Report - tlemcen.residanat-dz.com/auth

Report Overview

Submitted URL
tlemcen.residanat-dz.com/auth
IP
51.254.44.204
ASN
#16276 OVH SAS
Submitted
2022-12-07 10:19:24
Access
Website Title
Final URL
Tags
None
urlquery detections
Malware - Botnet panel

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	103 kB	104.17.24.14
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	142.250.74.131
maxcdn.bootstrapcdn.com	724	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	900 B	16 kB	104.18.10.207
tlemcen.residanat-dz.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	22 kB	158 kB	51.254.44.204
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
maps.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	407 B	1.2 kB	216.58.207.227
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	48 kB	34.120.237.76
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.69.31
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	746 B	142.250.74.106
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	66 kB	142.250.74.35
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.3 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	337 B	1.4 kB	34.102.187.140

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-26
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 11:54:55 Times Seen137097 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	tlemcen.residanat-dz.com/js/waves.js	4.2 kB	2023-03-07	2024-04-24
Pretty URL tlemcen.residanat-dz.com/js/waves.js IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:52 Last Seen2024-04-24 12:49:18 Times Seen118 Hash 8c9e397551418dd7278160be31cb15e8 cd8126387b23d95d0aa8929afc06dbb11af79922 3e7694476cefec5d25e6e94636aa321c79e0f1a71d2fbe514849c6bbc23ba249 Loading...

	tlemcen.residanat-dz.com/auth	1.1 kB	2023-03-08	2023-03-08
Pretty URL tlemcen.residanat-dz.com/auth IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2023-03-08 20:46:59 Times Seen1 Hash ee03aa7f572de6908d33bff3616d257c 14d7d2b85b7331605f5f515ad85e8321c150169a 1629c91e103e2c045ee4e7bcd6441fd2b48d71a78c516ca6c81958280c08043e Loading...

	maps.googleapis.com/maps-api-v3/api/js/51/2/util.js	170 kB	2023-03-08	2023-03-12
Pretty URL maps.googleapis.com/maps-api-v3/api/js/51/2/util.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:47 Last Seen2023-03-12 16:22:26 Times Seen1 Hash 57abc24730c5e3098df038528852b6bb bc15e0c81c4aaca2cbf840a357622a398d0299c6 ab0897fa86882119e4c205194b220af856781975b3485fd97df8ffda72835f0e Loading...

	tlemcen.residanat-dz.com/plugins/bower_components/sidebar-nav/dist/sidebar-nav.min.js	1.9 kB	2023-03-07	2024-04-12
Pretty URL tlemcen.residanat-dz.com/plugins/bower_components/sidebar-nav/dist/sidebar-nav.min.js IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:52 Last Seen2024-04-12 07:15:40 Times Seen177 Hash 9d596cdad6a6e250ced46785d04adf4e 28e5114d5db21eec8d4c9bbb29cf7d73dcef2b9f 3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b Loading...

	maps.googleapis.com/maps/api/js?key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&signed_in=true&callback=initMap	164 kB	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/api/js?key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&signed_in=true&callback=initMap IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2023-03-08 20:46:59 Times Seen1 Hash 0e7b5a8a6b5220cf6cd85c3075a93962 ecb0c0994ebed49ad5a7bf6afdda478ff58cdec3 898d48d9783ed67fc4943febae23c18b2990a0675d59b1dff4f00c45295d0eb5 Loading...

	maps.googleapis.com/maps/vt?pb=!1m4!1m3!1i16!2i32527!3i25984!1m4!1m3!1i16!2i32527!3i25985!1m4!1m3!1i16!2i32528!3i25984!1m4!1m3!1i16!2i32528!3i25985!1m4!1m3!1i16!2i32529!3i25984!1m4!1m3!1i16!2i32529!3i25985!1m4!1m3!1i16!2i32530!3i25984!1m4!1m3!1i16!2i32530!3i25985!2m3!1e0!2sm!3i628362666!3m12!2sen-US!3sUS!5e18!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e3!12m1!5b1!23i1379903&callback=_xdc_._amjrxd&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=72727	11 kB	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/vt?pb=!1m4!1m3!1i16!2i32527!3i25984!1m4!1m3!1i16!2i32527!3i25985!1m4!1m3!1i16!2i32528!3i25984!1m4!1m3!1i16!2i32528!3i25985!1m4!1m3!1i16!2i32529!3i25984!1m4!1m3!1i16!2i32529!3i25985!1m4!1m3!1i16!2i32530!3i25984!1m4!1m3!1i16!2i32530!3i25985!2m3!1e0!2sm!3i628362666!3m12!2sen-US!3sUS!5e18!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e3!12m1!5b1!23i1379903&callback=_xdc_._amjrxd&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=72727 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2023-03-08 20:46:59 Times Seen1 Hash 89a19d282294e293a64e1a5f8f446a30 b3bf1d1c4cfbc0f975fe80278fa6538b6be4e68c e5ef420ec42833bc10022a3e50bc78cf1cc0979c9c30a7f0204be089c7b965ed Loading...

	maps.googleapis.com/maps-api-v3/api/js/51/2/controls.js	89 kB	2023-03-08	2023-03-11
Pretty URL maps.googleapis.com/maps-api-v3/api/js/51/2/controls.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:52 Last Seen2023-03-11 23:52:49 Times Seen1 Hash b333f5f5e4f77d32cecc7a32179525a2 7374fa51dbcc3985ca957977ad85d8d494780fd3 861a0e07acb61b96bfc42f7c04421fdbd7f649eee84867458875765bf1e46f65 Loading...

	tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-select/bootstrap-select.min.js	34 kB	2023-03-08	2024-04-21
Pretty URL tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-select/bootstrap-select.min.js IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:59:04 Last Seen2024-04-21 18:57:14 Times Seen120 Hash 6ded2e1fd18117970a03bfb102ae72d6 fec7256038ab3d8fe2f81ab3d4311131984d78be 243de0fab07d0635bafdc184bb00ae7b5b06b62b5bd9a41536cfe9978d75e174 Loading...

	tlemcen.residanat-dz.com/js/jquery.slimscroll.js	4.5 kB	2023-03-07	2024-04-11
Pretty URL tlemcen.residanat-dz.com/js/jquery.slimscroll.js IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:52 Last Seen2024-04-11 01:08:27 Times Seen96 Hash cd41a564fcd459d4d86a04f1b5a22ab9 e3338bc566f2979957130ff0e505ced74d0d4058 7a94dcfcd1102a445603ef1af09d2677e0d2d8e964dedd88214c449c160416f2 Loading...

	maps.googleapis.com/maps-api-v3/api/js/51/2/map.js	73 kB	2023-03-08	2023-03-11
Pretty URL maps.googleapis.com/maps-api-v3/api/js/51/2/map.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:52 Last Seen2023-03-11 23:52:48 Times Seen1 Hash 4869740252e68a1c77e9c89f5c34c65c 86f362a4b77470a409d4ce446688905ab2297f90 2ad1214ac7de8037dc1cc5ea2e9ec32b9e656ecffef354809dd937e711ffdee9 Loading...

	maps.googleapis.com/maps-api-v3/api/js/51/2/marker.js	37 kB	2023-03-08	2023-03-11
Pretty URL maps.googleapis.com/maps-api-v3/api/js/51/2/marker.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:24:30 Last Seen2023-03-11 23:52:30 Times Seen1 Hash 6dc0864f177a2715e3b252a6c9afba95 603209d9281300dc7bdc7e260820d743fd5efef8 93fb35c02d5ce6df1a0a9702e3b11ea50903d9b67f943d27a97dccac14f7e594 Loading...

	maps.googleapis.com/maps-api-v3/api/js/51/2/onion.js	27 kB	2023-03-08	2023-03-11
Pretty URL maps.googleapis.com/maps-api-v3/api/js/51/2/onion.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:52 Last Seen2023-03-11 23:52:48 Times Seen1 Hash a4e562923600d6d71cc5bf35a00eae47 fd698438370a35c4e24a423a7398854bdf1a6591 fa952709fa4f2d289ab967076ea503aac2b25598af23c3a4e962905b884ff173 Loading...

	maps.googleapis.com/maps/api/js/QuotaService.RecordEvent?1shttps%3A%2F%2Ftlemcen.residanat-dz.com%2Fauth&3sAIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&7sdi076f&10e1&11b0&callback=_xdc_._lnnzi6&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=126598	62 B	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/api/js/QuotaService.RecordEvent?1shttps%3A%2F%2Ftlemcen.residanat-dz.com%2Fauth&3sAIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&7sdi076f&10e1&11b0&callback=_xdc_._lnnzi6&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=126598 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2023-03-08 20:46:59 Times Seen1 Hash 6dbb28334d1ed58cb537974d2bd41394 85fcf3f04e0d11d76a8566aa8bfa4e6987c794e7 3c481da484fca3fb17e29aa25fea6af2bcb19fedc8df723aa72541060739115c Loading...

	maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d34.87193856646009&2d-1.3312963901877168&2m2&1d34.888309128973304&2d-1.2943306038675502&2u16&4sen-US&5e0&6sm%40628000000&7b0&8e0&12e1&13shttps%3A%2F%2Ftlemcen.residanat-dz.com%2Fauth&14b1&callback=_xdc_._xh5pj3&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=119206	24 kB	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d34.87193856646009&2d-1.3312963901877168&2m2&1d34.888309128973304&2d-1.2943306038675502&2u16&4sen-US&5e0&6sm%40628000000&7b0&8e0&12e1&13shttps%3A%2F%2Ftlemcen.residanat-dz.com%2Fauth&14b1&callback=_xdc_._xh5pj3&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=119206 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2023-03-08 20:46:59 Times Seen1 Hash b9e74f691e4fd0b20a1c5d4cc5f964c3 53ed8495291b5c3a5217ba829b1db3f748f4637c c65a82f395b1ffd41ea534f2dbecc6d218264b2811d63b6250047b9f75ba2cf4 Loading...

	maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Ftlemcen.residanat-dz.com%2Fauth&4sAIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&7m1&1e0&8b0&callback=_xdc_._wxthqx&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=105675	62 B	2023-03-08	2023-03-08
Pretty URL maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Ftlemcen.residanat-dz.com%2Fauth&4sAIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&7m1&1e0&8b0&callback=_xdc_._wxthqx&key=AIzaSyCm1685eD2zcv_074DEqum8JuH0uLhAjOU&token=105675 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2023-03-08 20:46:59 Times Seen1 Hash 7f63506f737f19a610b75887bd10172a 8142a8ff55b32c400f73c246a6f4d67b5ca4470e 0ebd15d3e00c3a095f0c7e9c75aeff5817f353ad2f84cda868d4f8caf01a6bf7 Loading...

	tlemcen.residanat-dz.com/plugins/bower_components/sweetalert/sweetalert.min.js	17 kB	2023-03-07	2024-04-26
Pretty URL tlemcen.residanat-dz.com/plugins/bower_components/sweetalert/sweetalert.min.js IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:43 Last Seen2024-04-26 06:20:04 Times Seen2077 Hash 2f9966a615f3f46d846807adbe42644f 441544c084828da55ca0bafdc4c3df7dc7020820 be4d1215ef6f2b2915b7f65cd28b9a9f7dcef17e1f0d883edd19400ca0ea795c Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	19 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 11:54:55 Times Seen111791 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js	84 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 10:12:50 Times Seen15697 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	tlemcen.residanat-dz.com/js/custom.min.js	3.9 kB	2023-03-08	2024-04-11
Pretty URL tlemcen.residanat-dz.com/js/custom.min.js IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2024-04-11 01:08:27 Times Seen10 Hash fbbf56ac32fd045efa0046f8daef937d 6745b904885228f2c00876e6ba750d7a021fcb37 1e73b8cdda8011c79861feedaed85b1ebb9e98c0dec5177cd07a0ea2a4c0ba2c Loading...

	tlemcen.residanat-dz.com/auth	1.3 kB	2023-03-08	2023-03-08
Pretty URL tlemcen.residanat-dz.com/auth IP 51.254.44.204 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:59 Last Seen2023-03-08 20:46:59 Times Seen1 Hash d24577747060b19b2b19a016a1b5d2b4 40f04c3be5ef9611cc5992c0e183e6e3917e10af e5cca5a7a015793d7b4747f7a5cdd66bda5c5e426ac2ceb7043302165807ed2d Loading...

	maps.googleapis.com/maps-api-v3/api/js/51/2/common.js	255 kB	2023-03-08	2023-03-12
Pretty URL maps.googleapis.com/maps-api-v3/api/js/51/2/common.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:47 Last Seen2023-03-12 16:22:26 Times Seen1 Hash c189cf894d42e8a36254fe06edfbef0b 41fc57570e3544edbd83110bb812503c1608b034 32a21f5208395435a2607c4980b663c15b20d0ecb57647193fccedf6fe2772cb Loading...

HTTP Transactions (61)

URL IP Response Size

tlemcen.residanat-dz.com/auth

51.254.44.204

301 Moved Permanently

162 B

URL HTTP/1.1
tlemcen.residanat-dz.com/auth
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /auth HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Dec 2022 10:19:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://tlemcen.residanat-dz.com/auth

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10113
Expires: Wed, 07 Dec 2022 13:07:46 GMT
Date: Wed, 07 Dec 2022 10:19:13 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5832
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:13 GMT
Last-Modified: Wed, 07 Dec 2022 08:42:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3992
Expires: Wed, 07 Dec 2022 11:25:45 GMT
Date: Wed, 07 Dec 2022 10:19:13 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 09:20:28 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3525
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: CzY89jznUH+sHNdmXDZA8DwQFznuYLw+59ElfUEp2nXzoQCNlN7VEXz6kYa4GURuzLddEQcU7aU=
x-amz-request-id: Q0DV4QHJT380670F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 09:47:27 GMT
age: 1906
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/auth

51.254.44.204

200 OK

5.5 kB

URL HTTP/2
tlemcen.residanat-dz.com/auth
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2155)
Size
5.5 kB (5471 bytes)
Hash
8cdbb74fcccc9bcc63dd37bced148112
381a0073915270919701c7b6ac1552c0415301e8
939c9eb61cad6342e3538f8dbcdc6379f01f13637e594c7d2877ebca31bb780a

HTTP Headers

GET /auth HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/html; charset=UTF-8
content-length: 5471
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; expires=Wed, 07-Dec-2022 10:49:13 GMT; Max-Age=1800; path=/; domain=.residanat-dz.com
gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D; expires=Wed, 07-Dec-2022 10:49:13 GMT; Max-Age=1800; path=/; domain=.residanat-dz.com; httponly
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-select/bootstrap-select.min.css

51.254.44.204

200 OK

1.6 kB

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-select/bootstrap-select.min.css
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (6433)
Size
1.6 kB (1583 bytes)
Hash
7042a9e4c8eac38322944f7abd45a43c
0b4db5f876f176caa9b7c75f087ce2880228f11e
78037f124f719a87d900ea8d4973616cbac7ce3b0ac6fe76c794b2199841976c

HTTP Headers

GET /plugins/bower_components/bootstrap-select/bootstrap-select.min.css HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css
content-length: 1583
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "19fa-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css

51.254.44.204

200 OK

12 kB

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65511)
Size
12 kB (12522 bytes)
Hash
22a59352a39a33d0537a708704fc1ab7
9ee53e958d48cfdcd58723445d81b90d8708938c
5e02c9318a4a2bffabb9109642ed5fe641ea5d302a9af65e2fb16e744ef730fb

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css
content-length: 12522
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "1302f-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/plugins/bower_components/sweetalert/sweetalert.min.css

51.254.44.204

200 OK

3.2 kB

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/sweetalert/sweetalert.min.css
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (13129)
Size
3.2 kB (3150 bytes)
Hash
f3ea630fdc258ae7a7a3c9bf8b5f806b
2dff82c1ddaf481831d500d64ba9152c6c9835f1
e340e46faf1f6ac5ae80a620b9aa96ab6ddd3efd3bf072a8cf3497c715c9bb7a

HTTP Headers

GET /plugins/bower_components/sweetalert/sweetalert.min.css HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css
content-length: 3150
last-modified: Thu, 09 Dec 2021 11:04:46 GMT
etag: "3dc5-5d2b49303cf80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/css/colors/blue.css

51.254.44.204

200 OK

1.0 kB

URL HTTP/2
tlemcen.residanat-dz.com/css/colors/blue.css
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (2590), with no line terminators
Size
1.0 kB (1003 bytes)
Hash
fae718a47427e1a66ee7dbd99ec282c1
2006a219ec8e0899a71f367e797c5fbee3b8756f
b71fdc9902717a9e8b2ac762987761a0362d966b17b621b75ba9f9e61fb508b1

HTTP Headers

GET /css/colors/blue.css HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css
content-length: 1003
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "a1e-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/css/animate.css

51.254.44.204

200 OK

4.0 kB

URL HTTP/2
tlemcen.residanat-dz.com/css/animate.css
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (56259)
Size
4.0 kB (3996 bytes)
Hash
6ae92e6eb5c9a4f1e645853bc055542d
f5c1ba9ac3a079f46dfb9e0ee59505eb09b378ad
0d0d42380c6b1577939ce2bfff12f8af8e7f54f2e121e9f6b54e332aa3b377e3

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css
content-length: 3996
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "dc81-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3025b4c51fa49b1cfb04323171de5be1
2e90e313500f8c8614913c7adb2451f11a2e097e
4bc8b08368c851da85093a4e4c054555aa6091ad97f042e971ab106f511f033e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5542
Cache-Control: max-age=166477
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:13 GMT
Etag: "63903a48-117"
Expires: Fri, 09 Dec 2022 08:33:50 GMT
Last-Modified: Wed, 07 Dec 2022 07:01:28 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

tlemcen.residanat-dz.com/css/style.min.css

51.254.44.204

200 OK

47 kB

URL HTTP/2
tlemcen.residanat-dz.com/css/style.min.css
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
47 kB (47113 bytes)
Hash
9db66439c671b4a0c2381d20f12169d7
68f8339dc442bf52cb18791caa4af1ab60ade057
76d735b43939df3767bedd16489d22589a6cc2ba33c1b71c57501da46d2b0ef9

HTTP Headers

GET /css/style.min.css HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css
content-length: 47113
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "41311-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js

51.254.44.204

200 OK

7.2 kB

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (26402)
Size
7.2 kB (7219 bytes)
Hash
7ae93d1eb18564db04ae88d46ecda474
0f1f21bd7da4962d0a831bc5901b1a36044ad90c
4f97625777a1c08cbb7d484012726ea93947276ebc4325a3574e6e565be2255a

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 7219
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "68a7-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-select/bootstrap-select.min.js

51.254.44.204

200 OK

9.9 kB

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-select/bootstrap-select.min.js
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (32020)
Size
9.9 kB (9928 bytes)
Hash
23076a2bc071060db53a637910981afe
8028555a666437254057647cc9ac47c52f41bd49
f6b8c877f71d2864d51126a17ee08332e04ea307e2579138d735f45bf83ad37a

HTTP Headers

GET /plugins/bower_components/bootstrap-select/bootstrap-select.min.js HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 9928
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "84ab-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/plugins/bower_components/sidebar-nav/dist/sidebar-nav.min.js

51.254.44.204

200 OK

808 B

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/sidebar-nav/dist/sidebar-nav.min.js
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
exported SGML document, ASCII text, with very long lines (1705)
Size
808 B (808 bytes)
Hash
adff3ff56193dff93eb27e52fd88dd9a
4dd8389c1aa3fbc80a886e01e01a54892d438fa5
5e95d1e066d62b01aacc5d5bc24e8f64b1b8f0fb9c173c5c5e3d3b53c3448401

HTTP Headers

GET /plugins/bower_components/sidebar-nav/dist/sidebar-nav.min.js HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 808
last-modified: Thu, 09 Dec 2021 11:04:46 GMT
etag: "757-5d2b49303cf80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/js/jquery.slimscroll.js

51.254.44.204

200 OK

1.8 kB

URL HTTP/2
tlemcen.residanat-dz.com/js/jquery.slimscroll.js
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (4475), with no line terminators
Size
1.8 kB (1762 bytes)
Hash
74747d75514b407e798f0fac09b4433b
90aacbeed757cddbc9b644544340449b694849ce
cd4e26e3dd122f6e35c931dcf0cac7dc8584b3467f026c6ae41f74ab2a818551

HTTP Headers

GET /js/jquery.slimscroll.js HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 1762
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "117b-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/js/waves.js

51.254.44.204

200 OK

1.5 kB

URL HTTP/2
tlemcen.residanat-dz.com/js/waves.js
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (4237), with no line terminators
Size
1.5 kB (1519 bytes)
Hash
1edc603f6b0cf4b3ced2b9b2b441ac4e
16ae2d5a71fa701d4ef5c5427acab041aa6ec464
c38b93a74611352b8c54ecdccea9e15a95cfd599a647e0b940b59e347fc131f8

HTTP Headers

GET /js/waves.js HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 1519
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "108d-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/js/custom.min.js

51.254.44.204

200 OK

1.3 kB

URL HTTP/2
tlemcen.residanat-dz.com/js/custom.min.js
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (3910), with no line terminators
Size
1.3 kB (1259 bytes)
Hash
7906c9cf06d5440ad18c324854c9d056
6599b3585d645d49cf9d30f9f74ad0edca2f4308
1a954ba7a1a30aad3edff032212ede40484c53afe217503cb5ce55c9c876e121

HTTP Headers

GET /js/custom.min.js HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 1259
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "f46-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3025b4c51fa49b1cfb04323171de5be1
2e90e313500f8c8614913c7adb2451f11a2e097e
4bc8b08368c851da85093a4e4c054555aa6091ad97f042e971ab106f511f033e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5542
Cache-Control: max-age=166477
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:13 GMT
Etag: "63903a48-117"
Expires: Fri, 09 Dec 2022 08:33:50 GMT
Last-Modified: Wed, 07 Dec 2022 07:01:28 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

tlemcen.residanat-dz.com/plugins/bower_components/sweetalert/sweetalert.min.js

51.254.44.204

200 OK

5.4 kB

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/sweetalert/sweetalert.min.js
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (16994), with no line terminators
Size
5.4 kB (5416 bytes)
Hash
08b4fc8d8cdcdd5cfb1df8390d97180e
15fe527f5709dda4cee7bf7ec5633d639769f646
87a0f304e031809e528d16be619c1b926202a046c719356c9f95d3d1097e24a6

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /plugins/bower_components/sweetalert/sweetalert.min.js HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 5416
last-modified: Thu, 09 Dec 2021 11:04:46 GMT
etag: "4262-5d2b49303cf80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/logo/new/login/13.png

51.254.44.204

200 OK

18 kB

URL HTTP/2
tlemcen.residanat-dz.com/logo/new/login/13.png
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
PNG image data, 259 x 93, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17803 bytes)
Hash
4133aff8b4c4269c644a7b57d8c69708
5eb63ec71fc8fca47ec22fbc77d2119937d84bba
720c6e08bbaed3fd4db2a416aabbf4edd9ecaf545f54388b890f49d483ea7976

HTTP Headers

GET /logo/new/login/13.png HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: image/png
content-length: 17803
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "458b-5d2b492f48d40"
accept-ranges: bytes
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.24.14

200 OK

6.2 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (19015)
Size
6.2 kB (6157 bytes)
Hash
7b4114faa411d059a9a5ac4b5b4d9dee
277da4486916fa3a4ab3375f47bc98f58dbf90f6
60b3528de2f7d48cbb335d19dddef756aaacc70f73d4254a2ef17978a14ca0d9

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2220896
expires: Mon, 27 Nov 2023 10:19:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ms0TO4EQJ%2B9ZhI41xtvu5kCkN2g%2FA6d4hBuHBpWOG0wBvA5CS9blgVYsCG2HXOcWJ5ZtX%2BJT2Fjd%2Fcu6TBax%2F6G9z%2BPvhhv2%2FKdJmk%2FmtiTnOltB7HHN7JuND%2F5eDztSp1unHQEc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775c8592bd43b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

104.17.24.14

200 OK

27 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32025)
Size
27 kB (26646 bytes)
Hash
38a76bd9db7bcd61655d35a37046ad1d
b8aef4bba84d71000810736dd76f643a872ee15c
d4e1d1ccb31338384004beeef249ac102cbd298136b26dfe158ecb7bf4f62937

HTTP Headers

GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 26646
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-1499c"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2293956
expires: Mon, 27 Nov 2023 10:19:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DekeIOssqQXbbItzebTGZI%2FcY03GH%2BwidMASi9A9VvnV1%2FIJP%2FN8CgP%2F%2FeYVsDxOhSUdMyUUtfkF87I9XeInS%2FyKO7LF5wcnzTP2goOE%2F7zl2q2MdGt29ta2FZrTHRFAtpcV9Ty5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775c8592b935b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/css/spinners.css

51.254.44.204

200 OK

314 B

URL HTTP/2
tlemcen.residanat-dz.com/css/spinners.css
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
314 B (314 bytes)
Hash
9230fe02393815358f5e7522aecd3ea3
7611edc9d5a96416d6c408dbf08cbcbfb19d2e37
5fcd572a42ea3aaa9a41302700168c8e61ae6d1b59e840cd44f211884129ef65

HTTP Headers

GET /css/spinners.css HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/css/style.min.css
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css
content-length: 314
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "423-5d2b492f48d40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3025b4c51fa49b1cfb04323171de5be1
2e90e313500f8c8614913c7adb2451f11a2e097e
4bc8b08368c851da85093a4e4c054555aa6091ad97f042e971ab106f511f033e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5542
Cache-Control: max-age=166477
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:13 GMT
Etag: "63903a48-117"
Expires: Fri, 09 Dec 2022 08:33:50 GMT
Last-Modified: Wed, 07 Dec 2022 07:01:28 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2

104.17.24.14

200 OK

67 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

GET /ajax/libs/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 07 Dec 2022 10:19:14 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 66624
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-10440"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15694968
expires: Mon, 27 Nov 2023 10:19:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXfPNbjouY0G%2FuVCke3ej5t7MRFWQRBGMPIRsjnAofbsjR5CVCZHr3Ve4yuQ%2BcDb%2BtKTdIh1VQ4hwvfy1CcYkjX5Wj5Yd4cRmKtrCpCmKpT9wAEnqtsoTDYkZtVDm2f4NnHjvMSE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775c8594e83fb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-extension/fonts/glyphicons-halflings-regular.woff2

51.254.44.204

200 OK

18 kB

URL HTTP/2
tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-extension/fonts/glyphicons-halflings-regular.woff2
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Size
18 kB (18028 bytes)
Hash
448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

HTTP Headers

GET /plugins/bower_components/bootstrap-extension/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:14 GMT
content-type: font/woff2
content-length: 18028
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "466c-5d2b492f48d40"
accept-ranges: bytes
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

200 OK

14 kB

URL HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (48664)
Size
14 kB (13858 bytes)
Hash
0d2d7262a098f401208e3ddc2b7e9763
59478f4e3bd12a94d163b6af89c1abeef03e40c0
a95daa48ae2c19f19c800187f7f166cd2ee9d3cb31a4246db4ae78a812ff1879

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/25/2022 23:23:38
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: e4d581e100e6a838837d74fc92be726f
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 775c85933967b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.74.35

200 OK

8.0 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:28:50 GMT
expires: Thu, 30 Nov 2023 19:28:50 GMT
cache-control: public, max-age=31536000
age: 571824
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

142.250.74.35

200 OK

7.8 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7840, version 1.0\012- data
Size
7.8 kB (7840 bytes)
Hash
8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 20:09:28 GMT
expires: Thu, 30 Nov 2023 20:09:28 GMT
cache-control: public, max-age=31536000
age: 569386
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v1/yQWaOD4iNU5NTY0apN-qj_k_vArhqVIZ0nv9q090hN8.woff2

142.250.74.35

200 OK

14 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v1/yQWaOD4iNU5NTY0apN-qj_k_vArhqVIZ0nv9q090hN8.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13988, version 2.0\012- data
Size
14 kB (13988 bytes)
Hash
14e5dbab8e2e8259e8f68a6d46d2a4d2
458963b110b03c63b9497a6aeb810b7468b757ca
e3cc6223f76dac1abe95f64280756f04739beb1c4fd36c7e53169b4f2c7959eb

HTTP Headers

GET /s/poppins/v1/yQWaOD4iNU5NTY0apN-qj_k_vArhqVIZ0nv9q090hN8.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13988
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 15:03:02 GMT
expires: Wed, 06 Dec 2023 15:03:02 GMT
cache-control: public, max-age=31536000
age: 69372
last-modified: Wed, 03 Jun 2015 22:54:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tlemcen.residanat-dz.com/favicon.ico

51.254.44.204

200 OK

0 B

URL HTTP/2
tlemcen.residanat-dz.com/favicon.ico
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:14 GMT
content-type: image/vnd.microsoft.icon
content-length: 0
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "0-5d2b492f48d40"
accept-ranges: bytes
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5817
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 10:19:14 GMT
Last-Modified: Wed, 07 Dec 2022 08:42:17 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

maps.gstatic.com/mapfiles/openhand_8_8.cur

216.58.207.227

200 OK

326 B

URL HTTP/2
maps.gstatic.com/mapfiles/openhand_8_8.cur
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
MS Windows cursor resource - 1 icon, 32x32, 2 colors, hotspot @8x8\012- data
Size
326 B (326 bytes)
Hash
feff9159f56cb2069041d660b484eb07
0d0a08cf25a258511957f357b89d3908f3c5e6e3
7342f390b12f636d14e25f698fc5e38cf6240994dc0c07fefbbb4e78ec4d03c7

HTTP Headers

GET /mapfiles/openhand_8_8.cur HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/bmp
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/geo-tactile
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="geo-tactile"
report-to: {"group":"geo-tactile","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/geo-tactile"}]}
content-length: 326
date: Wed, 07 Dec 2022 10:19:14 GMT
expires: Wed, 07 Dec 2022 10:19:14 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 18 May 2021 19:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.148.69.31

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.69.31:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: e/rxNEa6Ghp3JdqQSkIOKQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UYJ5QEEZo/DadjUqciRy18A1wU4=

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
16 kB (16002 bytes)
Hash
2c5e576c986fa3babe2c32f4a7ca3f3c
2f9f0aaf63ec000b07fc073c26fddfb6ab4e4466
f560931ec3844307c32fb2b1503925261fc99f30ecd22d27664b104e13e5567c

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 571521
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 571500
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6809
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 10:19:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6809
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 10:19:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6809
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 10:19:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6809
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 10:19:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6809
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 10:19:15 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8351 bytes)
Hash
98d2cf29c710d25bd2f03ff216fdd369
b8eb2e11f9655f19334befc036f21489a6473827
614c9b4a7ace908c1ef807964709cb292b33b48ce1d81ccbd2959c2c0ee156ac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8351
x-amzn-requestid: 607d07ab-6833-4001-82ed-699ea91f84c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlitFk9oAMFakQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb611-3e5f14f833b332647ef7358d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0w5Usq-LJMNHxw9UrwUqSslSVROXVHTmY_UhSHNaGh4k4xqh-FSa0A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:57:19 GMT
etag: "b8eb2e11f9655f19334befc036f21489a6473827"
content-type: image/jpeg
age: 44516
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5025a35-c128-4d8f-a429-7148aaebb3b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9781 bytes)
Hash
f38ce0fb35ef0fc66b61cafd2b09eeb6
aded2fe97a129dc820ba9d6d7605aeadfe17c15c
39bcb5e0c3a9cd39c0fcefbffd9e6f949bb9d85f0bee2b0b7c5cb999b508b1c1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5025a35-c128-4d8f-a429-7148aaebb3b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9781
x-amzn-requestid: 24355473-a83a-42b6-bdf3-ae2c39f7f3eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ccq48GfKoAMFjmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63882505-2f58dd012665cb131ceff8f2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 03:52:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VySWUb7U2HlkyL8T1PCOzSDXNSDJDRIIF1PAnwaK2DHiGJFGGzRCOQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:30:30 GMT
age: 42525
etag: "aded2fe97a129dc820ba9d6d7605aeadfe17c15c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/img/icon-marker.png

51.254.44.204

500 Internal Server Error

11 kB

URL HTTP/2
tlemcen.residanat-dz.com/img/icon-marker.png
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type
data
Size
11 kB (11227 bytes)
Hash
4b4ae5b7c409c5668b93e3f94f95db7b
11e5ab332f9095ce9769508c90b1f3aeb0705efc
ad796a56eb9ea7f30f6a60a35c3074a642e81cd771908f35200a781fb9627509

HTTP Headers

GET /img/icon-marker.png HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 500 Internal Server Error
server: nginx
date: Wed, 07 Dec 2022 10:19:15 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8701 bytes)
Hash
604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cmRvAOLmk_xZC4RKdin-lozUNeK9-icqkzsQmSjP9scXnnCLxkvJ5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:53 GMT
age: 44242
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb602c981-caf1-4cfc-b19b-56f816dc7417.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9891 bytes)
Hash
c2ae931d0f14a81013f782d43b8c7b85
9ec84996b63362ad370ff67b0fd8136a343c1bbf
9b4a2b3e5e2d2b4fac094135fed10a3040598f1208f6b2ec52d95d10aca66ed5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb602c981-caf1-4cfc-b19b-56f816dc7417.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9891
x-amzn-requestid: f15dc6ba-901b-4ef6-8589-d8918fe84173
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csU8lF3MoAMF47g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6850-496d269b228065a365a67eea;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:53:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PeQWrtcQx_ZzQ4WNPzeiPoHXbxVcdLo9ulplJSlL1GmEpuC0qGkElw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 13:33:28 GMT
age: 74747
etag: "9ec84996b63362ad370ff67b0fd8136a343c1bbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6422 bytes)
Hash
2409529ecac5140de749d864da85af0d
99f431b4ca446996dbacb969440e2ecfb11fd9e0
81b379b16874d6644b0cf63e02c5174e44a40ab7cb4f4727bb96ad44bfcaa72f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6422
x-amzn-requestid: 6d0cc220-31bc-4815-ade5-7e3e5403f39f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cniYTGgRoAMF5lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c7dce-64fbea8330a62e4f741c0c4e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 11:00:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IWfRJ5GaowWTJhSqFpvEhGKVi9DTp-h6tmrMXRtUlmXCMmolLPpaIA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 07:59:34 GMT
age: 8381
etag: "99f431b4ca446996dbacb969440e2ecfb11fd9e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/img/login-back-min-compressed_petit.jpg

51.254.44.204

200 OK

0 B

URL HTTP/2
tlemcen.residanat-dz.com/img/login-back-min-compressed_petit.jpg
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/login-back-min-compressed_petit.jpg HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: image/jpeg
content-length: 104980
last-modified: Thu, 09 Dec 2021 11:04:45 GMT
etag: "19a14-5d2b492f48d40"
accept-ranges: bytes
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

tlemcen.residanat-dz.com/img/icon-marker.png

51.254.44.204

500 Internal Server Error

0 B

URL HTTP/2
tlemcen.residanat-dz.com/img/icon-marker.png
IP
51.254.44.204:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/icon-marker.png HTTP/1.1
Host: tlemcen.residanat-dz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/auth
Cookie: XSRF-TOKEN=eyJpdiI6ImplUEcyMVVLTHVVM2xOdmg2ZG15dEE9PSIsInZhbHVlIjoiZ1Fwa2tJb0hIK1dNbGR1dzRhT3dPeEZaalRXVmhTUjBUd0F1NEJcL3V1QmxYbm1OVDI4ZVUrb0txXC92TTVYNDRWIiwibWFjIjoiMDA0MjI4YjY0OGQ4M2JlOTJiODIyOGY3ZjFhMTM2N2IxY2RjMWFmMjNiNTk1OGQ0MWMzZTIwZGViN2E2ZmFhZCJ9; gic_session=eyJpdiI6IklwTWxUUlpyRmVcL3c3aU55alFubE1RPT0iLCJ2YWx1ZSI6Ik93eXFXb0RMZ1l6WWN5V1Z1dDUzR1RuM0lDMmswZ1dHRVNWOWxibnl1NjVabjZXbFJ3bGtScEhCMXdSbFJlZW5sTVk4aE03bWt3Q2JhRldnYkJuY1hlTTIyQTU4Yk5jUmhPRlhnWGNMczc3R250dUZoeGo2dDluXC90M2E0U1RkUCIsIm1hYyI6IjQ5MWY0MTM0NzAyZTNjYjQ4NTI2M2E3ZGZmMjIzZjRmNjFkNDU5OWFmOGVlZDczZTY1NzY3MjNhZjAzNGZkNTcifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 500 Internal Server Error
server: nginx
date: Wed, 07 Dec 2022 10:19:16 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins:400,500,300,600,700

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Poppins:400,500,300,600,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Poppins:400,500,300,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 10:19:13 GMT
date: Wed, 07 Dec 2022 10:19:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

104.18.10.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tlemcen.residanat-dz.com
Connection: keep-alive
Referer: https://tlemcen.residanat-dz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 07 Dec 2022 10:19:13 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/18/2022 06:18:38
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: ecae45ba15af930c875a770323a61a6b
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 775c8593598eb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations