festive-greider.5-255-101-246.plesk.page Open in urlscan Pro
5.255.101.246 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://festive-greider.5-255-101-246.plesk.page/orange
Effective URL:
https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1a...
Submission: On October 14 via automatic, source openphish (October 14th 2022, 3:26:15 pm UTC) — Scanned from NL

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 5.255.101.246, located in Netherlands and belongs to LITESERVER, NL. The main domain is festive-greider.5-255-101-246.plesk.page.
TLS certificate: Issued by R3 on October 13th 2022. Valid for: 3 months.

This is the only time festive-greider.5-255-101-246.plesk.page was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Orange (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
2 10	5.255.101.246 5.255.101.246	60404 (LITESERVER) (LITESERVER)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
2	2a01:c9c0:a3:... 2a01:c9c0:a3:8::32	8891 (FTBGPDM) (FTBGPDM)
3	2a01:c9c0:c3:... 2a01:c9c0:c3:229::109	8891 (FTBGPDM) (FTBGPDM)
14	5

10 5.255.101.246 (Netherlands) 2 redirects

ASN60404 (LITESERVER, NL)

festive-greider.5-255-101-246.plesk.page	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:c9c0:a3:8::32 (France)

ASN8891 (FTBGPDM, FR)

c.woopic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a01:c9c0:c3:229::109 (France)

ASN8891 (FTBGPDM, FR)

cdn.woopic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	plesk.page 2 redirects festive-greider.5-255-101-246.plesk.page	99 KB
5	woopic.com c.woopic.com — Cisco Umbrella Rank: 147349 cdn.woopic.com — Cisco Umbrella Rank: 136152	59 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 677	83 KB
14	3

	Domain	Requested by
10	festive-greider.5-255-101-246.plesk.page	2 redirects festive-greider.5-255-101-246.plesk.page
3	cdn.woopic.com	festive-greider.5-255-101-246.plesk.page
2	c.woopic.com	festive-greider.5-255-101-246.plesk.page
1	code.jquery.com	festive-greider.5-255-101-246.plesk.page
14	4

This site contains no links.

Subject Issuer	Validity	Valid
festive-greider.5-255-101-246.plesk.page R3	`2022-10-13` - `2023-01-11`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
c.woopic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-18` - `2023-08-01`	a year	crt.sh
cdn.woopic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-06-27`	9 months	crt.sh

This page contains 1 frames:

Primary Page: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
Frame ID: D605F55A3CF30135F9BF4AD1D9358759
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Identifiez-vous avec votre compte Orange

Page URL History Show full URLs

https://festive-greider.5-255-101-246.plesk.page/orange HTTP 301
https://festive-greider.5-255-101-246.plesk.page/orange/ HTTP 302
https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

240 kB
Transfer

1300 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://festive-greider.5-255-101-246.plesk.page/orange HTTP 301
https://festive-greider.5-255-101-246.plesk.page/orange/ HTTP 302
https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
festive-greider.5-255-101-246.plesk.page/orange/
Redirect Chain

https://festive-greider.5-255-101-246.plesk.page/orange
https://festive-greider.5-255-101-246.plesk.page/orange/
https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297a...

40 KB
7 KB

50ms
49ms

Document
text/html

5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx / PHP/8.0.24 PleskLin
Resource Hash: 35744659a6e5908daa8b33fc7f3edde23238fa80290da53686c553d7e865c4fe

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

content-encoding: gzip
content-length: 6993
content-type: text/html; charset=UTF-8
date: Fri, 14 Oct 2022 15:26:10 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.0.24 PleskLin

Redirect headers

content-length: 40625
content-type: text/html; charset=UTF-8
date: Fri, 14 Oct 2022 15:26:10 GMT
location: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
server: nginx
x-powered-by: PHP/8.0.24 PleskLin

GET
H2 200 jquery-1.11.3.js Show response
code.jquery.com/ 278 KB
83 KB 94ms
26ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.3.js
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 2065aecca0fb9b0567358d352ed5f1ab72fce139bf449b4d09805f5d9c3725ed

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://festive-greider.5-255-101-246.plesk.page/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-456ea"
vary: Accept-Encoding
x-hw: 1665761170.dop121.am5.t,1665761170.cds249.am5.hn,1665761170.cds308.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 84538

GET
H2 200 css.css
festive-greider.5-255-101-246.plesk.page/orange/css/ 924 KB
92 KB 145ms
144ms Stylesheet
text/css 5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: b0df968f659f02b3d6b2d6462423ed045067969709552d46d7e977beb7fd5ecb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: br
last-modified: Mon, 26 Aug 2019 19:17:14 GMT
server: nginx
etag: W/"5d64303a-e6f5c"
x-powered-by: PleskLin
content-type: text/css

GET
H/1.1 200
OK logo-orange.png
c.woopic.com/ 3 KB
4 KB 208ms
52ms Image
image/png 2a01:c9c0:a3:8::32
FTBGPDM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.woopic.com/logo-orange.png

Requested by

Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a01:c9c0:a3:8::32 , France, ASN8891 (FTBGPDM, FR),

Reverse DNS

Software

nginx /

Resource Hash

b36e8ca10880ffc8a3903cd991589fbbe8aa75cbff6315f475be1ed0e9bda472

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://festive-greider.5-255-101-246.plesk.page/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 15:26:10 GMT
X-Mid: pr2s
Age: 28
X-Cache: HIT
Connection: keep-alive
Content-Length: 3354
X-Trans-Id: txa845db5dcea5495b8e73b-0063497f75
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 01 Mar 2022 10:11:08 GMT
Server: nginx
Etag: ba58c4c13a8cce3745d4891ece04159e
Vary: Origin
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Object-Meta-Mtime: 1646129461.489712
X-Timestamp: 1646129467.21732
x-server: sph
Accept-Ranges: bytes

GET
H/1.1 401
Unauthorized Logo_MC_noir_fond_transparent_small.png
cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.5.2/images/services_comm/ 0
0 607ms
111ms Image
text/html 2a01:c9c0:c3:229::109
FTBGPDM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.5.2/images/services_comm/Logo_MC_noir_fond_transparent_small.png
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:c9c0:c3:229::109 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://festive-greider.5-255-101-246.plesk.page/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H/1.1 401
Unauthorized Logo_MC_orange_fond_transparent_small.png
cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.5.2/images/services_comm/ 0
0 615ms
120ms Image
text/html 2a01:c9c0:c3:229::109
FTBGPDM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.5.2/images/services_comm/Logo_MC_orange_fond_transparent_small.png
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:c9c0:c3:229::109 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://festive-greider.5-255-101-246.plesk.page/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 804 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fe343f77ff48a87d3a9e97abc92c72624728ecaedda1566a4990561319f30c0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK om_desktop.png
cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.15.1/images/services_comm/ 29 KB
29 KB 497ms
58ms Image
image/png 2a01:c9c0:c3:229::109
FTBGPDM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.15.1/images/services_comm/om_desktop.png
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/?return_url=https%3A%2F%2Fwww.orange.fr%2Fportail&_Authentication=9fa790a5412a2255491ea1aab13ecb1bad152f08ae5bdba546432ff13aeb891993dd204297ad69ba47ba963c870704ea680cfcc884549ccf5b393696
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:c9c0:c3:229::109 , France, ASN8891 (FTBGPDM, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8dab2dc2566251e916a476c846ea0ed1ce459d26917a088146765ea6b2bef997

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://festive-greider.5-255-101-246.plesk.page/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 15:26:10 GMT
X-Mid: pr2m
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 29367
X-Trans-Id: tx35df8b4f6b8e4331b18a9-0063497f92
Last-Modified: Mon, 20 Jul 2020 15:29:08 GMT
Server: nginx
Etag: bfd2858e4707255b0200abbe93131293
Vary: Origin,Accept-Encoding
Content-Type: image/png
X-Object-Meta-Mtime: 1595258738.000000
X-Timestamp: 1595258947.86779
Cache-Control: max-age=31536000
x-server: mts
Accept-Ranges: bytes

GET
H/1.1 200
OK o-icomoon.woff
c.woopic.com/Magic/ 26 KB
26 KB 165ms
60ms Font
application/font-woff 2a01:c9c0:a3:8::32
FTBGPDM

General

Check archive.org

Show headers Download Go to

Full URL

https://c.woopic.com/Magic/o-icomoon.woff?1xeygc

Requested by

Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a01:c9c0:a3:8::32 , France, ASN8891 (FTBGPDM, FR),

Reverse DNS

Software

nginx /

Resource Hash

39a17072f7d756bdafaeea4e5f52a0af6017521f40648e17993cb800d4fc8093

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://festive-greider.5-255-101-246.plesk.page/
Origin: https://festive-greider.5-255-101-246.plesk.page
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 15:26:10 GMT
X-Mid: pr1s
Last-Modified: Wed, 14 Oct 2020 13:05:47 GMT
Server: nginx
Age: 9251515
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=15552000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26264
X-Xss-Protection: 1; mode=block
Expires: Mon, 26 Dec 2022 13:34:14 GMT

GET
H2 404 HelvNeue75_W1G.woff2
festive-greider.5-255-101-246.plesk.page/orange/fonts/ 0
0 44ms
44ms Font
text/html 5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue75_W1G.woff2
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Origin: https://festive-greider.5-255-101-246.plesk.page
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: br
last-modified: Thu, 13 Oct 2022 23:56:03 GMT
server: nginx
etag: W/"328-5eaf340858bad"
content-type: text/html

GET
H2 404 HelvNeue55_W1G.woff2
festive-greider.5-255-101-246.plesk.page/orange/fonts/ 0
0 46ms
46ms Font
text/html 5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue55_W1G.woff2
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Origin: https://festive-greider.5-255-101-246.plesk.page
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: br
last-modified: Thu, 13 Oct 2022 23:56:03 GMT
server: nginx
etag: W/"328-5eaf340858bad"
content-type: text/html

GET
H2 404 HelvNeue75_W1G.woff
festive-greider.5-255-101-246.plesk.page/orange/fonts/ 0
0 46ms
46ms Font
text/html 5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue75_W1G.woff
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Origin: https://festive-greider.5-255-101-246.plesk.page
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: br
last-modified: Thu, 13 Oct 2022 23:56:03 GMT
server: nginx
etag: W/"328-5eaf340858bad"
content-type: text/html

GET
H2 404 HelvNeue55_W1G.woff
festive-greider.5-255-101-246.plesk.page/orange/fonts/ 0
0 40ms
40ms Font
text/html 5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue55_W1G.woff
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Origin: https://festive-greider.5-255-101-246.plesk.page
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: br
last-modified: Thu, 13 Oct 2022 23:56:03 GMT
server: nginx
etag: W/"328-5eaf340858bad"
content-type: text/html

GET
H2 404 HelvNeue55_W1G.ttf
festive-greider.5-255-101-246.plesk.page/orange/fonts/ 0
0 47ms
47ms Font
text/html 5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue55_W1G.ttf
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Origin: https://festive-greider.5-255-101-246.plesk.page
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: br
last-modified: Thu, 13 Oct 2022 23:56:03 GMT
server: nginx
etag: W/"328-5eaf340858bad"
content-type: text/html

GET
H2 404 HelvNeue75_W1G.ttf
festive-greider.5-255-101-246.plesk.page/orange/fonts/ 0
0 46ms
46ms Font
text/html 5.255.101.246
LITESERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue75_W1G.ttf
Requested by: Host: festive-greider.5-255-101-246.plesk.page
URL: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.255.101.246 , Netherlands, ASN60404 (LITESERVER, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://festive-greider.5-255-101-246.plesk.page/orange/css/css.css
Origin: https://festive-greider.5-255-101-246.plesk.page
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 15:26:10 GMT
content-encoding: br
last-modified: Thu, 13 Oct 2022 23:56:03 GMT
server: nginx
etag: W/"328-5eaf340858bad"
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Orange (Telecommunication)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue75_W1G.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue55_W1G.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue55_W1G.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue75_W1G.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue55_W1G.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://festive-greider.5-255-101-246.plesk.page/orange/fonts/HelvNeue75_W1G.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.5.2/images/services_comm/Logo_MC_noir_fond_transparent_small.png Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://cdn.woopic.com/c15d9d8fc98141b084d96f795046449b/auth-2.5.2/images/services_comm/Logo_MC_orange_fond_transparent_small.png Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.woopic.com
cdn.woopic.com
code.jquery.com
festive-greider.5-255-101-246.plesk.page
2001:4de0:ac18::1:a:2a
2a01:c9c0:a3:8::32
2a01:c9c0:c3:229::109
5.255.101.246
2065aecca0fb9b0567358d352ed5f1ab72fce139bf449b4d09805f5d9c3725ed
35744659a6e5908daa8b33fc7f3edde23238fa80290da53686c553d7e865c4fe
39a17072f7d756bdafaeea4e5f52a0af6017521f40648e17993cb800d4fc8093
8dab2dc2566251e916a476c846ea0ed1ce459d26917a088146765ea6b2bef997
9fe343f77ff48a87d3a9e97abc92c72624728ecaedda1566a4990561319f30c0
b0df968f659f02b3d6b2d6462423ed045067969709552d46d7e977beb7fd5ecb
b36e8ca10880ffc8a3903cd991589fbbe8aa75cbff6315f475be1ed0e9bda472
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

festive-greider.5-255-101-246.plesk.page Open in urlscan Pro 5.255.101.246 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

75 %IPv6

3 Domains

4 Subdomains

5 IPs

2 Countries

240 kBTransfer

1300 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

festive-greider.5-255-101-246.plesk.page Open in urlscan Pro
5.255.101.246 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

240 kB
Transfer

1300 kB
Size

0
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!