Report - urlz.fr/rosk

Report Overview

Visitedpublic

2024-07-26 08:51:22

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-25 18:12:06	2.3 kB	6.2 kB	23.36.76.226
nasserimenourass-f5135f.ingress-baronn.ewp.live	unknown	unknown	No data	No data	472 B	311 kB	63.250.43.9
urlz.fr	403707	2011-05-14	2014-01-17 17:42:52	2024-07-26 07:46:26	468 B	312 kB	104.21.234.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-07-25	medium	nasserimenourass-f5135f.ingress-baronn.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.php	Credit Agricole S.A.
2024-07-25	medium	urlz.fr/rosk	Credit Agricole S.A.

PhishTank

Scan Date	Severity	Indicator	Alert
2024-07-25	medium	nasserimenourass-f5135f.ingress-baronn.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.php	Other
2024-07-25	medium	urlz.fr/rosk	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen24726

Size504 B (504 bytes)

MD5577f20b1ad1240dc12215f4d93e53b8f

SHA14fb6d79b9c4adb8f712073e9662ceae41a4f097c

SHA256523bc00bcd3cc12a640ebce3df80c0aed9fc552c4be5bae1831c00b9027ce0c0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "523BC00BCD3CC12A640EBCE3DF80C0AED9FC552C4BE5BAE1831C00B9027CE0C0"
Last-Modified: Wed, 24 Jul 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12955
Expires: Fri, 26 Jul 2024 12:19:56 GMT
Date: Fri, 26 Jul 2024 08:44:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen18914

Size504 B (504 bytes)

MD521fba4953d0a666a4844d872097cb8f4

SHA180ac64ff700d5d02eb9901123ecd64f02c9e3ec2

SHA256f5c60f75b60eb8ef8e42e66fcad10e8df5759fe29bad30a23871fb7c1da61456

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F5C60F75B60EB8EF8E42E66FCAD10E8DF5759FE29BAD30A23871FB7C1DA61456"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20942
Expires: Fri, 26 Jul 2024 14:33:03 GMT
Date: Fri, 26 Jul 2024 08:44:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-24

Last Seen2024-08-19

Times Seen14863

Size504 B (504 bytes)

MD553c120d8bd28a824c423b6b51e6a5f07

SHA18c8f9015ddb4e7bbd18c0b35103ff1e8a0b7d5c1

SHA2560ef528831322336534e6b28ac3db61ac793b2b52f700672aee09ee5b1c92a2c7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0EF528831322336534E6B28AC3DB61AC793B2B52F700672AEE09EE5B1C92A2C7"
Last-Modified: Wed, 24 Jul 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3103
Expires: Fri, 26 Jul 2024 09:35:44 GMT
Date: Fri, 26 Jul 2024 08:44:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-24

Last Seen2024-08-19

Times Seen20820

Size504 B (504 bytes)

MD5b1e4e1a92df74669a74711c4eaef2acc

SHA1a26f28116849cc857a0e31e3495f659e0cd36ac4

SHA25677f9d9afcb4a72b62085fa7ca04adb0007edaec1ab4bde5c4b82272a786a6cad

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "77F9D9AFCB4A72B62085FA7CA04ADB0007EDAEC1AB4BDE5C4B82272A786A6CAD"
Last-Modified: Wed, 24 Jul 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7318
Expires: Fri, 26 Jul 2024 10:46:00 GMT
Date: Fri, 26 Jul 2024 08:44:02 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen23918

Size504 B (504 bytes)

MD591392416ed946eb8b26810ff46d7e57e

SHA18ce21a441df1ac09da4ebf098eaf47e2d74bbff0

SHA2565d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20755
Expires: Fri, 26 Jul 2024 14:29:58 GMT
Date: Fri, 26 Jul 2024 08:44:03 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen23918

Size504 B (504 bytes)

MD591392416ed946eb8b26810ff46d7e57e

SHA18ce21a441df1ac09da4ebf098eaf47e2d74bbff0

SHA2565d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20755
Expires: Fri, 26 Jul 2024 14:29:58 GMT
Date: Fri, 26 Jul 2024 08:44:03 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen23918

Size504 B (504 bytes)

MD591392416ed946eb8b26810ff46d7e57e

SHA18ce21a441df1ac09da4ebf098eaf47e2d74bbff0

SHA2565d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20755
Expires: Fri, 26 Jul 2024 14:29:58 GMT
Date: Fri, 26 Jul 2024 08:44:03 GMT
Connection: keep-alive

GET nasserimenourass-f5135f.ingress-baronn.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.php

63.250.43.9

404 Not Found

311 kB

URL

nasserimenourass-f5135f.ingress-baronn.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.php

IP / ASN

63.250.43.9

#22612 NAMECHEAP-NET

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (57435)

First Seen2024-03-04

Last Seen2025-02-11

Times Seen435

Size311 kB (310783 bytes)

MD5a8c81793830cb83ecca24a6b48ba539f

SHA1e081ae638bab76567b410d7c04bb3a8ab55d76b7

SHA256095d02a44d29eec459435f1bb50c0e7d4085301c77e364c8fa7029f417918676

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Credit Agricole S.A.
PhishTank	phishing	Other

HTTP Headers

GET /wp-content/plugins/kredittikay%C4%B1l/pages/region.php HTTP/1.1
Host: nasserimenourass-f5135f.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
content-type: text/html
date: Fri, 26 Jul 2024 08:44:03 GMT
transfer-encoding: chunked

GET urlz.fr/rosk

104.21.234.214

302 Found

311 kB

URL

urlz.fr/rosk

IP / ASN

104.21.234.214

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606313

Size311 kB (310783 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjecturlz.fr

Fingerprint95:3E:1F:4E:3E:B6:DB:DA:E4:C7:1F:A0:F3:2F:CF:4C:DD:96:E2:52

ValidityFri, 28 Jun 2024 09:32:52 GMT - Thu, 26 Sep 2024 09:32:51 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Credit Agricole S.A.
PhishTank	phishing	Other

HTTP Headers

GET /rosk HTTP/1.1
Host: urlz.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Jul 2024 08:44:02 GMT
content-type: text/html; charset=UTF-8
location: https://nasserimenourass-f5135f.ingress-baronn.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.php
expires: Fri, 26 Jul 2024 08:45:02 GMT
cache-control: max-age=60
x-fastcgi-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C1erGwjrHB0lfOtU0cJuyjQ0RtAIuxEi%2FKx9EI7fXLFV170r01GYS2e5Ym%2FXpPhGoHo%2BHnqPXOYxBTFu6rnuc9a6MbZeJuzBhe9PKxKS4om%2BNuLbEVHuCygT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a931b020da963be-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2