Report - www.akrammurottal.net/readme.html

Report Overview

Submitted URL
www.akrammurottal.net/readme.html
IP
103.147.154.77
ASN
#138115 PT Deneva
Submitted
2023-05-22 13:48:08
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-05-22	990 B	2.9 kB	172.64.155.188
www.credit-agricole.fr	236699	1995-07-06	2017-02-01	2023-05-22	1.6 kB	258 kB	158.191.172.47
www.akrammurottal.net	unknown	2021-03-16	2021-11-15	2023-05-22	489 B	155 kB	103.147.154.77
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-22	462 B	1.5 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-22	533 B	8.7 kB	216.58.207.227
ns.cdn-services.com	unknown	2021-09-15	2022-06-11	2023-05-21	1.6 kB	2.5 kB	172.67.188.229
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2023-05-22	448 B	1.3 kB	185.244.209.62
vallettaferryservices.com	unknown	2006-05-17	2013-06-18	2023-05-22	5.8 kB	666 kB	85.119.122.20
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-05-22	490 B	1.5 kB	104.17.25.14
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-22	999 B	2.1 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-05-22	medium	www.akrammurottal.net/readme.html

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-22	medium	vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
2023-05-22	medium	www.akrammurottal.net/readme.html
2023-05-22	medium	vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
2023-05-22	medium	ns.cdn-services.com/ip

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/adblock-detect/1.0.5/index.min.js	1.1 kB	2023-03-07	2023-12-02
Pretty URL cdnjs.cloudflare.com/ajax/libs/adblock-detect/1.0.5/index.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:12 Last Seen2023-12-02 18:10:26 Times Seen398 Hash dbc106ca6d0c4ee846b9480da7512270 38ddb471f69ea9d18a009abc518fa5aa693bcfe9 0e5c9c430c430273551c46e69d58bec076c4171a41f56ef0411e670a76651a7c Loading...

	cdn.jsdelivr.net/npm/@adonisjs/framework@5.0.13/index.min.js	430 B	2023-03-07	2023-12-02
Pretty URL cdn.jsdelivr.net/npm/@adonisjs/framework@5.0.13/index.min.js IP 185.244.209.62 ASN #58286 Electric-IT Business S.R.L. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:12 Last Seen2023-12-02 18:10:26 Times Seen335 Hash ba3f5b921b05df858f6af6995e355e7a 9b273dd2d6fba08b65c55b1ce4431a0f2576b8e3 6dcf40fd04d3387edc5d792b6c7d978af1ba834014f7028765f9342db989f6ee Loading...

	vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/config/init.js	503 B	2023-03-26	2023-05-23
Pretty URL vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/config/init.js IP 85.119.122.20 ASN #200805 Melita Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 14:36:47 Last Seen2023-05-23 00:30:12 Times Seen36 Hash ba731501f1f862240fd5b99f9d466118 456f047f945f376f7b8257cb8311d08b047d0e22 14252886809fbed0c79fe36144bf8e8e5278672a0b9f749abda8181a645ee884 Loading...

	vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/vendor.d0887c5f.js	462 kB	2023-03-07	2023-12-02
Pretty URL vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/vendor.d0887c5f.js IP 85.119.122.20 ASN #200805 Melita Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:43:24 Last Seen2023-12-02 18:10:26 Times Seen342 Hash 15eebb61b8d8ee3a3a577b5f023e862b d6a3ba360cfbeb8e01dcc74a34669d4fc06dc3d0 873f1709d8ac6196e7b00b2abea4eae262756f42fd53157808efadef4898ad13 Loading...

	vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/app.f08ebc70.js	6.6 kB	2023-03-07	2023-12-02
Pretty URL vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/app.f08ebc70.js IP 85.119.122.20 ASN #200805 Melita Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:43:24 Last Seen2023-12-02 18:10:26 Times Seen318 Hash 9688d1e3d8b7fa23442503639d2452f3 a8ce827f2d0d979fbf6635e21118ce045f567c7e 6bb2742407ad7e6d0b921b6a8041e7724c5d862c5914495fb02d54c6e0eadb77 Loading...

	vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/2.1e1a6a8e.js	3.7 kB	2023-03-07	2023-12-02
Pretty URL vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/2.1e1a6a8e.js IP 85.119.122.20 ASN #200805 Melita Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:43:24 Last Seen2023-12-02 18:10:26 Times Seen298 Hash d38b9ebcc489e6fa0b3ca34a3f40391e 2d51234256d928175cafa9adbf1a257a3faadf4e b43285d40ef2297fb3f7d1c435bc8ebed249bff774a20bacf34e7653e57c70b9 Loading...

	vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/4.0ec808a8.js	33 kB	2023-04-05	2023-12-02
Pretty URL vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/4.0ec808a8.js IP 85.119.122.20 ASN #200805 Melita Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 05:00:20 Last Seen2023-12-02 18:10:26 Times Seen137 Hash 32d363c815621b8499e84a9a1c896504 8d92d7dbd61e25b40f95416e8d49a164b74ad2fe 53f439f3b06780673b9a11f2c01a0c35a1456ced54bc492da46a8ca9fdabe6a4 Loading...

HTTP Transactions (27)

URL IP Response Size

ocsp.sectigo.com/

172.64.155.188

472 B

URL
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
0c9f307e66541d3f5804faa8c5c0a057
a5e14dbc85e371877b403a2dd9bdab52137042d1
c497d44670d78b07144df90dc58dfc2098c161e57f9eb3ef17b3265152ebeb4e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 20 May 2023 10:30:18 GMT
Expires: Sat, 27 May 2023 10:30:17 GMT
Etag: "a5e14dbc85e371877b403a2dd9bdab52137042d1"
Cache-Control: max-age=419544,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cb583710f6eb4eb-OSL

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html

85.119.122.20

746 B

URL
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
IP
85.119.122.20:0
ASN
#200805 Melita Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1339), with no line terminators
Size
746 B (746 bytes)
Hash
4f1c6f7d4578c9ed06d3490769d05774
f355bd3e53d888efd7b418be57736351ecde2336
1ad31bb9729a8a0bc3eee5cf1e43e9ac0f3a8f441b0d83a6c547c943737c570b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.akrammurottal.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "53c-5fc1f35ce3cd5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 746
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

cdnjs.cloudflare.com/ajax/libs/adblock-detect/1.0.5/index.min.js

104.17.25.14

200 OK

452 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/adblock-detect/1.0.5/index.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (1061), with no line terminators
Size
452 B (452 bytes)
Hash
dbc106ca6d0c4ee846b9480da7512270
38ddb471f69ea9d18a009abc518fa5aa693bcfe9
0e5c9c430c430273551c46e69d58bec076c4171a41f56ef0411e670a76651a7c

HTTP Headers

GET /ajax/libs/adblock-detect/1.0.5/index.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vallettaferryservices.com
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 13:47:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 452
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf5-425"
last-modified: Mon, 04 May 2020 16:04:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 468259
expires: Sat, 11 May 2024 13:47:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWzyM0P8FJdnQ%2B44EbhSW20zyYNUgb%2FGsj4E78ps8%2FHL1F3wZquTUIYQagpLE17sYC4yBSfHvu260rs2LGbu8NUDs17QevrB63GX1hBydl8TT8vG5Z4LZF2Usj9MbihjxF33s%2F1m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7cb58374199ffab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/config/init.js

85.119.122.20

200 OK

364 B

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/config/init.js
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
364 B (364 bytes)
Hash
ba731501f1f862240fd5b99f9d466118
456f047f945f376f7b8257cb8311d08b047d0e22
14252886809fbed0c79fe36144bf8e8e5278672a0b9f749abda8181a645ee884

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/config/init.js HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "1f7-5fc1f35ce1d95-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 364
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.sectigo.com/

172.64.155.188

472 B

URL
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2c8cb24f1185d8dbaf0596151f6fe0f4
38efb199337658898ec924241da7af194ced9f70
4af51c66c29b47bb32376a3f9bcd9734d37948c1fddc2b9e8618d2d60d8567f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 19 May 2023 11:49:57 GMT
Expires: Fri, 26 May 2023 11:49:56 GMT
Etag: "38efb199337658898ec924241da7af194ced9f70"
Cache-Control: max-age=338374,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cb583742b68b4eb-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d1ffc63ece540992319c6f7637db168
b84a5580317750f11fea9fb0ca41710c88e66d38
905441c3ec5505f8196be1b4c4123cd1862bc6f03ce2bc5cf5fe37b21e07c907

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 13:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/css/app.ccab8aee.css

85.119.122.20

200 OK

788 B

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/css/app.ccab8aee.css
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2181), with no line terminators
Size
788 B (788 bytes)
Hash
108ad02f2daf10fc7529f1c8e3dd6b3a
8f4c4ae2f1edd215a9393db4843d37481d668259
d918c60f3e4b699d30b2c0e3ecf676ccb0846999c129b5cd64bdb03566248399

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/css/app.ccab8aee.css HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "885-5fc1f35ce0df5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 788
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/app.f08ebc70.js

85.119.122.20

200 OK

2.9 kB

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/app.f08ebc70.js
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6576), with no line terminators
Size
2.9 kB (2949 bytes)
Hash
9688d1e3d8b7fa23442503639d2452f3
a8ce827f2d0d979fbf6635e21118ce045f567c7e
6bb2742407ad7e6d0b921b6a8041e7724c5d862c5914495fb02d54c6e0eadb77

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/app.f08ebc70.js HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "19b0-5fc1f35ce0df5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2949
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d1ffc63ece540992319c6f7637db168
b84a5580317750f11fea9fb0ca41710c88e66d38
905441c3ec5505f8196be1b4c4123cd1862bc6f03ce2bc5cf5fe37b21e07c907

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 13:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.akrammurottal.net/readme.html

103.147.154.77

155 kB

URL
www.akrammurottal.net/readme.html
IP
103.147.154.77:0
ASN
#138115 PT Deneva

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
155 kB (154661 bytes)
Hash
51f350ecdd1e9bc4595c975e0a20fcb2
2eb1e4e721f754635b5a15c16d968333567f5485
81c2f90e48983683388ed2150c3f76c7913fccf7c75f0972beea3f5215d54ee3

Detections

Analyzer	Verdict	Alert
openphish	Credit Agricole S.A.
fortinet	Phishing

HTTP Headers

GET /readme.html HTTP/1.1
Host: www.akrammurottal.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
vary: Accept-Encoding
server: DomaiNesia
dn-request-id: 0f3b0b9b804a15fef8fc7db8fed63d4e
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=63072000; includeSubDomains; preload
static-cache-status: MISS
date: Mon, 22 May 2023 13:47:49 GMT
x-page-speed: DomaiNesia
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/css/vendor.677b4d5b.css

85.119.122.20

200 OK

81 kB

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/css/vendor.677b4d5b.css
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (81000 bytes)
Hash
0273d04d26a575b2698126dcd340c5a9
ef488214d4b44eae865461e5b12dea40ba080149
5054980ee59b0dcf8c8f22c5ed5c3fa50689aeb27511cf43dae23e7e707cd7fe

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/css/vendor.677b4d5b.css HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "755dc-5fc1f35ce1d95-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

fonts.googleapis.com/css2?family=Poppins:wght@400&display=swap

142.250.74.106

200 OK

887 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
gzip compressed data, max compression\012- data
Size
887 B (887 bytes)
Hash
5401c591e9a7e1726ffe340639284fbe
9ae7700c65ed8c329e16779edbfb78757cb5f7ef
e774ada98ee638ab3cd79d4bb8fa0d96269fbdd87799280edb6e7a7593168b35

HTTP Headers

GET /css2?family=Poppins:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 22 May 2023 13:47:52 GMT
date: Mon, 22 May 2023 13:47:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://vallettaferryservices.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 May 2023 00:16:36 GMT
expires: Thu, 16 May 2024 00:16:36 GMT
cache-control: public, max-age=31536000
age: 480676
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 13:47:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

172.64.155.188

471 B

URL
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
096bb034dae21f2a6d1174761b9891a6
47c2594b3cf6bf07e0c29156fcfd15ad3ee7d182
9c97edaaf0ae175f354dd3fd9426364cbf8cc6e8ec4075d5841b30702467eb69

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 20 May 2023 12:40:41 GMT
Expires: Sat, 27 May 2023 12:40:40 GMT
Etag: "47c2594b3cf6bf07e0c29156fcfd15ad3ee7d182"
Cache-Control: max-age=427426,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cb583793a38b4eb-OSL

www.credit-agricole.fr/content/dam/assetsca/master/public/commun/images/autre/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg

158.191.172.47

200 OK

6.3 kB

URL GET HTTP/1.1
www.credit-agricole.fr/content/dam/assetsca/master/public/commun/images/autre/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg
IP
158.191.172.47:443
ASN
#9159 Credit Agricole S.A.

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectwww.credit-agricole.fr
Fingerprint31:47:03:EB:DE:DA:48:E7:D1:F4:0E:86:F2:FE:6F:0D:FA:8B:9A:4C
ValidityTue, 16 Aug 2022 00:00:00 GMT - Wed, 16 Aug 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
6.3 kB (6260 bytes)
Hash
8a6438815d53936ba84ffbef78c8bcfc
e178faa510c663b51d88b5979bbc53c73fcaf3e1
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24

HTTP Headers

GET /content/dam/assetsca/master/public/commun/images/autre/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg HTTP/1.1
Host: www.credit-agricole.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 May 2023 13:03:33 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Permissions-Policy: sync-xhr=('https://*.credit-agricole.fr')
Last-Modified: Thu, 04 May 2023 13:03:33 GMT
Cache-Control: max-age=2592000
Expires: Sat, 03 Jun 2023 13:03:33 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/svg+xml
Age: 1557860
X-Cache: HIT
X-Cache-Hits: 395525
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6260
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

ns.cdn-services.com/socket.io/?EIO=3&transport=websocket

172.67.188.229

0 B

URL
ns.cdn-services.com/socket.io/?EIO=3&transport=websocket
IP
172.67.188.229:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: ns.cdn-services.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://vallettaferryservices.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IpzW9wnVmDQd7OTNaYDJXA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 22 May 2023 13:47:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xpfpxlqmf4QOKafVUOjdCioXAS8=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TO83faCeuX%2FbUmwZl6KJTjg1%2F3VwsgKgSWWqyqhgrct32B4V%2B0FoAn3qDAyFYhtlUirI8jBfal3s9%2BmbTEw9aYW8ACbNZAJUXXu72BOtplP0gnqE34B2hPz8zAQ9ImmLxvv5lv9T"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cb583786f5e1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/2.1e1a6a8e.js

85.119.122.20

200 OK

1.4 kB

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/2.1e1a6a8e.js
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (3692), with no line terminators
Size
1.4 kB (1383 bytes)
Hash
d38b9ebcc489e6fa0b3ca34a3f40391e
2d51234256d928175cafa9adbf1a257a3faadf4e
b43285d40ef2297fb3f7d1c435bc8ebed249bff774a20bacf34e7653e57c70b9

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/2.1e1a6a8e.js HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:54 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "e6f-5fc1f35ce0df5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1383
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/4.0ec808a8.js

85.119.122.20

200 OK

8.3 kB

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/4.0ec808a8.js
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (32728), with no line terminators
Size
8.3 kB (8315 bytes)
Hash
21b642fe7ec9d3a9564719a2bca31cd5
1ed2211f506b8da2c06afcde0d6aa23ed18b3002
081c15cc4b89fe7b4346ce18a3174086a750d0b40675d5e835f516411264a106

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/4.0ec808a8.js HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:54 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "8049-5fc1f35cdfe55-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

www.credit-agricole.fr/content/dam/assetsca/master/public/commun/images/autre/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg

158.191.172.47

200 OK

6.3 kB

URL GET HTTP/1.1
www.credit-agricole.fr/content/dam/assetsca/master/public/commun/images/autre/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg
IP
158.191.172.47:443
ASN
#9159 Credit Agricole S.A.

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectwww.credit-agricole.fr
Fingerprint31:47:03:EB:DE:DA:48:E7:D1:F4:0E:86:F2:FE:6F:0D:FA:8B:9A:4C
ValidityTue, 16 Aug 2022 00:00:00 GMT - Wed, 16 Aug 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
6.3 kB (6260 bytes)
Hash
8a6438815d53936ba84ffbef78c8bcfc
e178faa510c663b51d88b5979bbc53c73fcaf3e1
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24

HTTP Headers

GET /content/dam/assetsca/master/public/commun/images/autre/images/NPC-logo_Agir_chaque_jour_CA_H_Desktop-1.svg HTTP/1.1
Host: www.credit-agricole.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 May 2023 13:03:35 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Permissions-Policy: sync-xhr=('https://*.credit-agricole.fr')
Last-Modified: Wed, 03 May 2023 23:50:02 GMT
Cache-Control: max-age=2592000
Expires: Sat, 03 Jun 2023 13:03:35 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/svg+xml
Age: 1605472
X-Cache: HIT
X-Cache-Hits: 392708
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6260
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/fonts/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.ae520e14.woff2

85.119.122.20

200 OK

103 kB

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/fonts/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.ae520e14.woff2
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 102788, version 1.0\012- data
Size
103 kB (102788 bytes)
Hash
df8803afe71155fa95130772bd0da593
bd7f2ac4af45ec77fe3f9f7310099e5b950af54e
9e0871a566b5aca8cac810404e207cb1eea58dbb04c5c97a7a860140edb9b5d0

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/fonts/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.ae520e14.woff2 HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/css/vendor.677b4d5b.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:54 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "19184-5fc1f35ce2d35"
Accept-Ranges: bytes
Content-Length: 102788
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff2

www.credit-agricole.fr/content/dam/assetsca/master/public/commun/images/zone-de-gauche/connect%C3%A9/acces_cr_part_carre.jpg

158.191.172.47

200 OK

244 kB

URL GET HTTP/1.1
www.credit-agricole.fr/content/dam/assetsca/master/public/commun/images/zone-de-gauche/connect%C3%A9/acces_cr_part_carre.jpg
IP
158.191.172.47:443
ASN
#9159 Credit Agricole S.A.

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectwww.credit-agricole.fr
Fingerprint31:47:03:EB:DE:DA:48:E7:D1:F4:0E:86:F2:FE:6F:0D:FA:8B:9A:4C
ValidityTue, 16 Aug 2022 00:00:00 GMT - Wed, 16 Aug 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=791, bps=218, PhotometricIntepretation=RGB, description=Diverse culture people using mobile smartphone outdoor - Happy friends having fun with technology trends - Youth, new generatio, manufacturer=SONY, model=ILCE-7M2, orientation=upper-left, width=1326], progressive, precision 8, 960x960, components 3\012- data
Size
244 kB (243919 bytes)
Hash
b259c4797d838add41da1047021d2480
13de10f5a348efa8ff3d856f2e347eeff8a33579
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8

HTTP Headers

GET /content/dam/assetsca/master/public/commun/images/zone-de-gauche/connect%C3%A9/acces_cr_part_carre.jpg HTTP/1.1
Host: www.credit-agricole.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 May 2023 13:03:42 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Permissions-Policy: sync-xhr=('https://*.credit-agricole.fr')
Last-Modified: Wed, 03 May 2023 12:49:51 GMT
Content-Length: 243919
Cache-Control: max-age=2592000
Expires: Sat, 03 Jun 2023 13:03:42 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/jpeg
Age: 1645082
X-Cache: HIT
X-Cache-Hits: 60514
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html

85.119.122.20

200 OK

1.3 kB

URL User Request GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1349), with no line terminators
Size
1.3 kB (1340 bytes)
Hash
5c1fefb80dc10925ac86e35411527177
32b64178801025b71fcb836c8e4d3a316dd51b02
cacb3fe20c8e74150f58c05e83a938e4fb075928aa32c13e4f818a454cb377ca

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.akrammurottal.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "53c-5fc1f35ce3cd5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 746
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

cdn.jsdelivr.net/npm/@adonisjs/framework@5.0.13/index.min.js

185.244.209.62

200 OK

430 B

URL GET HTTP/2
cdn.jsdelivr.net/npm/@adonisjs/framework@5.0.13/index.min.js
IP
185.244.209.62:443
ASN
#58286 Electric-IT Business S.R.L.

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectcdn.jsdelivr.net
Fingerprint95:B3:FD:0C:F5:9E:0C:6C:F5:81:AB:DD:5D:6D:67:BF:FF:4A:FD:CC
ValiditySat, 01 Oct 2022 00:00:00 GMT - Fri, 20 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (444), with no line terminators
Size
430 B (430 bytes)
Hash
c4b637111c63f67ab151ff4586b71f6b
d4505f2b05a5aa3590aec1a3e511b3d1e5318b89
c52dea90aadf2229e52d8b2bf5e0e63bcbeba9adb2defaf28992e13010da025f

HTTP Headers

GET /npm/@adonisjs/framework@5.0.13/index.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 22 May 2023 13:47:52 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 5.0.13
x-jsd-version-type: version
etag: W/"1ae-myc90tb7oItlxVsc5EMaDyV2uOM"
age: 1740218
x-served-by: cache-fra-eddf8230108-FRA, cache-ams21038-AMS
x-cache: HIT, HIT
vary: Accept-Encoding, Accept-Encoding
content-encoding: br
cache: HIT, HIT
x-cached-since: 2023-05-22T06:43:59+00:00, 2023-05-22T06:51:18+00:00
x-id: am3-up-gc89, osix-up-gc4
x-nginx: nginx-be, nginx-be
X-Firefox-Spdy: h2

ns.cdn-services.com/ip

172.67.188.229

200 OK

315 B

URL GET HTTP/2
ns.cdn-services.com/ip
IP
172.67.188.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint4F:68:30:DE:5D:92:48:05:68:CF:BD:E5:27:6D:F5:D7:4F:0D:6B:30
ValidityMon, 15 Aug 2022 00:00:00 GMT - Tue, 15 Aug 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (375), with no line terminators
Size
315 B (315 bytes)
Hash
1282b746a5b3d38449b1f3c9b7b324a9
7cc15f64536252fff92d225cc3fc562d4159addf
a5a5388b6a7b527d536a20b7023fa325e2601b102f79370c671022b82bc21140

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /ip HTTP/1.1
Host: ns.cdn-services.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vallettaferryservices.com/
Origin: https://vallettaferryservices.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 13:47:54 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
set-cookie: cook-session=eyJ1c2VySUQiOiI2OTI0MCJ9; path=/; secure; httponly
cook-session.sig=2N8gV9sWvflMC8NKGPBrCDHMdGg; path=/; secure; httponly
etag: W/"13b-pshkIJqkPrHKkE2ZVch18nKhMnQ"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzqyWR9cXpTKtHobr78vxULOZXWfDqefg%2Beg118QGMbYMctIsoO35X4pUFC8qnFFi1EgQwI%2FfqEh6yxHd2sBctaMqPkaeZgbcCvMRkP67qdCLfyCQxD6GTWM6IfpRF6%2FT1%2F6QUAz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb583783dd50b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/vendor.d0887c5f.js

85.119.122.20

200 OK

462 kB

URL GET HTTP/1.1
vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/vendor.d0887c5f.js
IP
85.119.122.20:443
ASN
#200805 Melita Limited

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerSectigo Limited
Subjectvallettaferryservices.com
FingerprintA8:47:F6:45:2F:1F:BA:DF:B8:40:3C:2F:75:FB:33:52:38:7B:3C:AB
ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 23 Feb 2024 23:59:59 GMT

File type

Size
462 kB (462437 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/secure/agricole/acceder-a-mes-comptes/js/vendor.d0887c5f.js HTTP/1.1
Host: vallettaferryservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 13:47:52 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Sat, 20 May 2023 12:31:00 GMT
ETag: "70e65-5fc1f35ce0df5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

ns.cdn-services.com/socket.io/?EIO=3&transport=websocket

172.67.188.229

101 Switching Protocols

0 B

URL GET HTTP/1.1
ns.cdn-services.com/socket.io/?EIO=3&transport=websocket
IP
172.67.188.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vallettaferryservices.com/wp-content/plugins/secure/agricole/acceder-a-mes-comptes/index.html#/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint4F:68:30:DE:5D:92:48:05:68:CF:BD:E5:27:6D:F5:D7:4F:0D:6B:30
ValidityMon, 15 Aug 2022 00:00:00 GMT - Tue, 15 Aug 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: ns.cdn-services.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://vallettaferryservices.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IpzW9wnVmDQd7OTNaYDJXA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 22 May 2023 13:47:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xpfpxlqmf4QOKafVUOjdCioXAS8=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TO83faCeuX%2FbUmwZl6KJTjg1%2F3VwsgKgSWWqyqhgrct32B4V%2B0FoAn3qDAyFYhtlUirI8jBfal3s9%2BmbTEw9aYW8ACbNZAJUXXu72BOtplP0gnqE34B2hPz8zAQ9ImmLxvv5lv9T"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cb583786f5e1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL

IP

ASN

File type