www.notificationdsp2.publicvm.com Open in urlscan Pro
161.35.192.92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.notificationdsp2.publicvm.com/
Submission: On August 11 via api (August 11th 2024, 6:16:43 pm UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 161.35.192.92, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is www.notificationdsp2.publicvm.com.
TLS certificate: Issued by R10 on August 9th 2024. Valid for: 3 months.

This is the only time www.notificationdsp2.publicvm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Orange (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
13	161.35.192.92 161.35.192.92	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a01:c9c0:a3:... 2a01:c9c0:a3:8::247	8891 (FTBGPDM) (FTBGPDM)
15	2

13 161.35.192.92 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

www.notificationdsp2.publicvm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:c9c0:a3:8::247 (France)

ASN8891 (FTBGPDM, FR)

c.woopic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	publicvm.com www.notificationdsp2.publicvm.com	192 KB
2	woopic.com c.woopic.com — Cisco Umbrella Rank: 497982	38 KB
15	2

	Domain	Requested by
13	www.notificationdsp2.publicvm.com	www.notificationdsp2.publicvm.com
2	c.woopic.com	www.notificationdsp2.publicvm.com
15	2

This site contains links to these domains. Also see Links.

Domain
login.orange.fr
r.orange.fr

Subject Issuer	Validity	Valid
notificationdsp2.publicvm.com R10	`2024-08-09` - `2024-11-07`	3 months	crt.sh
cdn.woopic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-04` - `2025-06-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.notificationdsp2.publicvm.com/
Frame ID: 0528720175A6095607FBC381617959DD
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Identifiez-vous

Page Statistics

15
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

230 kB
Transfer

674 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://login.orange.fr/retrouver-adresse-compte
Title: Comment retrouver l’adresse e-mail de votre compte

Search URL Search Domain Scan URL

URL: https://r.orange.fr/r/Oid_signup
Title: Créer un compte sans être client Orange

Search URL Search Domain Scan URL

URL: https://login.orange.fr/aide
Title: Besoin d’aide ?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.notificationdsp2.publicvm.com/ 33 KB
6 KB 603ms
33ms Document
text/html 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/8.2.22 PleskLin
Resource Hash: edcf2413f8d06c6887f468ad2bf63fca68c811b9618d0ef1c1fe36a599971d1e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 6226
content-type: text/html; charset=UTF-8
date: Sun, 11 Aug 2024 18:16:35 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.22 PleskLin

GET
H2 200 c471d9ac2eae46e5.css
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/css/ 196 B
353 B 49ms
46ms Stylesheet
text/css 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/css/c471d9ac2eae46e5.css
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 4fd8751139c6b182b9288b5a251c545332f34890b3a1a8aa9d9b05bd4d5eacf0

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:35 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
x-accel-version: 0.01
etag: "c4-5f37811ee2c80-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 147

GET
H2 200 webpack-97b6e0a2140bd49a.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/ 3 KB
2 KB 49ms
47ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/webpack-97b6e0a2140bd49a.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: ece2643b0638bf5af6657598d67501b655aabf5b0e5d72105c38f6c15b38178d

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:35 GMT
content-encoding: br
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
etag: W/"63d791a2-c8f"
x-powered-by: PleskLin
content-type: text/javascript

GET
H2 200 framework-5f4595e5518b5600.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/ 127 KB
39 KB 42ms
41ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/framework-5f4595e5518b5600.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 8e89e1175a6145d737446d673ffa073f4c469c8fe3972f5287b1e7e9b241282b

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: br
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
etag: W/"63d791a2-1fbbb"
x-powered-by: PleskLin
content-type: text/javascript

GET
H2 200 main-bef50b518b880ebb.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/ 85 KB
24 KB 77ms
72ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/main-bef50b518b880ebb.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 0cd5ed867c73f611a882ad386ece45a76d53906349d85b67bf17eec71b5f8468

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: br
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
etag: W/"63d791a2-15337"
x-powered-by: PleskLin
content-type: text/javascript

GET
H2 200 _app-1db4cc61610da4b6.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/pages/ 328 KB
92 KB 124ms
119ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/pages/_app-1db4cc61610da4b6.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 06ab3ff3b05aea6ff316d367ac4af8f5560551d6e57d1d77075e328d5572e053

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: br
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
etag: W/"63d791a2-51e94"
x-powered-by: PleskLin
content-type: text/javascript

GET
H2 200 435-c64827d6dde5cd19.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/ 16 KB
6 KB 138ms
133ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/435-c64827d6dde5cd19.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 55f9f489ed1d545b533a77c3d2eaf03828c0626a637ab80a86610766d487ca27

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: br
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
etag: W/"63d791a2-40ec"
x-powered-by: PleskLin
content-type: text/javascript

GET
H2 200 index-1049b166ac9903ec.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/pages/ 33 KB
9 KB 80ms
75ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/chunks/pages/index-1049b166ac9903ec.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 28c5a945450299eeb8926476435ffecba194af79057edef19148160c6e7605d0

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: br
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
etag: W/"63d791a2-8413"
x-powered-by: PleskLin
content-type: text/javascript

GET
H2 200 _buildManifest.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/0d83c7cd1b0ffe7266db6d9830aa6ff8291d92bb/ 1 KB
545 B 138ms
134ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/0d83c7cd1b0ffe7266db6d9830aa6ff8291d92bb/_buildManifest.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: a3bdc8d2c0857e4307bb5202a1e33179717edd2dd347fb17241632687605825a

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: br
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
etag: W/"63d791a2-40e"
x-powered-by: PleskLin
content-type: text/javascript

GET
H2 200 _ssgManifest.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/0d83c7cd1b0ffe7266db6d9830aa6ff8291d92bb/ 77 B
271 B 138ms
133ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/0d83c7cd1b0ffe7266db6d9830aa6ff8291d92bb/_ssgManifest.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
x-accel-version: 0.01
etag: "4d-5f37811ee2c80-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 61

GET
H2 200 _middlewareManifest.js Show response
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/0d83c7cd1b0ffe7266db6d9830aa6ff8291d92bb/ 92 B
272 B 92ms
88ms Script
text/javascript 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/0d83c7cd1b0ffe7266db6d9830aa6ff8291d92bb/_middlewareManifest.js
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 09:45:06 GMT
server: nginx
x-accel-version: 0.01
etag: "5c-5f37811ee2c80-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 62

GET
H2 200 head-image.png
www.notificationdsp2.publicvm.com/c.woopic.com/ 12 KB
12 KB 49ms
47ms Image
image/png 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.notificationdsp2.publicvm.com/c.woopic.com/head-image.png
Requested by: Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 27d5579a17eb1f27cdf335afe70a6f05eb92aa3b6fac1e2cf5bda17738f3378b

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:35 GMT
last-modified: Tue, 07 Feb 2023 13:18:44 GMT
server: nginx
etag: "63e24fb4-2f83"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 12163

GET
H/1.1 200
OK HelvNeue75_W1G.woff2
c.woopic.com/fonts/ 18 KB
19 KB 240ms
36ms Font
application/octet-stream 2a01:c9c0:a3:8::247
FTBGPDM

General

Check archive.org

Show headers Download Go to

Full URL

https://c.woopic.com/fonts/HelvNeue75_W1G.woff2

Requested by

Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a01:c9c0:a3:8::247 , France, ASN8891 (FTBGPDM, FR),

Reverse DNS

Software

nginx /

Resource Hash

9d091f8ac8f622ef32b06ef1d72e296675b8ac7a0eedb132e089d8a4d61ce5dd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
Origin: https://www.notificationdsp2.publicvm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Sun, 11 Aug 2024 18:16:36 GMT
X-Mid: pr1s
Age: 147492
X-Cache: HIT
Connection: keep-alive
Content-Length: 18520
X-Trans-Id: txcd3374abb8e4415eb5149-0066b6bfe0
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 11 May 2023 16:01:28 GMT
Server: nginx
Etag: e54a5770b5f82d8d6d9a1727e440bd79
Vary: Origin
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age
X-Timestamp: 1683820887.10969
Cache-Control: max-age=15552000
x-server: sph
Accept-Ranges: bytes

GET
H/1.1 200
OK HelvNeue55_W1G.woff2
c.woopic.com/fonts/ 18 KB
19 KB 240ms
36ms Font
application/octet-stream 2a01:c9c0:a3:8::247
FTBGPDM

General

Check archive.org

Show headers Download Go to

Full URL

https://c.woopic.com/fonts/HelvNeue55_W1G.woff2

Requested by

Host: www.notificationdsp2.publicvm.com
URL: https://www.notificationdsp2.publicvm.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a01:c9c0:a3:8::247 , France, ASN8891 (FTBGPDM, FR),

Reverse DNS

Software

nginx /

Resource Hash

a84ca6b96b545a4df7413f3bbe30dc209af87adff480ee3a5cd0ff73e94ebbbb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
Origin: https://www.notificationdsp2.publicvm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Sun, 11 Aug 2024 18:16:36 GMT
X-Mid: pr4s
Age: 147492
X-Cache: HIT
Connection: keep-alive
Content-Length: 18684
X-Trans-Id: tx1b20273608434d4db820c-0066b6bfe0
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 11 May 2023 16:01:31 GMT
Server: nginx
Etag: 7cacf6f3f310565b41c6b3f536419773
Vary: Origin
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age
X-Timestamp: 1683820890.79915
Cache-Control: max-age=15552000
x-server: sph
Accept-Ranges: bytes

GET
H2 200 favicon-32x32.png
www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/icons/ 165 B
333 B 33ms
29ms Other
image/png 161.35.192.92
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notificationdsp2.publicvm.com/cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-ssr-1.29.3/_next/static/icons/favicon-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 161.35.192.92 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 61c063768271f151d43dece97df0bbb7c7544678ebc3bc4cb32203979abfd7f4

Request headers

Referer: https://www.notificationdsp2.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 18:16:36 GMT
last-modified: Mon, 30 Jan 2023 09:45:04 GMT
server: nginx
x-accel-version: 0.01
etag: "a5-5f37811cfa800"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 165

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Orange (Telecommunication)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.notificationdsp2.publicvm.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 44sjtrpj14g13a1sj7ikrmi87u

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.woopic.com
www.notificationdsp2.publicvm.com
161.35.192.92
2a01:c9c0:a3:8::247
06ab3ff3b05aea6ff316d367ac4af8f5560551d6e57d1d77075e328d5572e053
0cd5ed867c73f611a882ad386ece45a76d53906349d85b67bf17eec71b5f8468
27d5579a17eb1f27cdf335afe70a6f05eb92aa3b6fac1e2cf5bda17738f3378b
28c5a945450299eeb8926476435ffecba194af79057edef19148160c6e7605d0
4fd8751139c6b182b9288b5a251c545332f34890b3a1a8aa9d9b05bd4d5eacf0
55f9f489ed1d545b533a77c3d2eaf03828c0626a637ab80a86610766d487ca27
61c063768271f151d43dece97df0bbb7c7544678ebc3bc4cb32203979abfd7f4
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
8e89e1175a6145d737446d673ffa073f4c469c8fe3972f5287b1e7e9b241282b
9d091f8ac8f622ef32b06ef1d72e296675b8ac7a0eedb132e089d8a4d61ce5dd
a3bdc8d2c0857e4307bb5202a1e33179717edd2dd347fb17241632687605825a
a84ca6b96b545a4df7413f3bbe30dc209af87adff480ee3a5cd0ff73e94ebbbb
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
ece2643b0638bf5af6657598d67501b655aabf5b0e5d72105c38f6c15b38178d
edcf2413f8d06c6887f468ad2bf63fca68c811b9618d0ef1c1fe36a599971d1e

www.notificationdsp2.publicvm.com Open in urlscan Pro 161.35.192.92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

15 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

230 kBTransfer

674 kBSize

1 Cookies

3 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

www.notificationdsp2.publicvm.com Open in urlscan Pro
161.35.192.92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

230 kB
Transfer

674 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!