577480a6e1b494e1f47c36d6b0f7efb03 74b485a87bf92b8522333e385904dfd0070b9ae261505d485ceb93bc4bf8afbb Loading...

	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/	1.8 kB	2023-03-07	2024-04-07
Pretty URL orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/ IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-04-07 19:20:32 Times Seen18 Hash 014f1881b3681e5d5b019904837a740d 951c3e1281618cb50704ef7594ecdb7922c1d97e 1e44b6800c24401f1a194bb675b76915e29c621d225c7da38ee2565d21ad561c Loading...

	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/	266 B	2023-03-07	2024-04-07
Pretty URL orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/ IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-04-07 19:20:32 Times Seen28 Hash b09e9ac2485eaf2f4c52e34acd0230c2 57fc6580a2228edbdd5bede712632d51461e9299 2b92f7fcce25daeca2b53e2ba5181d14cec39f0a34364e9241796b0538621b37 Loading...

	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/	1.1 kB	2023-03-07	2024-04-07
Pretty URL orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/ IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-04-07 19:20:32 Times Seen28 Hash 3e9a4e2b963076cae8b7bd5c42c6d206 50e0607f086ca96807e36b6d19780ce983c4b838 e726ad340e4c8b6b55f06b12ba3c9ab167004ccd57246ab724e6561130697a2a Loading...

	orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/	325 B	2023-03-07	2024-04-20
Pretty URL orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/ IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:18 Last Seen2024-04-20 08:22:15 Times Seen37 Hash 2cd9952181170c982f780f150ed56dd5 7c38344ce04b45e28df347def1501994051bbb51 fbbeb821e9e15e5923a220718c59f222880a35356564cfa9a634431f00182e89 Loading...

HTTP Transactions (48)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10737
Expires: Fri, 23 Sep 2022 15:14:10 GMT
Date: Fri, 23 Sep 2022 12:15:13 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 12:14:07 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jyGiEapfaoRwe4rMkC4L3MNye4YyvFhWdSG_GTvIenPrhIXRDp5Sog==
Age: 66

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eKcVatyc-xTa2WBkKUQ-UyDowr3x0Vmv-0BB0jqSxGjKsKadtjwBag==
age: 27599
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325

63.250.43.133

301 Moved Permanently

0 B

URL HTTP/1.1
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325 HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 12:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 12:27:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EXlmeZG8jK1MYmAS5Q--oDt9RUjLPkgDZ9htb5d0dqcvUwpzj8NA_g==
Age: 711

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5942
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:15:13 GMT
Last-Modified: Fri, 23 Sep 2022 10:36:11 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f4ca37fde14939f0a26f863b594d518f
53ceebe61fbd0c12755defd2798e90ba373f628f
7e3850115c6c555fc7fafe418e4907d216e0d60834d8f2d828aec943c32213de

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:15:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 09:28:15 GMT
Expires: Thu, 29 Sep 2022 09:28:14 GMT
Etag: "53ceebe61fbd0c12755defd2798e90ba373f628f"
Cache-Control: max-age=507780,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f3345f7ac80afa-OSL

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325

63.250.43.133

301 Moved Permanently

162 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325 HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:15:13 GMT
content-type: text/html
content-length: 162
location: http://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.165.41.15

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.165.41.15:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fE5/6TgiSsp9Uxj8csXBXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Z2eX0ZjnUfxoM7KDSYQekmCCHZE=

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/

63.250.43.133

302 Found

162 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325/ HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 23 Sep 2022 12:15:14 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, public
pragma: no-cache
location: hmwrmmdk=
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/autentification.css

63.250.43.133

200 OK

3.8 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/autentification.css
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
3.8 kB (3835 bytes)
Hash
57138b734711f109efe7670ee908bcc7
3fe9a4c299b009a98dd87b462a399b3a72ba3d5d
68cc0ab7c5774e21f4d463e680c5f1bae5d97d4651e5cd5782e9b68d55298207

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/css/autentification.css HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-4323"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 3835
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery.maskedinput.js

63.250.43.133

200 OK

2.6 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery.maskedinput.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
2.6 kB (2647 bytes)
Hash
e339508f78ba8133305f3491c6405390
39e22e61c069afb5479c996c646a132977b1abd0
eda27913d27f71dc91db40064f25a634189020fbcc4f752f021ba0c2bf202457

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/jquery.maskedinput.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-284d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 2647
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7818
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:15:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7818
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:15:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7818
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:15:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7818
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:15:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7818
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:15:15 GMT
Connection: keep-alive

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/1.gif

63.250.43.133

200 OK

2.8 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/1.gif
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
GIF image data, version 89a, 124 x 28\012- data
Size
2.8 kB (2812 bytes)
Hash
0d050fd3d35da175a6129a21030e78aa
09ee6a15ede6919de054fde434e9398684d48e2b
3b5b95ee14d3c3e64158175050be929c9fb2612a1c003df388d62af47a4c3e37

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/1.gif HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/gif
content-length: 2812
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
etag: "632da352-afc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/info.png

63.250.43.133

200 OK

3.2 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/info.png
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 107 x 105, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3158 bytes)
Hash
8586605c7e823e4c6c088954c90d1290
56aff3bdeaa37d2d0cbe800edc2a63c22c745e98
b16fbbc475f7128aa28ed91bc59e48517a580ca486ef5a4836e240e62224cc61

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/info.png HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/png
content-length: 3158
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
etag: "632da352-c56"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8497 bytes)
Hash
7606ff88f05062b66970d9805f38987a
d47db5fcd83023b4a8de40a47d4510e183de387a
20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8497
x-amzn-requestid: ab65ba93-aad5-4845-b471-c50c14057c47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YvqujEsIoAMF8sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632957f6-6d4635bf713fd25147948c7b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 06:04:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SZ6p5NLxuGUoEOZujwPbDGwUO0dZgiITud8RWOaSW_VciGRgBidY2A==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 19:36:01 GMT
age: 59954
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/images/aide.gif

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/images/aide.gif
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /19987456325/hmwrmmdk=/images/aide.gif HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/2.gif

63.250.43.133

200 OK

2.9 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/2.gif
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
GIF image data, version 89a, 138 x 25\012- data
Size
2.9 kB (2866 bytes)
Hash
ae43f701c156c678e3124853049bcd1d
0875ffacc52951f87e0b6d50578cbd4e5c1da976
f4f598b5fc93817de8bdd76013d28b4c092b8f139be116e625d046e3b3b9be30

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/2.gif HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/gif
content-length: 2866
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
etag: "632da352-b32"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/3.jpg

63.250.43.133

200 OK

7.1 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/3.jpg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Size
7.1 kB (7110 bytes)
Hash
0e2048acf0519d2c005209f8146edfca
e80d85ad5b49404bbc97e09652c79f3eb988fc90
2e3c000bb11b035e1a6bfe511338a7877fdc67f5c51a5ff29394e4d3735b36df

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/3.jpg HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/jpeg
content-length: 7110
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
etag: "632da352-1bc6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/4.gif

63.250.43.133

200 OK

3.4 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/4.gif
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
GIF image data, version 89a, 143 x 45\012- data
Size
3.4 kB (3357 bytes)
Hash
559e49c09cad7db6d103fbaf08be4d51
19236601f16bb32cfa38a65c991f9de4a528c826
9d0567e661cf2d5205acaaec1a0c7dfee24f48af2d56a56212c1b4db1ab88b60

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/4.gif HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/gif
content-length: 3357
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
etag: "632da352-d1d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/images/Miniballs.gif

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/images/Miniballs.gif
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /templates/images/Miniballs.gif HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/5.gif

63.250.43.133

200 OK

1.8 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/5.gif
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
GIF image data, version 89a, 118 x 40\012- data
Size
1.8 kB (1843 bytes)
Hash
d6621df34ea2eadd541830ee370ea10f
d651d11e6622cb873489cca89fdce44b421a9a0d
58b70b4cdcb982be2ab0d89312bb4b1f8596c2294392983aba048cc046acc7c5

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/5.gif HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/gif
content-length: 1843
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
etag: "632da352-733"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/auth.js

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/auth.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /templates/js/auth.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/jquery-1.11.3.min.js

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/jquery-1.11.3.min.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /templates/js/jquery-1.11.3.min.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/bootstrap.min.js

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/bootstrap.min.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /templates/js/bootstrap.min.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/urls.js

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/urls.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /templates/js/urls.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10279 bytes)
Hash
8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 2ff2c324-51c5-484d-b049-3eacbdc1024a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8THHdoAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0f4da4ba2a84679b3fd297fc;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6uqNnpll2kgC_0_t5e9yp0AgFAvprQq_GF_jgwj2sX2TE9S1l023Aw==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 03:58:47 GMT
age: 29788
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10127 bytes)
Hash
b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KKYAef15NoI3It5UfVcqhPx50Fr6IK7O2VFasuAILVN9PP8CH1_7Ng==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:58:25 GMT
age: 51410
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5340 bytes)
Hash
3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:04:45 GMT
age: 51030
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8029 bytes)
Hash
02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5ur411n5hU7eWb68iExZCUrhpCybRyTBHCi72ra8dS2kd3UhW8sb1A==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:59:00 GMT
age: 51375
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9484 bytes)
Hash
ae63806537bc1795029ac9e522b4abb1
47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781
369fe0af9bba20526bb10c7240a7571e72726fa653bbb70d8e56fabb13cf9358

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9484
x-amzn-requestid: ac493b06-28bc-4a84-ad7a-060617233da8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4ZDRHHiIAMFnow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd547-7944659e3cb7134b58da757f;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:36:07 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OzTpgbr1HluiZtdiVUrQjTV1KMWuynatd1A8L8excXJDJsnM45A3Hg==
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:12:35 GMT
age: 50560
etag: "47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.usertrust.com/

172.64.155.188

200 OK

2.2 kB

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
2.2 kB (2236 bytes)
Hash
2c4f80099702bca09e880eb8b215916a
3f02d51cb154d7c8e5b8bdd064d8a0e14214be46
45dc6d75badbef75d483e2d6048c6f5aa165b05f1b0c519725a38b9f58a9b3ea

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:15:15 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 10:12:16 GMT
Expires: Wed, 28 Sep 2022 10:12:15 GMT
Etag: "3f02d51cb154d7c8e5b8bdd064d8a0e14214be46"
Cache-Control: max-age=603858,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 326
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f3346a8dd91bfa-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d3b4aa01e8f584ae3bd4d94df403375d
190e6c5ee1fbae168a7f1a71b6542d339d634762
0ac37aee4ce0926f33b8429eb70e667bb76d978ac87f0aad5dbd39b8384b6e81

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:15:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 06:59:02 GMT
Expires: Fri, 30 Sep 2022 06:59:01 GMT
Etag: "190e6c5ee1fbae168a7f1a71b6542d339d634762"
Cache-Control: max-age=585225,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f3346a9f440afa-OSL

cfspart.impots.gouv.fr/templates/images/Cadenas.svg

145.242.11.27

404 Not Found

2.9 kB

URL HTTP/1.1
cfspart.impots.gouv.fr/templates/images/Cadenas.svg
IP
145.242.11.27:0
ASN
#3215 Orange

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (323)
Size
2.9 kB (2930 bytes)
Hash
31c8c7c86c2a6814948044e8714acddb
49cf9783f5f57a2a843a141c27bed79f54a5c2aa
8254c9ce56497ac4e9e296b9b8d35cccde8872e5961de17b7b7bb65d8c2cf1db

HTTP Headers

GET /templates/images/Cadenas.svg HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Date: Fri, 23 Sep 2022 12:15:15 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 19 Mar 2019 06:51:48 GMT
ETag: "23107-b72-5846cf068a2a8"
Accept-Ranges: bytes
Content-Length: 2930
Via: dpapusx041
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/auth.js

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/auth.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /templates/js/auth.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/urls.js

63.250.43.133

404 Not Found

146 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/templates/js/urls.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /templates/js/urls.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/11.png

63.250.43.133

200 OK

2.7 kB

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/11.png
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2719 bytes)
Hash
5ec43abf8b7fc3b90bff69584689737a
7faf2f8159901d65bd85034b31ed1d57868acd38
f31974e0b79c482dc230c94cc861698e8c2851fac18199883b56627d24180039

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/11.png HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:16 GMT
content-type: image/png
content-length: 2719
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
etag: "632da352-a9f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery-3.1.0.min.js

63.250.43.133

200 OK

0 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/jquery-3.1.0.min.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/jquery-3.1.0.min.js HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-1514f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/imp.css

63.250.43.133

200 OK

0 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/imp.css
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/css/imp.css HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-919a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/images/fermer.svg

63.250.43.133

200 OK

0 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/images/fermer.svg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/images/fermer.svg HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-6dd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/Logo-Marianne_impots-gouv-fr.svg

63.250.43.133

200 OK

0 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/Logo-Marianne_impots-gouv-fr.svg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/css/Logo-Marianne_impots-gouv-fr.svg HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/autentification.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-13d96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/

63.250.43.133

200 OK

0 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /19987456325/hmwrmmdk=/ HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:14 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-a3f2"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/bootstrap-3.3.6.min.css

63.250.43.133

200 OK

0 B

URL HTTP/2
orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/templates/css/bootstrap-3.3.6.min.css
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /19987456325/hmwrmmdk=/templates/css/bootstrap-3.3.6.min.css HTTP/1.1
Host: orsted-dans-bba1c7.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://orsted-dans-bba1c7.ingress-erytho.ewp.live/19987456325/hmwrmmdk=/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:15:15 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 12:15:14 GMT
vary: Accept-Encoding
etag: W/"632da352-2454c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (48)

URL HTTP/1.1

IP

ASN

File type

Size