Report - nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html

Report Overview

Visited public
2025-04-09 10:49:51
Tags
phishing credit_agricole finacial
URL
nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
Finishing URL
nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
IP / ASN
162.255.118.66
#22612 NAMECHEAP-NET
Title
Accès CR - Crédit Agricole
Phishing - Credit Agricole

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nsaccrseff-10d890d.ingress-alpha.ewp.live	unknown	2022-05-26	2025-04-05	2025-04-05	3.0 kB	799 kB	162.255.118.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-08	medium	nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html	Credit Agricole S.A.

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html

162.255.118.66

200 OK

4.4 kB

URL User Request GET
nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
IP
162.255.118.66:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subject*.ingress-alpha.ewp.live
Fingerprint90:DC:7B:F3:E5:0C:68:97:15:DF:09:7E:7D:68:6E:A6:66:5C:10:E0
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
4.4 kB (4411 bytes)
Hash
6b9fd513c349e5c818234bcd464ff669
bb89959f4b51c09b8c86b14c9697b8fd2b30f21a
ad3fea269700c0956c73932baf7a1fab5fe8b2e52a91af32ac87d9655aa4e041

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole
OpenPhish	phishing	Credit Agricole S.A.

HTTP Headers

GET /fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html HTTP/1.1
Host: nsaccrseff-10d890d.ingress-alpha.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 07:44:23 GMT
last-modified: Sun, 23 Apr 2023 13:32:34 GMT
etag: "64453372-113b"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 11106
accept-ranges: bytes
x-cache: HIT
content-length: 1423
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/image-dep.css

162.255.118.66

200 OK

4.5 kB

URL GET
nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/image-dep.css
IP
162.255.118.66:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
Certificate
IssuerSectigo Limited
Subject*.ingress-alpha.ewp.live
Fingerprint90:DC:7B:F3:E5:0C:68:97:15:DF:09:7E:7D:68:6E:A6:66:5C:10:E0
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
4.5 kB (4536 bytes)
Hash
f25763ece7796b8848af77e80792f4da
5393a9976d260697f89de943598efbc562a48e0f
9d9cb236f2fd4561efc72a9e8b36cc08d24e276b56e186601615205bb6224763

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/image-dep.css HTTP/1.1
Host: nsaccrseff-10d890d.ingress-alpha.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 09:32:21 GMT
last-modified: Sun, 23 Apr 2023 13:32:46 GMT
etag: "6445337e-11b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 4628
accept-ranges: bytes
x-cache: HIT
content-length: 819
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/favicon.ico

162.255.118.66

200 OK

12 kB

URL GET
nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/favicon.ico
IP
162.255.118.66:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
Certificate
IssuerSectigo Limited
Subject*.ingress-alpha.ewp.live
Fingerprint90:DC:7B:F3:E5:0C:68:97:15:DF:09:7E:7D:68:6E:A6:66:5C:10:E0
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3
Size
12 kB (11469 bytes)
Hash
3d22fa307cf71954f6abba566c4983a6
0dffa841021251b6a5533679321584c10d0e98cc
0aaf5804a0bfa2db97cbb1dd89d62307c7580007638c51a5751bfec9c152d595

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/favicon.ico HTTP/1.1
Host: nsaccrseff-10d890d.ingress-alpha.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 09 Apr 2025 09:32:21 GMT
last-modified: Sun, 23 Apr 2023 13:32:46 GMT
etag: "6445337e-2ccd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/x-icon
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 4629
accept-ranges: bytes
x-cache: HIT
content-length: 9799
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

162.255.118.66

200 OK

776 kB

URL GET
nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/back-dep.PNG
IP
162.255.118.66:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/dep.html
Certificate
IssuerSectigo Limited
Subject*.ingress-alpha.ewp.live
Fingerprint90:DC:7B:F3:E5:0C:68:97:15:DF:09:7E:7D:68:6E:A6:66:5C:10:E0
ValidityTue, 30 Apr 2024 00:00:00 GMT - Sat, 31 May 2025 23:59:59 GMT

File type
PNG image data, 1366 x 768, 8-bit/color RGBA, non-interlaced
Size
776 kB (775946 bytes)
Hash
addd437c3af0851c8e2ed6aa3419cff8
6444dea5b38efd380691b0f6a88fc140246522df
576bcd541bd8f83a65efff5da1d27c9a4cd6efa60be65bcc251494cbc9c56259

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Credit Agricole

HTTP Headers

GET /fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/back-dep.PNG HTTP/1.1
Host: nsaccrseff-10d890d.ingress-alpha.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsaccrseff-10d890d.ingress-alpha.ewp.live/fQmhDYkFSSXNBTElkMlozbnV6OExYR2w4eEpmQlVESnlUbFcyU/2BfAjrdur0cVKHBBRd4/4VFGHD7yuWFEVNX62rNs/5raW87RX0XE01rt3/4TVQfTZWlWWaV94FvdfCov4/Client/files/image-dep.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Apr 2025 12:21:29 GMT
last-modified: Sun, 23 Apr 2023 13:32:40 GMT
etag: "64453378-bd70a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 775946
x-cacheable: YES
age: 80881
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers