Report - s.yam.com/xGi8D

Report Overview

Submitted URL
s.yam.com/xGi8D
IP
104.27.207.92
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 15:53:37
Access
public
Website Title
Société Générale | Connexion
Final URL
ce17574.tw1.ru/
Tags
societe_generale financial phishing
urlquery detections
Phishing - Societe Generale

Detections

urlquery
78
Network Intrusion Detection
0
Threat Detection Systems
116

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
affiliate.klook.com	303679	2005-11-15	2016-05-17	2024-03-20	2.2 kB	17 kB	34.149.108.21
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-26	2.3 kB	1.3 kB	216.239.32.36
log.klook.com	214468	2005-11-15	2017-02-09	2024-04-17	2.2 kB	2.5 kB	34.111.170.216
img.yamedia.tw	unknown	2009-04-17	2018-12-20	2024-03-20	423 B	900 B	104.21.61.68
yamedia.yam.com	unknown	1996-02-14	2022-06-30	2024-03-18	438 B	13 kB	104.27.206.92
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	590 B	666 B	216.58.211.4
www.google.no	25607	2001-02-26	2016-04-05	2024-04-25	573 B	578 B	142.250.74.163
cdn.klook.com	251980	2005-11-15	2015-02-13	2024-03-18	949 B	108 kB	54.230.111.69
res.klook.com	169486	2005-11-15	2018-06-23	2024-03-22	1.6 kB	107 kB	54.230.111.69
ce17574.tw1.ru	unknown	unknown	No data	No data	14 kB	1.6 MB	185.114.247.232
www.yam.com	unknown	1996-02-14	2016-03-21	2024-03-20	3.7 kB	5.0 kB	104.27.206.92
travelimg.yam.com	unknown	1996-02-14	2018-08-22	2024-03-22	978 B	42 kB	104.27.206.92
s.yam.com	unknown	1996-02-14	2017-10-27	2024-03-24	1.2 kB	113 kB	104.27.206.92
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-26	417 B	71 kB	142.250.74.168
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-25	420 B	34 kB	151.101.65.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale
2024-04-26	medium	ce17574.tw1.ru/	Societe Generale

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	ce17574.tw1.ru/index_files/spec56_btn_gsm_all_gcd_20190320190559.min.css	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/rules.js.download	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/gen_ui.png	Other
2024-04-26	medium	ce17574.tw1.ru/img/new_sprite.png	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/print_20190320190559.min.css	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/inbenta.css	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/jquery2.js.download	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-semibold.eot	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/jquery.js.download	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/index_20190723161948.min.css	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/js.js.download	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-semibold.woff	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-bold.woff	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-italic.otf	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-italic.woff	Other
2024-04-26	medium	ce17574.tw1.ru/	Other
2024-04-26	medium	ce17574.tw1.ru/img/pictos-fonctionnels_20200629183129.svg	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/logo-sg-seul.svg	Other
2024-04-26	medium	ce17574.tw1.ru/img/favicon.ico	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/style.css	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-regular.woff	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-it.otf	Other
2024-04-26	medium	ce17574.tw1.ru/img/41de603c123a04387e8b57c2f2c9897e.svg	Other
2024-04-26	medium	ce17574.tw1.ru/img/spriteV4.png	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/index_pri_20201013141424.min.css	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-it.woff	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-bold.eot	Other
2024-04-26	medium	ce17574.tw1.ru/index_files/awt-front-BDDF.css	Other
2024-04-26	medium	ce17574.tw1.ru/fonts/sourcesanspro-regular.eot	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	Size	First Seen	Last Seen
	ce17574.tw1.ru/index_files/jquery.js.download	88 kB	2023-03-07	2024-05-07
Pretty URL ce17574.tw1.ru/index_files/jquery.js.download IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-07 15:08:34 Times Seen97269 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	ce17574.tw1.ru/index_files/jquery2.js.download	70 kB	2023-03-07	2024-05-03
Pretty URL ce17574.tw1.ru/index_files/jquery2.js.download IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:09 Last Seen2024-05-03 18:34:01 Times Seen837 Hash f86b7a0e560edb5951576cf8884153e6 e5b4c5b95c79e6e42ef676ed77986db3f85223ab 74a340d2c31205e840515065e739e3d08fa169bc8fa52c66db838dbf749103c1 Loading...

	unknown	601 B	2023-04-13	2024-05-03
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 09:04:01 Last Seen2024-05-03 18:34:01 Times Seen390 Hash 56cd57cab9aa2700068ff79bb038a7a5 f8a30016cb976300910d908d278a66118c7df2fc 73724ae008cf4909631ffebcb26867d9486a7ad898060790619926f9499fc92a Loading...

	ce17574.tw1.ru/	243 B	2023-03-07	2024-05-03
Pretty URL ce17574.tw1.ru/ IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:33:09 Last Seen2024-05-03 18:34:01 Times Seen399 Hash 71d19f7fe5d2135f268f61647dc03988 1e25ed11489509b55de05241a48d728969493458 5e5eaf8632a7264aaa23953240629b96a0709d13b1091fc9763970c2dd8a02ce Loading...

	ce17574.tw1.ru/index_files/js.js.download	1.3 MB	2023-03-07	2024-05-03
Pretty URL ce17574.tw1.ru/index_files/js.js.download IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:09 Last Seen2024-05-03 18:34:01 Times Seen581 Hash 6e6c70c409456c23a09d9adbce8d2e80 0f50b6f4f4555c31e8f832b446cda4996acb4460 3957ed7a4d5b5f5c36fe0872fbc2f619b8d2d0094b134dd65d1ebd6f3352847b Loading...

	unknown	348 B	2023-04-13	2024-05-03
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 09:04:01 Last Seen2024-05-03 18:34:01 Times Seen390 Hash 7f439c6c2a49cdb2f74f78ba119ce489 8beb3121045e0506df9a71c51b0c6a4d76701c68 e140fb816df49620a4efeb7c9ee66c30b4f76fd0cf6e248c3cc3997ef6fbe693 Loading...

	ce17574.tw1.ru/	483 B	2023-03-07	2024-05-03
Pretty URL ce17574.tw1.ru/ IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:33:09 Last Seen2024-05-03 18:34:01 Times Seen397 Hash d4e17ac95f6499091f5567792887b0fe 605112c6edb9f3f3aa27108cb32230deedbac7d2 e02463ed16a3d8b83b06cbc206098817ba44827c535b8a3971b78ccdb327abff Loading...

	unknown	171 B	2023-04-13	2024-05-03
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 09:04:01 Last Seen2024-05-03 18:34:01 Times Seen390 Hash 17d527f0bf9fc871c030bdd3baa73f72 e53ccb8d239a7286525b686f3da6d65b462e6ea2 93998249270c96f5c32ba2c8c0baffc43032b571e0684ec9c55d8d7d01f64bc9 Loading...

	ce17574.tw1.ru/	303 B	2023-03-07	2024-05-03
Pretty URL ce17574.tw1.ru/ IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:33:09 Last Seen2024-05-03 18:34:01 Times Seen394 Hash df4d122557c68345696b953efe9e8f1d 664b2317e9984afa6eadd6ad13bf90b92b1e8d31 e082f41c3e3feb3e3d50eb92d57a6f04b702744fbc401dca0fdd749808e70f8c Loading...

	ce17574.tw1.ru/index_files/rules.js.download	488 B	2023-03-07	2024-05-03
Pretty URL ce17574.tw1.ru/index_files/rules.js.download IP 185.114.247.232 ASN #9123 TimeWeb Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:09 Last Seen2024-05-03 18:34:01 Times Seen800 Hash cd884ffdf1f759fbdeaae54b636288d4 450ea313a0b4b250024abd0935c1f59617841134 f0f8ce50e148b374b7b9b29180824007970478e81ce52669d531a669d9c4c34d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-07
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-07 15:30:21 Times Seen351645 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - 93c614e852991e0f4f68f95931995e30	103 B	2023-07-24	2024-04-26
Pretty Observations First Seen2023-07-24 23:11:27 Last Seen2024-04-26 17:53:46 Times Seen43 Hash 93c614e852991e0f4f68f95931995e30 179715b815ab07af58e7068a349d3111280fee3e d5ea4253f84a5cb1a21b2c9f35f3019a2af99a73b81f75b0b66712867c932e18 Loading...

	#3 Eval - cfe7c8296553355302e7a94555bd55da	103 B	2023-07-24	2024-04-26
Pretty Observations First Seen2023-07-24 23:11:27 Last Seen2024-04-26 17:53:46 Times Seen43 Hash cfe7c8296553355302e7a94555bd55da 72ba88717dea190dae6512accdbe83f2c376050b 8f4c26fc26f6fddfca9378d77cb5a75d7a6d2ed5cf24690b8c6a132fbc1e30e2 Loading...

	#4 Eval - 8f2d67126cf856f843babd538658ab14	103 B	2023-07-24	2024-04-26
Pretty Observations First Seen2023-07-24 23:11:27 Last Seen2024-04-26 17:53:46 Times Seen43 Hash 8f2d67126cf856f843babd538658ab14 aab6ff11787d1035b5754af2199193ba5aa81f00 2825d893352da218cd3b837863bed06cd7d6dfaed6eafecc3c315f5f8286c29c Loading...

	#5 Eval - 1c544d65dc807747df68c6e2f8c9eeab	250 B	2023-03-10	2024-04-26
Pretty Observations First Seen2023-03-10 17:28:10 Last Seen2024-04-26 17:53:46 Times Seen46 Hash 1c544d65dc807747df68c6e2f8c9eeab 5a5939c7b9b3731ff5a59bb67c3fe1ef4586c900 b4af91c4423cce4673c4f1ce6feec001fc9cf29cdbce6cd01c7d9b188fc02f0a Loading...

	#6 Eval - ac8ba6b8b894bc3a58dcd70a4b136279	201 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 15:44:11 Last Seen2024-04-26 17:53:46 Times Seen114 Hash ac8ba6b8b894bc3a58dcd70a4b136279 13296deedfad7cac334d80e9b53731c154c430e4 ea502197cb34546f04b2edba107055f4c969d10eecfbaf376fadfda7a7a42783 Loading...

	#7 Eval - 00d43d3c30611c7034ff9168bcfc9e78	104 B	2023-07-24	2024-04-26
Pretty Observations First Seen2023-07-24 23:11:27 Last Seen2024-04-26 17:53:46 Times Seen43 Hash 00d43d3c30611c7034ff9168bcfc9e78 9eeaa6bca5a0582d625228c59f9522eee9db4bde 0adc18a94067e23bcd2121338f5f081f8235c9d43dddefe6eef58231ad4a4927 Loading...

	#8 Eval - 5fc08775cd38a50023e9bfc0316374fe	105 B	2023-07-24	2024-04-26
Pretty Observations First Seen2023-07-24 23:11:27 Last Seen2024-04-26 17:53:46 Times Seen43 Hash 5fc08775cd38a50023e9bfc0316374fe fae95260f7df3f6ed98d980621b780dca19dcfe0 5af50d3d624b0163c13ba11ad5092177f610eb12f2cb90f30bc90ef92b744025 Loading...

	#9 Eval - 558c849098a5d2647769311f07e24e15	105 B	2023-07-24	2024-04-26
Pretty Observations First Seen2023-07-24 23:11:27 Last Seen2024-04-26 17:53:46 Times Seen33 Hash 558c849098a5d2647769311f07e24e15 5f681e73d9e2edb364febc03e72de6bdb56e84c3 a06c9301abf01666dd00b132288535388d484b9fd225c530be393cd6a0b4790f Loading...

	#10 Eval - 81506f6c9b74db893b121a759da430d7	1.0 kB	2023-03-07	2024-05-03
Pretty Observations First Seen2023-03-07 01:33:09 Last Seen2024-05-03 18:34:01 Times Seen454 Hash 81506f6c9b74db893b121a759da430d7 2d4226d3b0de0217029bc6113d7489f398b5a4be a49959becff3155c2f2c2ba4684dfecdf77e055678880cbddac3c81eba11fe3c Loading...

HTTP Transactions (54)

URL IP Response Size

travelimg.yam.com/cdn-cgi/image/w=300,h=250,fit=cover/DATA/ARTICLE/2020111217022617.PNG

104.27.206.92

15 kB

URL
travelimg.yam.com/cdn-cgi/image/w=300,h=250,fit=cover/DATA/ARTICLE/2020111217022617.PNG
IP
104.27.206.92:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x250, components 3
Size
15 kB (15442 bytes)
Hash
93f724df075a25681817572cb7c26def
bb949fa65bca93e8eabed96775f006d45a5fa85f
049409ae1f5609755051d9d8cd8ba8267730d625d22e362348f13e67fc2af812

HTTP Headers

GET /cdn-cgi/image/w=300,h=250,fit=cover/DATA/ARTICLE/2020111217022617.PNG HTTP/1.1
Host: travelimg.yam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:12 GMT
content-type: image/jpeg
content-length: 15442
cf-ray: 87a7be8c4b36712a-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=16070400
etag: "cfn91FvyP0FgTqJWyf_bHwwUw__h8U8Ar-qbnpfcXEDQ:7495b8bd2b8d61:0"
last-modified: Thu, 12 Nov 2020 09:02:26 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:85,h2pri
cf-resized: internal=ok/h q=0 n=16+0 c=11+26 v=2024.4.0 l=15442
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
priority: u=1;i=?0,cf-chb=(259;u=3;i=?0 1772;u=5;i=?0 13514;u=6;i=?0)
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gMzkRo6UqqESw%2BRAK%2Bf%2FZYL7HPr4dP2lUHLu6VDvw8EomX%2F2F6Khx4qZTJ4df3drNeoV1t66qRlbvXnNU3F2MSSa9iL2KH5wd6J89FEWR%2FaeUj2OK6HbYCxSCvDKvz6ayGg6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-16227618-1

142.250.74.168

71 kB

URL
www.googletagmanager.com/gtag/js?id=UA-16227618-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1763)
Size
71 kB (70815 bytes)
Hash
b497c96a7ed26a4f6acd02258635605f
4cb0230819854b8f9779fc8b429b92f096264370
5007ed7030cd3a17d37f6a5fb2b6d1fded11b6f09d267bcbdda2758effabc9a2

HTTP Headers

GET /gtag/js?id=UA-16227618-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 15:53:12 GMT
expires: Fri, 26 Apr 2024 15:53:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js

151.101.65.229

33 kB

URL
cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js
IP
151.101.65.229:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
33 kB (32699 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /npm/jquery@3.5.1/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.1
x-jsd-version-type: version
etag: W/"15d84-yOHIs4bcW3qRhMdjyI0Zo0brM0I"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 15:53:12 GMT
age: 3775498
x-served-by: cache-fra-etou8220059-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 32699
X-Firefox-Spdy: h2

s.yam.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyeWFtU2hhcmUtJUU3JUI4JUFFJUU3JUI2JUIyJUU1JTlEJTgwJUU2JTlDJThEJUU1JThCJTk5JTIyJTJDJTIyeCUyMiUzQTAuNDc1NzY1ODM4MzgyMjU0ODQlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnMueWFtLmNvbSUyRnhHaThEJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU3QiUyMm0lMjIlM0ElMjJzZXQlMjIlMkMlMjJhJTIyJTNBJTVCJTIyMCUyMiUyQyUyMmNvbmZpZyUyMiUyQyU3QiUyMnNjb3BlJTIyJTNBJTIycGFnZSUyMiU3RCU1RCU3RCUyQyU3QiUyMm0lMjIlM0ElMjJzZXQlMjIlMkMlMjJhJTIyJTNBJTVCJTIyMSUyMiUyQyUyMlVBLTE2MjI3NjE4LTElMjIlMkMlN0IlMjJzY29wZSUyMiUzQSUyMnBhZ2UlMjIlN0QlNUQlN0QlNUQlN0Q=

104.27.206.92

105 kB

URL
s.yam.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyeWFtU2hhcmUtJUU3JUI4JUFFJUU3JUI2JUIyJUU1JTlEJTgwJUU2JTlDJThEJUU1JThCJTk5JTIyJTJDJTIyeCUyMiUzQTAuNDc1NzY1ODM4MzgyMjU0ODQlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnMueWFtLmNvbSUyRnhHaThEJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU3QiUyMm0lMjIlM0ElMjJzZXQlMjIlMkMlMjJhJTIyJTNBJTVCJTIyMCUyMiUyQyUyMmNvbmZpZyUyMiUyQyU3QiUyMnNjb3BlJTIyJTNBJTIycGFnZSUyMiU3RCU1RCU3RCUyQyU3QiUyMm0lMjIlM0ElMjJzZXQlMjIlMkMlMjJhJTIyJTNBJTVCJTIyMSUyMiUyQyUyMlVBLTE2MjI3NjE4LTElMjIlMkMlN0IlMjJzY29wZSUyMiUzQSUyMnBhZ2UlMjIlN0QlNUQlN0QlNUQlN0Q=
IP
104.27.206.92:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (4388)
Size
105 kB (105138 bytes)
Hash
1ea1d536628a519bf091429718400302
60bc7fe52a5ba16e6004a10ff550a766de9f67d2
cbd1d0ec276f8f767b02da5f736cf4e6bfaf1a1430f67a8b47581474fb310e43

HTTP Headers

GET /cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyeWFtU2hhcmUtJUU3JUI4JUFFJUU3JUI2JUIyJUU1JTlEJTgwJUU2JTlDJThEJUU1JThCJTk5JTIyJTJDJTIyeCUyMiUzQTAuNDc1NzY1ODM4MzgyMjU0ODQlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTEwMjQlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnMueWFtLmNvbSUyRnhHaThEJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU3QiUyMm0lMjIlM0ElMjJzZXQlMjIlMkMlMjJhJTIyJTNBJTVCJTIyMCUyMiUyQyUyMmNvbmZpZyUyMiUyQyU3QiUyMnNjb3BlJTIyJTNBJTIycGFnZSUyMiU3RCU1RCU3RCUyQyU3QiUyMm0lMjIlM0ElMjJzZXQlMjIlMkMlMjJhJTIyJTNBJTVCJTIyMSUyMiUyQyUyMlVBLTE2MjI3NjE4LTElMjIlMkMlN0IlMjJzY29wZSUyMiUzQSUyMnBhZ2UlMjIlN0QlNUQlN0QlNUQlN0Q= HTTP/1.1
Host: s.yam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yam.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:12 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://s.yam.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-max-age: 600
set-cookie: google-analytics_v4_HXmK__engagementDuration=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_HXmK__engagementStart=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_HXmK__counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_HXmK__ga4sid=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_HXmK__session_counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_HXmK__ga4=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_HXmK__let=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_fhIF__engagementDuration=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_fhIF__engagementStart=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_fhIF__counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_fhIF__ga4sid=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_fhIF__session_counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_fhIF__ga4=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_fhIF__let=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_nmDu__engagementDuration=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_nmDu__engagementStart=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_nmDu__counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_nmDu__ga4sid=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_nmDu__session_counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_nmDu__ga4=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_nmDu__let=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_qlqb__engagementDuration=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_qlqb__engagementStart=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_qlqb__counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_qlqb__ga4sid=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_qlqb__session_counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_qlqb__ga4=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_qlqb__let=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR__engagementDuration=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR__engagementStart=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR__counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR__ga4sid=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR__session_counter=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR__ga4=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR___z_ga_audiences=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
google-analytics_v4_xcVR__let=; Domain=yam.com; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=Lax
cfz_google-analytics_v4=%7B%22HXmK_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_ga4sid%22%3A%7B%22v%22%3A%221888461634%22%2C%22e%22%3A1714148592578%7D%2C%22HXmK_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_ga4%22%3A%7B%22v%22%3A%221fd7144e-6a33-424f-8b7c-9c51ddf4473a%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_ga4sid%22%3A%7B%22v%22%3A%221444559350%22%2C%22e%22%3A1714148592578%7D%2C%22fhIF_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_ga4%22%3A%7B%22v%22%3A%220b3b66e8-4ad5-4ad2-a6bb-26c2be54869a%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_ga4sid%22%3A%7B%22v%22%3A%22789073938%22%2C%22e%22%3A1714148592578%7D%2C%22nmDu_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_ga4%22%3A%7B%22v%22%3A%2297ec5251-21b7-4455-aa9d-f2878fb16e12%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_ga4sid%22%3A%7B%22v%22%3A%222024086786%22%2C%22e%22%3A1714148592578%7D%2C%22qlqb_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_ga4%22%3A%7B%22v%22%3A%22edbee4e9-9742-4d88-8e45-c918200291c6%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_ga4sid%22%3A%7B%22v%22%3A%221019036373%22%2C%22e%22%3A1714148592578%7D%2C%22xcVR_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_ga4%22%3A%7B%22v%22%3A%22a045ec2c-8a78-4e0b-9735-d1c9a9ade8c5%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR__z_ga_audiences%22%3A%7B%22v%22%3A%22a045ec2c-8a78-4e0b-9735-d1c9a9ade8c5%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%7D; Domain=yam.com; Path=/; Max-Age=31536000000; HttpOnly; Secure; SameSite=Lax
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=duHBScmVp2%2FOcBmnKiKTKZB%2B9ILDHHwvXtKiUm8NPApLqAyVI29z45v%2F%2FKW2hSNjJNYiM6N%2FcYV%2B49O4yreDzR%2BDkmP4s19TowOB7RT7MPorbp6GDYseRLExUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a7be8d8cff712a-OSL
content-encoding: br
X-Firefox-Spdy: h2

img.yamedia.tw/2021/share/logo.png

104.21.61.68

143 B

URL
img.yamedia.tw/2021/share/logo.png
IP
104.21.61.68:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
143 B (143 bytes)
Hash
cb7b8f439b04c00f4a2d78160ddfee8d
9aa44b5d68f6359f10de0dcd24ea3e12548d9bd4
12755429beb15d5eb57eafa45b8dba326343dd099bf0552038694c3856e8860e

HTTP Headers

GET /2021/share/logo.png HTTP/1.1
Host: img.yamedia.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 15:53:12 GMT
content-type: text/html
content-length: 143
location: https://yamedia.yam.com/2021/share/logo.png
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2BY6zUPpDC4T6%2FgxrOS%2FVkKru%2Bqnp7ELxDlH48ql6R%2B2BNxflwYgdHAmj3opDSHd1VARDxZoXm2x00jgmL%2Bv%2BlU%2F%2BM0dl67Ue23Rz0jlQLYD66O7CLXiNKM0k0KIwJC7qw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7be8e3a8656a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

travelimg.yam.com/cdn-cgi/image/w=300,h=250,fit=cover/DATA/ARTICLE/2022082609183827.jpg

104.27.206.92

24 kB

URL
travelimg.yam.com/cdn-cgi/image/w=300,h=250,fit=cover/DATA/ARTICLE/2022082609183827.jpg
IP
104.27.206.92:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x250, components 3
Size
24 kB (24402 bytes)
Hash
acd5b72fc1f23a2f4f212d089533e0b7
5078f4d77e4e0f171d18ec25226a4fed08df94af
b46b27b83274ec04ae88b815c230bb55c686b393fed2eb5e5724a904364df941

HTTP Headers

GET /cdn-cgi/image/w=300,h=250,fit=cover/DATA/ARTICLE/2022082609183827.jpg HTTP/1.1
Host: travelimg.yam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:12 GMT
content-type: image/jpeg
content-length: 24402
cf-ray: 87a7be8c4b38712a-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=16070400
etag: "cf0i-AlQ8TRhW2Ulg7CkVRK6p8_h8U8Ar-qbnpfcXEDQ:e1522ac5e9b8d81:0"
last-modified: Fri, 26 Aug 2022 01:18:38 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:85,h2pri
cf-resized: internal=ok/h q=0 n=13+0 c=10+29 v=2024.4.0 l=24402
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
priority: u=1;i=?0,cf-chb=(261;u=3;i=?0 1864;u=5;i=?0 14170;u=6;i=?0)
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0a9PDzrTNpGuNdKoFL0gLDr515Do3Tg040zh5fQX%2B5UeqQbgnGFhRq7ro2DO3KRuN7SN%2F3WcSB%2FVfpYvr5KqzzOqyhMorzre9H%2BEilKJ1h6NaAqpe59NdnBbo9XEPJ71J4Ts"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

yamedia.yam.com/2021/share/logo.png

104.27.206.92

12 kB

URL
yamedia.yam.com/2021/share/logo.png
IP
104.27.206.92:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 200, 8-bit/color RGB, non-interlaced
Size
12 kB (11967 bytes)
Hash
1e4551e23432dece821020d90320483a
704bedcaa5c257a74a5674d31f6964a0de962707
5f997ca61624888d3988d80c47db733d41a48cfaafb851ff246b4b756eedf664

HTTP Headers

GET /2021/share/logo.png HTTP/1.1
Host: yamedia.yam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yam.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:13 GMT
content-type: image/png
content-length: 11967
cf-bgj: imgq:100,h2pri
cf-polished: origSize=15099
content-md5: Y+1jEmgYjP8CiQLDg0WN9Q==
etag: "0x8D8C3382A364852"
last-modified: Thu, 28 Jan 2021 02:55:26 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0852fec3-f01e-0048-01c3-7992a3000000
x-ms-version: 2014-02-14
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9QGq4U5s5XPgTVARMRf1reO0J3RCUkNviZSndRwPlqlvDBpQEk7Niogo5%2B1767W1saTrNhLzbfEw3CuyCCwzrOXBcIY%2BpQigyCXkJvMHn8VNdcR00pKhfr6dKQRHByrkFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7be8e7ded712a-OSL
X-Firefox-Spdy: h2

affiliate.klook.com/v1/affnode/render?prod=dynamic_widget&adid=535741&cid=59&tid=-1&amount=3&

34.149.108.21

775 B

URL
affiliate.klook.com/v1/affnode/render?prod=dynamic_widget&adid=535741&cid=59&tid=-1&amount=3&
IP
34.149.108.21:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document, ASCII text, with very long lines (1158)
Size
775 B (775 bytes)
Hash
8fbf0dc99242ece9058015c5383e022f
f3f56f7214d21717f1f00bbfd6f21ebbb7f871e1
9e7daa38bbdc37fcb94ed575b75e55bfee42d30d5b91d3d1fca2a5c4f8254652

HTTP Headers

GET /v1/affnode/render?prod=dynamic_widget&adid=535741&cid=59&tid=-1&amount=3& HTTP/1.1
Host: affiliate.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-length: 775
date: Fri, 26 Apr 2024 15:53:12 GMT
vary: Accept-Encoding
set-cookie: kepler_id=9ccd2739-b9a8-4dbb-97c5-8d804150f822; path=/; expires=Sun, 26 Apr 2026 15:53:12 GMT; samesite=none; secure
server-timing: render-all;dur=1
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubdomains
x-readtime: 1
content-encoding: gzip
x-kong-upstream-latency: 3
x-kong-proxy-latency: 0
server: ReplaceHeaderValue
via: 1.1 google
x-cdn-vendor: gcp
x-cdn-cache: miss
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&v=1&_v=j86&tid=G-NN9H58G4F7https%3A%2F%2Fs.yam.com%2FxGi8Ds.yam.com&cid=a045ec2c-8a78-4e0b-9735-d1c9a9ade8c5&_u=KGDAAEADQAAAAC%7E&z=2084220015&slf_rd=1

216.58.211.4

42 B

URL
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&v=1&_v=j86&tid=G-NN9H58G4F7https%3A%2F%2Fs.yam.com%2FxGi8Ds.yam.com&cid=a045ec2c-8a78-4e0b-9735-d1c9a9ade8c5&_u=KGDAAEADQAAAAC%7E&z=2084220015&slf_rd=1
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&v=1&_v=j86&tid=G-NN9H58G4F7https%3A%2F%2Fs.yam.com%2FxGi8Ds.yam.com&cid=a045ec2c-8a78-4e0b-9735-d1c9a9ade8c5&_u=KGDAAEADQAAAAC%7E&z=2084220015&slf_rd=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yam.com/
Origin: https://s.yam.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 15:53:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
access-control-allow-origin: https://s.yam.com
access-control-allow-credentials: true
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RE4LTMGVEF&cid=1817582744.1714146793&gtm=45je44o0v874613512za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=794147826

142.250.74.163

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RE4LTMGVEF&cid=1817582744.1714146793&gtm=45je44o0v874613512za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=794147826
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RE4LTMGVEF&cid=1817582744.1714146793&gtm=45je44o0v874613512za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=794147826 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 15:53:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.klook.com/s/dist_web/klook-affiliate-front/static/widget/js/chunk-common.d7bbeb7f.js

54.230.111.69

104 kB

URL
cdn.klook.com/s/dist_web/klook-affiliate-front/static/widget/js/chunk-common.d7bbeb7f.js
IP
54.230.111.69:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, from Unix
Size
104 kB (103931 bytes)
Hash
e831f042515f82ae25f19bb5a2df49e3
d71262d8e1576b4ac59cc71887c5bf3467a68b5e
71bf1b0ce7422dd5f3b485baa3289f9b7932c3530cbe6fdbc1e1cbe2b17958aa

HTTP Headers

GET /s/dist_web/klook-affiliate-front/static/widget/js/chunk-common.d7bbeb7f.js HTTP/1.1
Host: cdn.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://affiliate.klook.com
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript
server: nginx
date: Tue, 02 Apr 2024 09:05:24 GMT
x-amz-id-2: C1kHsjcsSYu7ewzDAhxWvLA5VIXmff18SL81hQgQACn3gf2Iy1b7ii7PEMm7t2WYzNDqkdjbXKI=
x-amz-request-id: 2DB0BS9RHKT0MREN
last-modified: Tue, 02 Apr 2024 08:53:26 GMT
etag: W/"470ca841deb07688ba8a5f0d1fff0b89"
x-amz-server-side-encryption: AES256
expires: Wed, 02 Apr 2025 09:05:24 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubdomains
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: w9Wk2nsc9zrYp9MMAHWExWyXCXt5cZTG5KWKtT8t8p6QdCAyP0dObA==
age: 2098069
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1693

216.239.32.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1693
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1693 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s.yam.com
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://s.yam.com
date: Fri, 26 Apr 2024 15:53:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

res.klook.com/image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/jhqvidoafgkvf4z1r14y.jpg

54.230.111.69

45 kB

URL
res.klook.com/image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/jhqvidoafgkvf4z1r14y.jpg
IP
54.230.111.69:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 150x150, segment length 16, progressive, precision 8, 650x420, components 3
Size
45 kB (45072 bytes)
Hash
07c109c31f87086d7b72c9c947aadfca
007e41b905ec6d64caddc7586ddc49b1b7ee0b3b
35b366ed70412171be1d79b16c7a871ea1f368f60b76f66f2acd556e9746e59b

HTTP Headers

GET /image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/jhqvidoafgkvf4z1r14y.jpg HTTP/1.1
Host: res.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 45072
etag: "07c109c31f87086d7b72c9c947aadfca"
last-modified: Thu, 11 Apr 2024 03:27:47 GMT
date: Thu, 11 Apr 2024 04:49:52 GMT
cache-control: private, no-transform, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PcMWf0Fo57M-s05HpYYjlLLJD5eXwSGCpcc7T8yT_u-_FuzmwMa1ww==
age: 1335801
X-Firefox-Spdy: h2

res.klook.com/image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/mdhrbsteztsjyzjs8zy4.jpg

54.230.111.69

26 kB

URL
res.klook.com/image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/mdhrbsteztsjyzjs8zy4.jpg
IP
54.230.111.69:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, progressive, precision 8, 650x420, components 3
Size
26 kB (25503 bytes)
Hash
f87ef95ea161ca827b9aa2a8021f09f1
5e92534524f04750d3c108ff3cd1bc1c0060e8c2
1b1d12f827f2c9b2d5f26dea3c869a60c3a8dd8fe52b243e6e959cf1330d46b0

HTTP Headers

GET /image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/mdhrbsteztsjyzjs8zy4.jpg HTTP/1.1
Host: res.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 25503
etag: "f87ef95ea161ca827b9aa2a8021f09f1"
last-modified: Wed, 19 Apr 2023 03:46:09 GMT
date: Fri, 10 Nov 2023 10:44:02 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j2qoVWjsxFEm_RnbSqt25s29fLHdllZhRf5O-zhzP4SazIvh_l5rbw==
age: 14533752
X-Firefox-Spdy: h2

cdn.klook.com/s/dist_web/klook-affiliate-front/s/dist/desktop/dynamic_widget_v1.js

54.230.111.69

2.4 kB

URL
cdn.klook.com/s/dist_web/klook-affiliate-front/s/dist/desktop/dynamic_widget_v1.js
IP
54.230.111.69:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, from Unix
Size
2.4 kB (2429 bytes)
Hash
49195db93c56e33ccb298680bba13a9d
7f742959ea07b253b41a75a64a53dfb793659328
068ac33ff3ce1b5cb558f7b3ec5740f292151e034108d0a1788b9145743442dc

HTTP Headers

GET /s/dist_web/klook-affiliate-front/s/dist/desktop/dynamic_widget_v1.js HTTP/1.1
Host: cdn.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Sun, 29 Oct 2023 00:26:38 GMT
x-amz-id-2: Pzgf4wLwH9nhNf7/eulSaCCEjQW8Tne0ZnlFhvoMPgwjrsH8MJaI8e2LxpgXrdewspTiRPKeQXg=
x-amz-request-id: RHDYFT90J7N22T1F
last-modified: Mon, 18 Oct 2021 02:44:10 GMT
etag: W/"ceb152ddf5390a749f9c157d20252351"
expires: Mon, 28 Oct 2024 00:26:38 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubdomains
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: E1kH5-_nESVEqLSPIG2JgRdF_6IJYc7Q-10U2WnnoM-7z3anDAMVJw==
age: 15607594
X-Firefox-Spdy: h2

res.klook.com/image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/mx3wwxaeksh7zmb4ebga.jpg

54.230.111.69

34 kB

URL
res.klook.com/image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/mx3wwxaeksh7zmb4ebga.jpg
IP
54.230.111.69:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 144x144, segment length 16, progressive, precision 8, 650x420, components 3
Size
34 kB (34205 bytes)
Hash
8d99dfbb6675d2a652aa80d2a5f4bccd
692fb7abcfa77cd28b3084d40e049657d08ecbc1
fbe7fec667dfa1ad50be0b5064ab1b940bac584aa1247c4798ffbf8d0804319a

HTTP Headers

GET /image/upload/fl_lossy.progressive,q_60,f_auto/c_fill,w_650,h_420/activities/mx3wwxaeksh7zmb4ebga.jpg HTTP/1.1
Host: res.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 34205
etag: "8d99dfbb6675d2a652aa80d2a5f4bccd"
last-modified: Thu, 25 Jan 2024 12:38:13 GMT
date: Wed, 13 Mar 2024 07:04:56 GMT
cache-control: private, no-transform, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OiAdAUX9AudIktu4FK3CmsWvitYIFQ1xcSvPBp1-wsPm5QRdi-JIwA==
age: 3833298
X-Firefox-Spdy: h2

affiliate.klook.com/v3/affsrv/ads/event

34.149.108.21

70 B

URL
affiliate.klook.com/v3/affsrv/ads/event
IP
34.149.108.21:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
70 B (70 bytes)
Hash
e4811654ff7001186063514b66e5d58b
99e80ad04cf70e790961c234b072ba2853a7db64
dccd6a122ce536145b86aef2681be92ebab2fbb2fe44ffa52a8ddc0e86db4d29

HTTP Headers

POST /v3/affsrv/ads/event HTTP/1.1
Host: affiliate.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
X-iframe-Data: {"type":4,"data":""}
X-Klook-Kepler-Id: 9ccd2739-b9a8-4dbb-97c5-8d804150f822
X-Klook-Request-Id: 56149f0b-eb38-4d3a-878a-13611e46c7b1
Content-Length: 15
Origin: https://affiliate.klook.com
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/v1/affnode/render?prod=dynamic_widget&adid=535741&cid=59&tid=-1&amount=3&
Cookie: kepler_id=9ccd2739-b9a8-4dbb-97c5-8d804150f822
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json
content-length: 70
date: Fri, 26 Apr 2024 15:53:14 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type, Content-Length, Authorization, Accept, X-Requested-With, X-Klook-Request-Id, X-Iframe-Data
access-control-allow-methods: POST, OPTIONS
x-klook-request-id: 56149f0b-eb38-4d3a-878a-13611e46c7b1
x-kong-upstream-latency: 2
x-kong-proxy-latency: 1
server: ReplaceHeaderValue
via: 1.1 google
x-cdn-vendor: gcp
x-cdn-cache: uncacheable
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

log.klook.com/v2/frontlogsrv/log/web

34.111.170.216

0 B

URL
log.klook.com/v2/frontlogsrv/log/web
IP
34.111.170.216:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /v2/frontlogsrv/log/web HTTP/1.1
Host: log.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-deviceid,x-platform
Referer: https://affiliate.klook.com/
Origin: https://affiliate.klook.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:15 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: x-klook-host, DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Currency, Authorization, Token, version, X-Platform, _pt, Accept-Language, Accept, Accept-Encoding, X-Klook-Request-Id, X-Klook-Kepler-Id, X-Klook-Tint, X-DeviceID
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 7200
via: 1.1 google
x-cdn-vendor: gcp
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

log.klook.com/v2/frontlogsrv/log/web

34.111.170.216

62 B

URL
log.klook.com/v2/frontlogsrv/log/web
IP
34.111.170.216:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
62 B (62 bytes)
Hash
056ae30ebaafcd0ca1a148d15c0bdf54
813d12625202843516e789c2a859587919707fe3
168fcfeaac95e2af3954dd8a63ebf8b9c61e79842597dcb1cd6f88b748071dc2

HTTP Headers

POST /v2/frontlogsrv/log/web HTTP/1.1
Host: log.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
X-Platform: desktop
X-DeviceId: 9ccd2739-b9a8-4dbb-97c5-8d804150f822
Content-Length: 1865
Origin: https://affiliate.klook.com
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:15 GMT
content-type: application/json; charset=UTF-8
content-length: 62
accept-language: en_US
access-control-allow-origin: *
currency: HKD
x-klook-lang: en_US
x-klook-request-id: 91a6de5
x-klook-service-id: 01
x-klook-version: 1
via: 1.1 google
x-cdn-vendor: gcp
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&_s=2&tfd=7490

216.239.32.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&_s=2&tfd=7490
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&_s=2&tfd=7490 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 169
Origin: https://s.yam.com
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://s.yam.com
date: Fri, 26 Apr 2024 15:53:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

affiliate.klook.com/v2/usrcsrv/hit/experiments

34.149.108.21

14 kB

URL
affiliate.klook.com/v2/usrcsrv/hit/experiments
IP
34.149.108.21:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
14 kB (14472 bytes)
Hash
43b555fc6f1c5508bb5ffc5dcbd4a65c
61d14db98f458c4933ddcc35c4f2f8baacd7f982
4bb0498bbe928791e350c0008d6db5195cced6df41e135254f786cdebf0e6fa3

HTTP Headers

GET /v2/usrcsrv/hit/experiments HTTP/1.1
Host: affiliate.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
X-Klook-Kepler-Id: 9ccd2739-b9a8-4dbb-97c5-8d804150f822
X-Klook-Request-Id: 769f5be9-7273-4791-9f3e-4b1cd3255e23
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/v1/affnode/render?prod=dynamic_widget&adid=535741&cid=59&tid=-1&amount=3&
Cookie: kepler_id=9ccd2739-b9a8-4dbb-97c5-8d804150f822
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 26 Apr 2024 15:53:13 GMT
vary: Accept-Encoding
accept-language: en_US
currency: HKD
x-klook-lang: en_US
x-klook-request-id: 769f5be9-7273-4791-9f3e-4b1cd3255e23
x-klook-service-id: 01
x-klook-version: 1
x-kong-upstream-latency: 3
x-kong-proxy-latency: 0
content-encoding: gzip
server: ReplaceHeaderValue
via: 1.1 google
x-cdn-vendor: gcp
x-cdn-cache: miss
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

log.klook.com/v3/frontlogsrv/log/web?platform=desktop

34.111.170.216

0 B

URL
log.klook.com/v3/frontlogsrv/log/web?platform=desktop
IP
34.111.170.216:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /v3/frontlogsrv/log/web?platform=desktop HTTP/1.1
Host: log.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://affiliate.klook.com/
Origin: https://affiliate.klook.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:20 GMT
content-length: 0
vary: Origin
access-control-allow-origin: https://affiliate.klook.com
access-control-allow-credentials: true
access-control-allow-headers: x-klook-host,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Currency,Authorization,Token,version,X-Platform,_pt,Accept-Language,Accept,Accept-Encoding,X-Klook-Request-Id,X-Klook-Kepler-Id,X-Klook-Tint,X-DeviceID,x-klook-traffic-channel,Date
access-control-allow-methods: GET,POST
access-control-max-age: 3600
x-kong-response-latency: 0
via: 1.1 google
x-cdn-vendor: gcp
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/spec56_btn_gsm_all_gcd_20190320190559.min.css

185.114.247.232

200 OK

924 B

URL GET HTTP/2
ce17574.tw1.ru/index_files/spec56_btn_gsm_all_gcd_20190320190559.min.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with CRLF line terminators
Size
924 B (924 bytes)
Hash
eabaf0aaf10e39b24e4bc7c25d2e7ec8
d0e48a9cdb4d870b510d88cdfc325a2614071327
31525381d30528a71a4c4419b0ee495b4053428b061e75ac0e9556b00d56d1e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/spec56_btn_gsm_all_gcd_20190320190559.min.css HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/css
content-length: 924
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "65c19ea4-39c"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/rules.js.download

185.114.247.232

200 OK

488 B

URL GET HTTP/2
ce17574.tw1.ru/index_files/rules.js.download
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with CRLF line terminators
Size
488 B (488 bytes)
Hash
cd884ffdf1f759fbdeaae54b636288d4
450ea313a0b4b250024abd0935c1f59617841134
f0f8ce50e148b374b7b9b29180824007970478e81ce52669d531a669d9c4c34d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/rules.js.download HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/x-javascript
content-length: 488
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "1e8-610ada6e9f100"
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/gen_ui.png

185.114.247.232

200 OK

6.4 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/gen_ui.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced
Size
6.4 kB (6380 bytes)
Hash
f5f55947733314117f1109f93f826b5f
394e87fcb82200b9c108182bdc761dc6aa016467
c4763204659e2a150da0e4f784da55eff7c77ae08b0c4fe9156a832093fb90fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/gen_ui.png HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: image/png
content-length: 6380
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "65c19ea4-18ec"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/img/new_sprite.png

185.114.247.232

200 OK

10 kB

URL GET HTTP/2
ce17574.tw1.ru/img/new_sprite.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 312 x 104, 8-bit/color RGBA, non-interlaced
Size
10 kB (9961 bytes)
Hash
675d3d69bb78ed155d9d443bef4cccd8
8266846da238de6218a75a11744f35f821baff74
0d477834d11f75ff989d2b6bfbcbaaed80a8e4f8efe65569f4cee2ad603a73af

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /img/new_sprite.png HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: image/png
content-length: 9961
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "65c19ea4-26e9"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/print_20190320190559.min.css

185.114.247.232

200 OK

57 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/print_20190320190559.min.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
57 kB (56881 bytes)
Hash
8f0ad12d9e0ad31642d0f4d720f38466
55570fa50acf26292d5fa58d18736f337c4be78f
d6641337d84bb69e4516c06fb67adac95ca0df58a52449f2e299743884b60b5e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/print_20190320190559.min.css HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-bfb"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&_s=3&tfd=9830
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://s.yam.com/xGi8D
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-RE4LTMGVEF&gtm=45je44o0v874613512za200&_p=1714146792550&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1817582744.1714146793&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&sid=1714146792&sct=1&seg=0&dl=https%3A%2F%2Fs.yam.com%2FxGi8D&dt=yamShare-%E7%B8%AE%E7%B6%B2%E5%9D%80%E6%9C%8D%E5%8B%99&_s=3&tfd=9830 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 200
Origin: https://s.yam.com
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://s.yam.com
date: Fri, 26 Apr 2024 15:53:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ce17574.tw1.ru/index_files/inbenta.css

185.114.247.232

200 OK

17 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/inbenta.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
17 kB (17173 bytes)
Hash
19a2d8088f13cad37fda0f2a5309d873
c02de3f3f09471836280b83455e4e38285436a08
4f68ffe513731aace3b01020abbad6400ef9ce52a7af936d923c8a2dcf8c9175

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/inbenta.css HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-2268a"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/jquery2.js.download

185.114.247.232

200 OK

25 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/jquery2.js.download
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
25 kB (24615 bytes)
Hash
fa1fcab3cb1b8aed3996ac067fa1ff19
d25b3ae39c39c9f7b1264277db8f5d3f36542d2e
ce43ed8437f43d2b64287e814ed187a95324c270b62cdd6b6596fb90108d70da

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/jquery2.js.download HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/x-javascript
vary: Accept-Encoding
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: W/"11348-610ada6e9f100"
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-semibold.eot

185.114.247.232

404 Not Found

196 B

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-semibold.eot
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-semibold.eot HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/jquery.js.download

185.114.247.232

200 OK

31 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/jquery.js.download
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
31 kB (30834 bytes)
Hash
3137cd775cb83bf12dbbd0d1f196ab91
91ec5f56c56f694ac3de0d2101741f9fae14c62d
56bc2f97d10ccc90c2b6f8f6ccb1733bc086148512d4663731e9ff19a51d323a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/jquery.js.download HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/x-javascript
vary: Accept-Encoding
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: W/"15851-610ada6e9f100"
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/index_20190723161948.min.css

185.114.247.232

200 OK

125 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/index_20190723161948.min.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
125 kB (124762 bytes)
Hash
6664eae65d223ff8056830e91839b872
a6ce4fab7103fa976e4f33422ca819ae41407c0d
135d2500adbb5b860d3ea59d2af66f39e5f690f86bc35695bcd9daf9a63baeca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/index_20190723161948.min.css HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-41496"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/js.js.download

185.114.247.232

200 OK

255 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/js.js.download
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
255 kB (254901 bytes)
Hash
7dff90188682936f4835a031f24c6391
6e5c6acc23038e48714f38f9f97b5de5c4185247
ffc5ce052dc3c7d5fac2fe151107ccf4649be76722d2c326f3969477b8abfb05

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/js.js.download HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/x-javascript
vary: Accept-Encoding
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: W/"134bc0-610ada6e9f100"
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-semibold.woff

185.114.247.232

200 OK

64 kB

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-semibold.woff
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
Web Open Font Format, TrueType, length 63896, version 1.50
Size
64 kB (63896 bytes)
Hash
66d6f332d0d93578c726f68d3a9ada3b
10ebe50154b114f97ff25d99034ce724116ee47e
ecc485cb5434c03a5990728a87f66f6b46635d3bd97fd9fd175df05e37bbb6f9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-semibold.woff HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/font-woff
content-length: 63896
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "65c19ea4-f998"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.yam.com/favicon.ico

104.27.206.92

4.4 kB

URL
www.yam.com/favicon.ico
IP
104.27.206.92:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel
Size
4.4 kB (4356 bytes)
Hash
3462052ceaf1ca808f485b312389a9e1
0205ba34df60ad51f4d11a36dbbf3c98cc2ba567
4850257a2c4f08dead3246f744557f1738056664fd17cf427ef1574df44d22d5

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.yam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Cookie: cfz_google-analytics_v4=%7B%22HXmK_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_ga4sid%22%3A%7B%22v%22%3A%221888461634%22%2C%22e%22%3A1714148592578%7D%2C%22HXmK_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_ga4%22%3A%7B%22v%22%3A%221fd7144e-6a33-424f-8b7c-9c51ddf4473a%22%2C%22e%22%3A1745682792578%7D%2C%22HXmK_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_ga4sid%22%3A%7B%22v%22%3A%221444559350%22%2C%22e%22%3A1714148592578%7D%2C%22fhIF_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_ga4%22%3A%7B%22v%22%3A%220b3b66e8-4ad5-4ad2-a6bb-26c2be54869a%22%2C%22e%22%3A1745682792578%7D%2C%22fhIF_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_ga4sid%22%3A%7B%22v%22%3A%22789073938%22%2C%22e%22%3A1714148592578%7D%2C%22nmDu_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_ga4%22%3A%7B%22v%22%3A%2297ec5251-21b7-4455-aa9d-f2878fb16e12%22%2C%22e%22%3A1745682792578%7D%2C%22nmDu_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_ga4sid%22%3A%7B%22v%22%3A%222024086786%22%2C%22e%22%3A1714148592578%7D%2C%22qlqb_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_ga4%22%3A%7B%22v%22%3A%22edbee4e9-9742-4d88-8e45-c918200291c6%22%2C%22e%22%3A1745682792578%7D%2C%22qlqb_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_engagementStart%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_ga4sid%22%3A%7B%22v%22%3A%221019036373%22%2C%22e%22%3A1714148592578%7D%2C%22xcVR_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_ga4%22%3A%7B%22v%22%3A%22a045ec2c-8a78-4e0b-9735-d1c9a9ade8c5%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR__z_ga_audiences%22%3A%7B%22v%22%3A%22a045ec2c-8a78-4e0b-9735-d1c9a9ade8c5%22%2C%22e%22%3A1745682792578%7D%2C%22xcVR_let%22%3A%7B%22v%22%3A%221714146792578%22%2C%22e%22%3A1745682792578%7D%7D; _ga_RE4LTMGVEF=GS1.1.1714146792.1.0.1714146792.60.0.0; _ga=GA1.1.1817582744.1714146793
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:53:13 GMT
content-type: image/x-icon
etag: W/"358873766b10d91:0"
last-modified: Thu, 15 Dec 2022 09:56:11 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=94uIQo75LTOcMDqZGr3I5wrEpoH%2F3BrbtshKq1oFDCD%2FKl7hyRSPhBtS7tGkuOv3IOll0KN4W3dEUBqbx58AOYjMGjpi8uJkypjPNyer%2Btn5mwuFsqWSjJSr1yKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7be904811712a-OSL
content-encoding: br
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-bold.woff

185.114.247.232

200 OK

30 kB

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-bold.woff
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
Web Open Font Format, TrueType, length 29688, version 1.0
Size
30 kB (29688 bytes)
Hash
8ddef052d66452862e8aef5f63fe6109
7432d98ccfc52ff401e3c37439ee2e61722c279b
10d5ee3a453be2ea83297c419182d5c32de6f46a530594fa5ec2aea8cd31c626

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-bold.woff HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/font-woff
content-length: 29688
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "65c19ea4-73f8"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-italic.otf

185.114.247.232

404 Not Found

196 B

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-italic.otf
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-italic.otf HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/index_pri_20201013141424.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-italic.woff

185.114.247.232

404 Not Found

196 B

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-italic.woff
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-italic.woff HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/index_pri_20201013141424.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
X-Firefox-Spdy: h2

log.klook.com/v3/frontlogsrv/log/web?platform=desktop

34.111.170.216

62 B

URL
log.klook.com/v3/frontlogsrv/log/web?platform=desktop
IP
34.111.170.216:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
62 B (62 bytes)
Hash
056ae30ebaafcd0ca1a148d15c0bdf54
813d12625202843516e789c2a859587919707fe3
168fcfeaac95e2af3954dd8a63ebf8b9c61e79842597dcb1cd6f88b748071dc2

HTTP Headers

POST /v3/frontlogsrv/log/web?platform=desktop HTTP/1.1
Host: log.klook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1252
Origin: https://affiliate.klook.com
DNT: 1
Connection: keep-alive
Referer: https://affiliate.klook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/json; charset=UTF-8
content-length: 62
accept-language: en_US
access-control-allow-origin: https://affiliate.klook.com
currency: HKD
x-klook-lang: en_US
x-klook-request-id: c393a6b
x-klook-service-id: 01
x-klook-version: 1
vary: Origin
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token,Date
x-kong-upstream-latency: 1
x-kong-proxy-latency: 0
via: 1.1 google
x-cdn-vendor: gcp
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ce17574.tw1.ru/

185.114.247.232

200 OK

27 kB

URL User Request GET HTTP/2
ce17574.tw1.ru/
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
gzip compressed data, from Unix
Size
27 kB (26617 bytes)
Hash
9f12120306cf98a41bcd5b6f017c106d
54202c8dffa4079e1ceedd2064a8548a8ae67f9d
a8dccb851cf481f3488b27940d858157c894bb418536f8bd501637732ef20c81

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET / HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.yam.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/img/pictos-fonctionnels_20200629183129.svg

185.114.247.232

200 OK

329 kB

URL GET HTTP/2
ce17574.tw1.ru/img/pictos-fonctionnels_20200629183129.svg
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type

Size
329 kB (328937 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /img/pictos-fonctionnels_20200629183129.svg HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: image/svg+xml
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-504e9"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/logo-sg-seul.svg

185.114.247.232

200 OK

3.0 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/logo-sg-seul.svg
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
SVG Scalable Vector Graphics image
Size
3.0 kB (3042 bytes)
Hash
efa052c81f59f9de3e8cdea6874b51f2
be26da061dbda7223edf3565a96f4d549800f9c6
3558bec093d472325dd11d084d5009ba13d4925def969aa29c53fce416cddca2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/logo-sg-seul.svg HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: image/svg+xml
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-be2"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/img/favicon.ico

185.114.247.232

200 OK

318 B

URL GET HTTP/2
ce17574.tw1.ru/img/favicon.ico
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors
Size
318 B (318 bytes)
Hash
ca10c09aeaf43460d3760f50c608eb51
f2ed2a4fe0e1eadb7dd28444ea6b7a04abf0d38e
daf58b06a09d467436ee5fd10eefbeadac3cf6ecaef1eca1884ef8330f561642

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: image/x-icon
content-length: 318
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "13e-610ada6e9f100"
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/style.css

185.114.247.232

200 OK

180 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/style.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with very long lines (1330), with CRLF line terminators
Size
180 kB (180495 bytes)
Hash
77603dc1f154ebf1ce331920d4a899fa
07e054367cdbee879d51feea346de422cd1bb4d9
2d44928b93b88ed19c681cc9c4a16f00428a70831d3d1933a1c5db9afb33eab5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/style.css HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-2c10f"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-regular.woff

185.114.247.232

200 OK

30 kB

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-regular.woff
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
Web Open Font Format, TrueType, length 29936, version 1.0
Size
30 kB (29936 bytes)
Hash
ee8fb2f1d98caedf1822bd94ac49592a
78342ab4847d4794808b9f1ef361c8845139cd5b
b2bd7e62939ac983fd01971920b44c1313a0d00b6f81ef80ae7a4b8ba5f20311

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-regular.woff HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: application/font-woff
content-length: 29936
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "65c19ea4-74f0"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-it.otf

185.114.247.232

404 Not Found

196 B

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-it.otf
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
HTML document, ASCII text, with no line terminators
Size
196 B (196 bytes)
Hash
4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-it.otf HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/awt-front-BDDF.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
X-Firefox-Spdy: h2

ce17574.tw1.ru/img/41de603c123a04387e8b57c2f2c9897e.svg

185.114.247.232

200 OK

71 kB

URL GET HTTP/2
ce17574.tw1.ru/img/41de603c123a04387e8b57c2f2c9897e.svg
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type

Size
71 kB (70885 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /img/41de603c123a04387e8b57c2f2c9897e.svg HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: image/svg+xml
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-114e5"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/img/spriteV4.png

185.114.247.232

200 OK

56 kB

URL GET HTTP/2
ce17574.tw1.ru/img/spriteV4.png
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
PNG image data, 880 x 650, 8-bit/color RGBA, non-interlaced
Size
56 kB (56012 bytes)
Hash
2489b1de4b742de1d025c2751296143e
ca790ae20b4603ce6595ab1a0384dd217105306c
fdffcd1a92a88cf374901faf2ec466c6d16c0baa8b1f92426a24424743b65ab4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /img/spriteV4.png HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: image/png
content-length: 56012
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
etag: "65c19ea4-dacc"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/index_pri_20201013141424.min.css

185.114.247.232

200 OK

223 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/index_pri_20201013141424.min.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
223 kB (222558 bytes)
Hash
23ca09657029cb02397aa2af5b812bb8
2dbf5d4fd91d979b3d26e65e064f155b17cb4ff5
ffb0158cdc267512932acd22b13aa4f0df1652290faa987148d69f923b6cb797

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/index_pri_20201013141424.min.css HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-3655e"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-it.woff

185.114.247.232

404 Not Found

196 B

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-it.woff
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
HTML document, ASCII text, with no line terminators
Size
196 B (196 bytes)
Hash
4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-it.woff HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/awt-front-BDDF.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-bold.eot

185.114.247.232

404 Not Found

196 B

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-bold.eot
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
HTML document, ASCII text, with no line terminators
Size
196 B (196 bytes)
Hash
4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-bold.eot HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
X-Firefox-Spdy: h2

ce17574.tw1.ru/index_files/awt-front-BDDF.css

185.114.247.232

200 OK

101 kB

URL GET HTTP/2
ce17574.tw1.ru/index_files/awt-front-BDDF.css
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
101 kB (100638 bytes)
Hash
d8d07b2eee0de2299f9472f923cd736c
c305b5152ac4720e22a161529e9fc7c519fda6b0
064cdaef709bff99e6ad7775891f4e2a0979ede5cbc1e8e60a7ccea5d1885879

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /index_files/awt-front-BDDF.css HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 02:51:16 GMT
vary: Accept-Encoding
etag: W/"65c19ea4-1891e"
expires: Sat, 26 Apr 2025 15:53:21 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ce17574.tw1.ru/fonts/sourcesanspro-regular.eot

185.114.247.232

404 Not Found

196 B

URL GET HTTP/2
ce17574.tw1.ru/fonts/sourcesanspro-regular.eot
IP
185.114.247.232:443
ASN
#9123 TimeWeb Ltd.

Requested by
https://ce17574.tw1.ru/
Certificate
IssuerGlobalSign nv-sa
Subject*.tw1.ru
FingerprintF8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51
ValidityThu, 11 Jan 2024 13:25:41 GMT - Tue, 11 Feb 2025 13:25:40 GMT

File type
HTML document, ASCII text, with no line terminators
Size
196 B (196 bytes)
Hash
4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Societe Generale
OpenPhish	phishing	Societe Generale
PhishTank	phishing	Other

HTTP Headers

GET /fonts/sourcesanspro-regular.eot HTTP/1.1
Host: ce17574.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ce17574.tw1.ru/index_files/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx/1.24.0
date: Fri, 26 Apr 2024 15:53:21 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash