urlscan.io logo urlscan.io
SecurityTrails logo

nourayatravel.com Open in urlscan Pro
135.181.9.38  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://nourayatravel.com/login
Submission: On May 06 via manual from RS — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 135.181.9.38, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is nourayatravel.com.
TLS certificate: Issued by R3 on April 10th 2022. Valid for: 3 months.
This is the only time nourayatravel.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Orange (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 135.181.9.38 24940 (HETZNER-AS)
2 2a01:c9c0:a3:... 8891 (FTBGPDM)
3 2a01:c9c0:a3:... 8891 (FTBGPDM)
7 4
Apex Domain
Subdomains		 Transfer
5 woopic.com
cdn.woopic.com — Cisco Umbrella Rank: 170260
c.woopic.com — Cisco Umbrella Rank: 176896
118 KB
1 nourayatravel.com
nourayatravel.com
6 KB
0 orange.ma Failed
espace-client.orange.ma Failed
7 3
Domain Requested by
3 c.woopic.com nourayatravel.com
2 cdn.woopic.com nourayatravel.com
1 nourayatravel.com
0 espace-client.orange.ma Failed nourayatravel.com
7 4

This site contains no links.

Subject Issuer Validity Valid
nourayatravel.com
R3		 2022-04-10 -
2022-07-09		 3 months crt.sh
cdn.woopic.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-20 -
2022-06-27		 5 months crt.sh
images.orangepublicite.fr
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-06 -
2022-07-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nourayatravel.com/login
Frame ID: ECC7C616C82819818594DA20C542C36F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

7
Requests

86 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

124 kB
Transfer

448 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
nourayatravel.com/ 		30 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nourayatravel.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
135.181.9.38 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.9.181.135.clients.your-server.de
Software
LiteSpeed / PHP/8.1.5
Resource Hash
00559532030238e4718f0fc1a6e2354d26392f80608f022c9c80ca23dd6e2e17

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 06 May 2022 13:14:07 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/8.1.5
orange.v1.9.274.css
espace-client.orange.ma/css/ 		0
0
n1-mobile.99050ee9e29d89cd8746.css
cdn.woopic.com/18d8339538654b1dbf96a30e92745731/css/ 		100 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.woopic.com/18d8339538654b1dbf96a30e92745731/css/n1-mobile.99050ee9e29d89cd8746.css
Requested by
Host: nourayatravel.com
URL: https://nourayatravel.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c9c0:a3:8::247 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software
nginx /
Resource Hash
74e40893226e33d9b7d356cf2cb0c405f76b42510635d54452988c3ae2429e1c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nourayatravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 13:14:07 GMT
Content-Encoding
gzip
X-Mid
pr3s
Age
624
X-Cache
HIT
Connection
keep-alive
X-Trans-Id
txd85cd1f54c8242cbb6a7d-0062751cae
Accept-Ranges
bytes
Last-Modified
Tue, 12 Apr 2022 08:53:55 GMT
Server
nginx
ETag
W/50c6a300919be8aed760ddc36309db93
Vary
Accept-Encoding
Content-Type
text/css
X-Timestamp
1649753634.76068
Cache-Control
max-age=31540000
x-server
sph
Content-Length
16479
o_load_responsive_web.js
c.woopic.com/libs/common/ 		46 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.woopic.com/libs/common/o_load_responsive_web.js
Requested by
Host: nourayatravel.com
URL: https://nourayatravel.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c9c0:a3:8::32 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software
nginx /
Resource Hash
151979d2427d3b38cd1462ab56d5c7e066d75b3343883c5fb688a9d92295f525
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nourayatravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 13:14:07 GMT
Content-Encoding
gzip
X-Mid
pr2s
Age
54
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-Trans-Id
txc50786bcb2b447c7b2991-0062751ee8
X-Xss-Protection
1; mode=block
Last-Modified
Thu, 05 May 2022 09:44:04 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, Origin
X-Object-Meta-Mtime
1651654603.000000
X-Timestamp
1651743843.43030
Cache-Control
s-maxage=60, max-age=0
x-server
sph
Content-Type
application/javascript
logo-orange.png
c.woopic.com/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.woopic.com/logo-orange.png
Requested by
Host: nourayatravel.com
URL: https://nourayatravel.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c9c0:a3:8::32 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software
nginx /
Resource Hash
b36e8ca10880ffc8a3903cd991589fbbe8aa75cbff6315f475be1ed0e9bda472
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nourayatravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 13:14:08 GMT
X-Mid
pr2s
Age
41
X-Cache
HIT
Connection
keep-alive
Vary
Origin
X-Trans-Id
tx1624503027c447c08bfbe-0062751ef6
X-Xss-Protection
1; mode=block
Accept-Ranges
bytes
Last-Modified
Tue, 01 Mar 2022 10:11:08 GMT
Server
nginx
Etag
ba58c4c13a8cce3745d4891ece04159e
X-Frame-Options
SAMEORIGIN
X-Object-Meta-Mtime
1646129461.489712
X-Timestamp
1646129467.21732
x-server
sph
Content-Length
3354
Content-Type
image/png
n1-mobile-prospect.2b9f266421b139422569.js
cdn.woopic.com/18d8339538654b1dbf96a30e92745731/js/ 		260 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.woopic.com/18d8339538654b1dbf96a30e92745731/js/n1-mobile-prospect.2b9f266421b139422569.js
Requested by
Host: nourayatravel.com
URL: https://nourayatravel.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c9c0:a3:8::247 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software
nginx /
Resource Hash
303e7e7def8e13526a2c9d1d4486b05e7a7629707c391961893b81f5a0cefc7b

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nourayatravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 13:14:07 GMT
Content-Encoding
gzip
X-Mid
pr3s
Last-Modified
Tue, 12 Apr 2022 08:54:13 GMT
Server
nginx
Age
624
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
application/javascript
X-Timestamp
1649753652.46549
Cache-Control
max-age=31540000
Transfer-Encoding
chunked
Connection
keep-alive
x-server
sph
X-Trans-Id
tx00b601852dc34b53adfac-0062751caf
pdb.min.js
c.woopic.com/tools/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.woopic.com/tools/pdb.min.js
Requested by
Host: nourayatravel.com
URL: https://nourayatravel.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c9c0:a3:8::32 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software
nginx /
Resource Hash
ed3b0560bc63777f3de8cee30835c993e12db364ea5d1cb3c35b77f38638dd62
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nourayatravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 13:14:07 GMT
Content-Encoding
gzip
X-Mid
pr2s
Age
82
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-Trans-Id
tx85e3375826704cbc869a1-0062751ecd
X-Xss-Protection
1; mode=block
Last-Modified
Wed, 04 May 2022 15:33:18 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, Origin
X-Object-Meta-Mtime
1651677743.000000
X-Timestamp
1651678397.41124
x-server
sph
Content-Type
application/javascript

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
espace-client.orange.ma
URL
https://espace-client.orange.ma/css/orange.v1.9.274.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Orange (Telecommunication)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

1 Cookies

Domain/Path Name / Value
nourayatravel.com/ Name: PHPSESSID
Value: dgm9npgdcbt0l6bggrr9c5pdfh