Report - www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

Report Overview

Submitted URL
www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18
IP
62.210.105.203
ASN
#12876 Online S.a.s.
Submitted
2023-01-31 06:27:59
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	410 B	1.7 kB	142.250.74.106
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	686 B	1.4 kB	142.250.74.131
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
www.afpols-seminaires.fr	unknown	2015-11-15T08:07:20Z	2023-02-17T09:46:40Z	6.7 kB	147 kB	62.210.105.203
netdna.bootstrapcdn.com	3413	2012-09-07T17:11:00Z	2023-03-13T05:50:43Z	340 B	5.6 kB	104.18.11.207
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	400 B	35 kB	142.250.74.74
tarteaucitron.io	178386	2020-03-27T14:46:58Z	2023-03-10T11:42:41Z	431 B	496 B	51.68.111.231
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	1.7 kB	62 kB	216.58.207.227
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	44.228.1.109
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	65 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap-datepicker.fr.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap-datetimepicker.min.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/scripts.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap.min.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap-datepicker.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap.min.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap-datepicker.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap-datepicker.fr.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/bootstrap-datetimepicker.min.js	Malware
2023-01-31	medium	www.afpols-seminaires.fr/js/scripts.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js	96 kB	2023-03-07	2024-04-20
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-20 04:00:01 Times Seen18425 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	tarteaucitron.io/load.js?domain=kifdom.com&uuid=05ac8b73137dc71eb26c7dbb04a7517079c9af00	133 B	2023-03-13	2023-10-29
Pretty URL tarteaucitron.io/load.js?domain=kifdom.com&uuid=05ac8b73137dc71eb26c7dbb04a7517079c9af00 IP 51.68.111.231 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:04:47 Last Seen2023-10-29 14:40:34 Times Seen11 Hash b87eca36544193c2639012141397491e 9b1270c279f8983309deae040e79c617b7bcbcdb a8f95ef2c3f628e7fc078aa595aa7b7837f1f2c19eb6e0c0c814bb1927719462 Loading...

HTTP Transactions (49)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17809
Expires: Tue, 31 Jan 2023 11:24:37 GMT
Date: Tue, 31 Jan 2023 06:27:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18191
Expires: Tue, 31 Jan 2023 11:30:59 GMT
Date: Tue, 31 Jan 2023 06:27:48 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 05:35:52 GMT
content-type: application/json
age: 3116
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9086
Expires: Tue, 31 Jan 2023 08:59:14 GMT
Date: Tue, 31 Jan 2023 06:27:48 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: q65SHMB8/QCgyZWTWqynyWnZn7I8MDUqxjROihlHlrvFUuo3Fq7YrSe6JarRF6H6O2hsL5sQmAI=
x-amz-request-id: CZYFVNMDYDV0C7DY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 05:51:03 GMT
age: 2205
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

62.210.105.203

200 OK

2.7 kB

URL HTTP/1.1
www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7539)
Size
2.7 kB (2735 bytes)
Hash
770c91f25a838be6774d171675792dc2
672ebf0ef7e1bc3906da57b02fff9ae6ce50e2d8
6e6cf51833611b4e13cead7d35406d0cda65d8257877a8cf840502fda941ea39

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/Statement/Invoice-06-26-18 HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2735
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 06:27:48 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Hammersmith+One|Source+Sans+Pro:400,300,300italic,400italic,600,600italic,700italic,700,900,900italic

142.250.74.106

200 OK

1.1 kB

URL HTTP/1.1
fonts.googleapis.com/css?family=Hammersmith+One|Source+Sans+Pro:400,300,300italic,400italic,600,600italic,700italic,700,900,900italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
1.1 kB (1132 bytes)
Hash
1af36c241aefcf97ad8570faa56d1c05
c8cb21a127efaad39dff23e63c13880d087bcb76
86f25ae2ddd8e2bbc004a07c7d7c9ffdab0a23af201ee63fae4627e5bfdda6fe

HTTP Headers

GET /css?family=Hammersmith+One|Source+Sans+Pro:400,300,300italic,400italic,600,600italic,700italic,700,900,900italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 31 Jan 2023 06:27:48 GMT
Date: Tue, 31 Jan 2023 06:27:48 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

www.afpols-seminaires.fr/css/font-awesome.css

62.210.105.203

404 Not Found

251 B

URL HTTP/1.1
www.afpols-seminaires.fr/css/font-awesome.css
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
251 B (251 bytes)
Hash
a5f8440dcbdbbf497b5ab3f1d4ff2fca
173397c6bcda55bcfe31fe5b13424e9861e28cf1
78453561285277db3282149475684fe4d7e66016f8cb76e1fc44976abf2efe1f

HTTP Headers

GET /css/font-awesome.css HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 251
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css

104.18.11.207

200 OK

4.7 kB

URL HTTP/1.1
netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
troff or preprocessor input, ASCII text, with very long lines (305)
Size
4.7 kB (4732 bytes)
Hash
09f17df615d193a0409fda81f54f582a
abd1f7828d7c6dc772e81d10847e06e69bfe790e
c27d9ba94138c2aa687443778b5729cc2fc446b368feccd9ac512ceaabc7e4d7

HTTP Headers

GET /font-awesome/4.0.3/css/font-awesome.css HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: DE
CDN-EdgeStorageId: 601, 617, 617
Last-Modified: Mon, 25 Jan 2021 22:04:53 GMT
CDN-CachedAt: 2021-08-03 04:14:00
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 200
Cache-Control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
CDN-RequestId: 6358afe6e12aefed963ad27f3935d6d1
Content-Encoding: gzip
CDN-Status: 200
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 20593154
Server: cloudflare
CF-RAY: 79206235df1eb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.afpols-seminaires.fr/css/datepicker3.css

62.210.105.203

200 OK

3.0 kB

URL HTTP/1.1
www.afpols-seminaires.fr/css/datepicker3.css
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
ASCII text
Size
3.0 kB (3018 bytes)
Hash
5c18ed34102166ef2b52a5f76b140fc3
938b492e1647cc9756ab9b1b746a93512e051081
9d5a8950ead4d5bf72498ef91acc9e7d1884b7b67769424e65f6ebdc550ee798

HTTP Headers

GET /css/datepicker3.css HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 15 Jan 2021 15:47:43 GMT
ETag: "900026-83a8-5b8f24b07cdab"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3018
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.afpols-seminaires.fr/css/bootstrap.min.css

62.210.105.203

200 OK

17 kB

URL HTTP/1.1
www.afpols-seminaires.fr/css/bootstrap.min.css
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
ASCII text, with very long lines (65366)
Size
17 kB (17166 bytes)
Hash
59af0f3798f070545f5d08b0f82f02cb
7becdce733aa39b902bc727eed9cfa3e6c7fe22f
1ce21c06d23aef7db0ba74ffd62c7972148834a08a49c20443ba9def01bbeebd

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 15 Jan 2021 15:47:43 GMT
ETag: "900024-1867a-5b8f24b07cdab"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17166
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.afpols-seminaires.fr/css/bootstrap-datetimepicker.min.css

62.210.105.203

200 OK

1.6 kB

URL HTTP/1.1
www.afpols-seminaires.fr/css/bootstrap-datetimepicker.min.css
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
ASCII text, with very long lines (11041)
Size
1.6 kB (1592 bytes)
Hash
e2f37d482dcf460d7523146a11e0a7a4
edbc1b40bd43281d67545c49236b38aa2c2bd9be
ebccc04c9ab0dfba1fc62661c66b4d8a6c6bae59e8d6fc1a702db6b5db486bbc

HTTP Headers

GET /css/bootstrap-datetimepicker.min.css HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 15 Jan 2021 15:47:43 GMT
ETag: "900021-2be2-5b8f24b07be0b"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.afpols-seminaires.fr/js/bootstrap-datepicker.fr.js

62.210.105.203

404 Not Found

258 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap-datepicker.fr.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
258 B (258 bytes)
Hash
57cfa4e72569f28dcae15b625eaf405a
4f84c0e5bedb945ad041a07d7234732b5bac67ed
787c625793bb44dd6ac0a2d75a02a9186b0a4e093f5daa2271126f523d685637

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap-datepicker.fr.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 258
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.afpols-seminaires.fr/js/bootstrap-datetimepicker.min.js

62.210.105.203

404 Not Found

261 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap-datetimepicker.min.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
261 B (261 bytes)
Hash
f29c7321773d497155d4ca39d00fbaf3
fb656e8eaedae773dee4cb35e35915fd8f01522c
0267c992d056621dd4a48046d827e7a9fd6e471acd5aba3f054cabb4591d16f5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap-datetimepicker.min.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 261
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.afpols-seminaires.fr/js/scripts.js

62.210.105.203

404 Not Found

248 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/scripts.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
248 B (248 bytes)
Hash
7434d391a1647f1e92712e9bb3622c57
11d6e0f005c3b757f2eee5a6e88aa73c176a38a8
1214ff35e0c88a1d865887bc2ed31866a4dfd4553216cc394f8eef2769b4ec54

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/scripts.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 248
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 06:27:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

142.250.74.74

200 OK

34 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32341)
Size
34 kB (33576 bytes)
Hash
856f85cc1b07156fa844b44a10c236c2
7cef457c0e1cd0c20f4e699564ea8997f0332021
c61aa9ce7b32f93630abac1a4b27382f9333e0ff69477c9d9099070ae0742b01

HTTP Headers

GET /ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33576
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 18:03:20 GMT
expires: Tue, 30 Jan 2024 18:03:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 44668
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6c54dc63aa49467ac62956c717c338eb
300f38a7096e1fe3eaa867a93411d817e71899c2
ffd5629546de1c3bb62917ff0a6afd57e6e972ff23752f34395fab8bfc0e336f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FFD5629546DE1C3BB62917FF0A6AFD57E6E972FF23752F34395FAB8BFC0E336F"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=976
Expires: Tue, 31 Jan 2023 06:44:04 GMT
Date: Tue, 31 Jan 2023 06:27:48 GMT
Connection: keep-alive

www.afpols-seminaires.fr/js/bootstrap.min.js

62.210.105.203

404 Not Found

251 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap.min.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
251 B (251 bytes)
Hash
f6e0d50539502b0d15270e3a9a590f41
4d51336a8d5102f20437d8b8b4d1a7abedf0273f
97f4e369990eb546d69ce7b8ae49ddfd6a369a8e91a649cafc6b59ba8b020854

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 251
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 06:27:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.afpols-seminaires.fr/css/style-kifdom.css

62.210.105.203

200 OK

16 kB

URL HTTP/1.1
www.afpols-seminaires.fr/css/style-kifdom.css
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
ASCII text, with very long lines (2982)
Size
16 kB (16104 bytes)
Hash
b50dfdd10edcce8d5925a1949aee765f
97f246d28cde4cbab8e3fdc7ac27828823706692
669aa0bbd2a402c311a26106080a03fc7958561cdb58327c556f0956f7603dd6

HTTP Headers

GET /css/style-kifdom.css HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 15 Jan 2021 15:47:43 GMT
ETag: "900027-b78f-5b8f24b07cdab"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16104
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.afpols-seminaires.fr/js/bootstrap-datepicker.js

62.210.105.203

404 Not Found

255 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap-datepicker.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
255 B (255 bytes)
Hash
81011132cd0f1010267cdb0f98e985a4
54b2572569184dcab5dfb0564f11d61cbf791071
9f468204ae9e6cbf2faeeadbed48c64a7b3477ea0d57041046fb82bcfb4afd8b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap-datepicker.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 255
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

tarteaucitron.io/load.js?domain=kifdom.com&uuid=05ac8b73137dc71eb26c7dbb04a7517079c9af00

51.68.111.231

200 OK

109 B

URL HTTP/1.1
tarteaucitron.io/load.js?domain=kifdom.com&uuid=05ac8b73137dc71eb26c7dbb04a7517079c9af00
IP
51.68.111.231:0
ASN
#16276 OVH SAS

File type
ASCII text, with no line terminators
Size
109 B (109 bytes)
Hash
e299857df72e6c7370743343ce6e768d
3e829537707005fcd7c048da21dc10362c465485
4c513ee07e7f3ecc17be978c7a3c3beef95e3c3f63d425f2ab061e65ef11635f

HTTP Headers

GET /load.js?domain=kifdom.com&uuid=05ac8b73137dc71eb26c7dbb04a7517079c9af00 HTTP/1.1
Host: tarteaucitron.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Upgrade: h2
Connection: Upgrade, Keep-Alive
Expires: Wed, 01 Feb 2023 06:27:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: DENY
Content-Length: 109
Keep-Alive: timeout=1
Content-Type: application/javascript; charset=utf-8

www.afpols-seminaires.fr/img/kifdom.png

62.210.105.203

200 OK

3.9 kB

URL HTTP/1.1
www.afpols-seminaires.fr/img/kifdom.png
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
PNG image data, 228 x 83, 8-bit/color RGBA, non-interlaced\012- data
Size
3.9 kB (3915 bytes)
Hash
c678edd862c98a7aa3fe1e6a38b4ee40
10180931d6d80e5595a9c7b1c1ab3e286aef889f
62c0ec301691140cfb173c21f3f0e63beaf5c55a3cc18cde9dd000a1d75e9bb2

HTTP Headers

GET /img/kifdom.png HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 15 Jan 2021 15:42:42 GMT
ETag: "90001f-f4b-5b8f2390d352f"
Accept-Ranges: bytes
Content-Length: 3915
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.afpols-seminaires.fr/js/bootstrap.min.js

62.210.105.203

404 Not Found

251 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap.min.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
251 B (251 bytes)
Hash
f6e0d50539502b0d15270e3a9a590f41
4d51336a8d5102f20437d8b8b4d1a7abedf0273f
97f4e369990eb546d69ce7b8ae49ddfd6a369a8e91a649cafc6b59ba8b020854

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:48 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 251
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.afpols-seminaires.fr/js/bootstrap-datepicker.js

62.210.105.203

404 Not Found

255 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap-datepicker.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
255 B (255 bytes)
Hash
81011132cd0f1010267cdb0f98e985a4
54b2572569184dcab5dfb0564f11d61cbf791071
9f468204ae9e6cbf2faeeadbed48c64a7b3477ea0d57041046fb82bcfb4afd8b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap-datepicker.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:49 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 255
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.afpols-seminaires.fr/js/bootstrap-datepicker.fr.js

62.210.105.203

404 Not Found

258 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap-datepicker.fr.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
258 B (258 bytes)
Hash
57cfa4e72569f28dcae15b625eaf405a
4f84c0e5bedb945ad041a07d7234732b5bac67ed
787c625793bb44dd6ac0a2d75a02a9186b0a4e093f5daa2271126f523d685637

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap-datepicker.fr.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:49 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 258
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.afpols-seminaires.fr/js/bootstrap-datetimepicker.min.js

62.210.105.203

404 Not Found

261 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/bootstrap-datetimepicker.min.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
261 B (261 bytes)
Hash
f29c7321773d497155d4ca39d00fbaf3
fb656e8eaedae773dee4cb35e35915fd8f01522c
0267c992d056621dd4a48046d827e7a9fd6e471acd5aba3f054cabb4591d16f5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap-datetimepicker.min.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:49 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 261
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.afpols-seminaires.fr/js/scripts.js

62.210.105.203

404 Not Found

248 B

URL HTTP/1.1
www.afpols-seminaires.fr/js/scripts.js
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
248 B (248 bytes)
Hash
7434d391a1647f1e92712e9bb3622c57
11d6e0f005c3b757f2eee5a6e88aa73c176a38a8
1214ff35e0c88a1d865887bc2ed31866a4dfd4553216cc394f8eef2769b4ec54

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/scripts.js HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 404 Not Found
Date: Tue, 31 Jan 2023 06:27:49 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 248
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 05:41:42 GMT
age: 2767
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/1.1
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Size
13 kB (12956 bytes)
Hash
1c772d9d0531b187db80bcfc199c1786
c0c04fb334190e10dffed0dcc5c817c2a6041a15
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade

HTTP Headers

GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.afpols-seminaires.fr
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 12956
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 26 Jan 2023 16:20:38 GMT
Expires: Fri, 26 Jan 2024 16:20:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 27 Apr 2022 16:54:52 GMT
Content-Type: font/woff2
Age: 396431

fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/1.1
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Size
13 kB (12924 bytes)
Hash
4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4

HTTP Headers

GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.afpols-seminaires.fr
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 12924
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 29 Jan 2023 10:18:23 GMT
Expires: Mon, 29 Jan 2024 10:18:23 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 27 Apr 2022 16:02:31 GMT
Content-Type: font/woff2
Age: 158966

fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/1.1
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Size
13 kB (13036 bytes)
Hash
0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

HTTP Headers

GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.afpols-seminaires.fr
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 13036
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 30 Jan 2023 12:46:38 GMT
Expires: Tue, 30 Jan 2024 12:46:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 27 Apr 2022 16:04:42 GMT
Content-Type: font/woff2
Age: 63671

fonts.gstatic.com/s/hammersmithone/v17/qWcyB624q4L_C4jGQ9IK0O_dFlnrtREl.woff2

216.58.207.227

200 OK

20 kB

URL HTTP/1.1
fonts.gstatic.com/s/hammersmithone/v17/qWcyB624q4L_C4jGQ9IK0O_dFlnrtREl.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 19612, version 1.0\012- data
Size
20 kB (19612 bytes)
Hash
2928d6930ba5e89500726a3929de0141
aadb2e65673e9b7fc65b624c529504ad4d3d3803
7fec385668dd8696487a02bb35060f6bea3b91dca953bf942b95ad6e4bd73a5d

HTTP Headers

GET /s/hammersmithone/v17/qWcyB624q4L_C4jGQ9IK0O_dFlnrtREl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.afpols-seminaires.fr
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 19612
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 26 Jan 2023 05:10:41 GMT
Expires: Fri, 26 Jan 2024 05:10:41 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 21 Apr 2022 16:23:43 GMT
Content-Type: font/woff2
Age: 436628

www.afpols-seminaires.fr/img/bg-home.jpg

62.210.105.203

200 OK

92 kB

URL HTTP/1.1
www.afpols-seminaires.fr/img/bg-home.jpg
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x438, components 3\012- data
Size
92 kB (91662 bytes)
Hash
9eb143d015b6fb55257141f7772d1229
8663afc286e0eb0c8773219dc25782d0c9f0f5bc
419604636b0f2bec0918a310622bf51e53581cf8b82148a1bf67f9bdd32db03e

HTTP Headers

GET /img/bg-home.jpg HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/css/style-kifdom.css

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:49 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 15 Jan 2021 15:42:42 GMT
ETag: "900017-1660e-5b8f2390d352f"
Accept-Ranges: bytes
Content-Length: 91662
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12518
Expires: Tue, 31 Jan 2023 09:56:27 GMT
Date: Tue, 31 Jan 2023 06:27:49 GMT
Connection: keep-alive

www.afpols-seminaires.fr/favicon.ico

62.210.105.203

200 OK

2.7 kB

URL HTTP/1.1
www.afpols-seminaires.fr/favicon.ico
IP
62.210.105.203:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7539)
Size
2.7 kB (2735 bytes)
Hash
770c91f25a838be6774d171675792dc2
672ebf0ef7e1bc3906da57b02fff9ae6ce50e2d8
6e6cf51833611b4e13cead7d35406d0cda65d8257877a8cf840502fda941ea39

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.afpols-seminaires.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 06:27:49 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2735
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html

push.services.mozilla.com/

44.228.1.109

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.228.1.109:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: o5E0qh3ECAj7H/p8m8agtQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EnEd/Gh9M7x3fX8Rrkgz0K5XyXs=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8824
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 06:27:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8824
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 06:27:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8824
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 06:27:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8824
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 06:27:50 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 00:33:02 GMT
age: 21288
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11129 bytes)
Hash
2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:50:52 GMT
age: 9418
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13639 bytes)
Hash
63486f2a937aa8fd013fc2c2d1b32f2d
e8868de34c2f79348c1edad764259eb70bebd7a6
fa6e5ce374031c0df3b3f2d6de823cf1fe08fdaf9957a0722770867cfdec0ed1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13639
x-amzn-requestid: 8131c878-620a-4972-ba8f-1456859acae2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYcJSF0SIAMFe1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d340a1-18c7280940d508c440c0182c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:10:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OFj4AbDH4lzjvVDWwf3LiOBXTbUz8MkZlj4-ZYqg_xCHmcpYh0tpVQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 06:29:36 GMT
age: 86294
etag: "e8868de34c2f79348c1edad764259eb70bebd7a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5903 bytes)
Hash
42a648f9d34d8fb703f0b80a52e0deec
7ccefd66211d249ae5266c3b6ae3375a19e5cb6d
a57f8792e8caa2a31045a141d019f53f51b633d5d04baebdae97387740c6639d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5903
x-amzn-requestid: f6fca787-17c1-4edd-9ab0-a00e2fccc7a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboufGeSoAMF-1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d487f6-58be6bdc5e3e767e1ea47b86;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tAR5c5rQD0h5YZ6TU8pZKhUFUf5d0-l794EaYnwwkts3QXPhdYm6vA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:03:25 GMT
age: 33865
etag: "7ccefd66211d249ae5266c3b6ae3375a19e5cb6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8558 bytes)
Hash
e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R29JYq4Z8V_Xuq2no0bKxk1K6h2PmTO5OSxzMa4zppDVk3j9rO9aTw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:24:36 GMT
age: 10994
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9987 bytes)
Hash
2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gif_csWkacU59D_hnOrJpK6u2aPI8Ylf2JyQEJZ2RLNMCrXSmmMa9w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:56:35 GMT
age: 16275
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (49)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type