Edit tour

Windows Analysis Report
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/

Overview

General Information

Sample URL:	http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/
Analysis ID:	860834
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

HTML page is missing a favicon

Classification

Process Tree

System is w10x64

chrome.exe (PID: 648 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1608,i,1843768984066396914,7514191513938128957,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5468 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/ MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg

Source: classification engine

Classification label: mal56.win@31/253@66/33

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1608,i,1843768984066396914,7514191513938128957,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1608,i,1843768984066396914,7514191513938128957,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source:	Binary string: u.ev={'view':1};u.initialized=false;u.map={"js_page.pdb_disableObserver":"pdb_disableObserver","js_page.pdb_flushOnExit":"pdb_flushOnExit","js_page.pdb_flushTimeout":"pdb_flushTimeout","js_page.pdb_groupCalls":"pdb_groupCalls","js_page.pdb_transport":"pdb_transport","js_page.pdb_watchedAttributes":"pdb_watchedAttributes"};u.extend=[function(a,b){try{if(1){if(typeof utag.tmsconsent==='undefined'){return false;}else{return utag.tmsconsent.c.w.cs.c1!=1;}}}catch(e){utag.DB(e)}}];u.send=function(a,b){if(u.ev[a]\|\|u.ev.all!==undefined){var c,d,e,f,i;u.data={};for(c=0;c<u.extend.length;c++){try{d=u.extend[c](a,b);if(d==false)return}catch(e){}};for(d in utag.loader.GV(u.map)){if(b[d]!==undefined&&b[d]!==""){e=u.map[d].split(",");for(f=0;f<e.length;f++){u.data[e[f]]=b[d];}}} source: chromecache_460.1.dr
Source:	Binary string: if(o_confCommon['responsiveMobile']===false){b.responsivemobile="False";}else{b.responsivemobile="True";}}},function(a,b){var t_width=b["dom.viewport_width"];if(t_width<640){b.display_screen=1;}else if(t_width>=640&&t_width<776){b.display_screen=2;}else if(t_width>=776&&t_width<1024){b.display_screen=3;}else{b.display_screen=4;}},function(a,b){try{if(1){try{b['clientID_google']=b['cp._ga'].substring(b['cp._ga'].indexOf(".",4)+1,b['cp._ga'].length)}catch(e){}}}catch(e){utag.DB(e);}},function(a,b){try{if(1){try{b['bluekai_allow_multiple_calls']=true}catch(e){}}}catch(e){utag.DB(e);}},function(a,b){try{if(1){try{b['env']=utag.cfg.path.split('/')[6]}catch(e){}}}catch(e){utag.DB(e);}},function(a,b){try{if(1){if(!(!b["dom.referrer"]\|\|0===b["dom.referrer"].length)){var r=b["dom.referrer"].split("/")[2];if(r!=b["dom.domain"]){b["hote_referent"]=r;}}}}catch(e){utag.DB(e)}},function(a,b){try{if(1){b["sonde_dydu"]=(/dydu$/.test(navigator.userAgent))?"oui":"non";}}catch(e){utag.DB(e)}},function(a,b){try{if(b['dom.domain'].toString().indexOf('assistance.sosh.fr')>-1){try{b['id_pc_sosh']=(/[0-9]+/.test(b["idpc"]))?b["idpc"]:"";}catch(e){}}}catch(e){utag.DB(e);}},function(a,b){try{if(b['dom.domain'].toString().indexOf('contact.orange.fr')>-1){try{b['id_pc_orange']=(/[0-9]+/.test(b["track_cible"]))?b["track_cible"]:"";}catch(e){}}}catch(e){utag.DB(e);}},function(a,b){try{if(1){b['js_page.o_idzone.USER_OPEN']=b['user_open']}}catch(e){utag.DB(e);}},function(a,b){try{if(b['dom.url'].toString().indexOf('www.orange.fr')>-1){b['js_page.pdb_transport']='beacon';b['js_page.pdb_disableObserver']='false'}}catch(e){utag.DB(e);}},function(a,b){try{if(1){(function(window){var BlockAdBlock=function(options){this._options={checkOnLoad:false,resetOnEnd:false,loopCheckTime:50,loopMaxNumber:5,baitClass:'pub_300x250 pub_300x250m pub_728x90 text-ad textAd text_ad text_ads text-ads text-ad-links',baitStyle:'width: 1px !important; height: 1px !important; position: absolute !important; left: -10000px !important; top: -1000px !important;',debug:false};this._var={version:'3.2.0',bait:null,checking:false,loop:null,loopNumber:0,event:{detected:[],notDetected:[]}};if(options!==undefined){this.setOption(options);} source: chromecache_307.1.dr
Source:	Binary string: u.loader_cb=function(){o_checkPdbGA=function(){if(typeof o_pdb!="undefined"){o_pdb.init({watchedAttributes:u.data.pdb_watchedAttributes,pixelURL:u.data.pdb_baseURL,groupCalls:u.data.pdb_groupCalls,flushTimeout:u.data.pdb_flushTimeout,flushOnExit:u.data.pdb_flushOnExit,transport:u.data.pdb_transport,disableObserver:u.data.pdb_disableObserver,debug:u.data.pdb_debug});}else{setTimeout(o_checkPdbGA,10);}};o_checkPdbGA();};if(!('o_pdb'in window)){u.loader({"type":"script","src":"https://gp.cdn.woopic.com/tools/pdb.min.js","cb":u.loader_cb,"loc":"script","id":'utag_131'});}else{u.loader_cb();} source: chromecache_460.1.dr

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	5 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	6 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/	18%	Virustotal		Browse
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/	100%	Avira URL Cloud	phishing
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label	Link
https://cdn.adgtw.orangeads.fr/mediation/ora_authen.identification.js	0%	Avira URL Cloud	safe
https://cdn.metriscope.com	0%	Avira URL Cloud	safe
https://www.googleoptimize.com/optimize.js?id=OPT-5Q7Z7N2	0%	Avira URL Cloud	safe
https://events.mediarithmics.com/v1/update_mapping/pixel?$etid=&$stgid=d254cbbb-fef9-48a3-8c1b-7a2ec6322e41&$fmt=px&$dat_token=&$site_token=orange_web&$gdpr_consent&$gdpr=1	0%	Avira URL Cloud	safe
http://confiant-integrations.global.ssl.fastly.net/Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js	0%	Avira URL Cloud	safe
https://p.nxtck.com/an?a=1&val=&loc=https%3a//all.orfr.adgtw.orangeads.fr/nxt%3f%7Baud_ids%7D&rnd=89	0%	Avira URL Cloud	safe
https://events.mediarithmics.com/v1/check_cookie/pixel?$chk=d7bce821-135c-4919-830b-4da9c510e3e7&$etid=&$stgid=d254cbbb-fef9-48a3-8c1b-7a2ec6322e41&$fmt=px&$dat_token=&$site_token=orange_web&$gdpr_consent&$gdpr=1	0%	Avira URL Cloud	safe
http://confiant-integrations.global.ssl.fastly.net/Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
front.prod.espclient.gslb.fti.net	193.252.133.37	true	false	unknown
consent.prod.cachehttp.gslb.fti.net	193.252.122.184	true	false	unknown
generique-https.prod.redirect.gslb.fti.net	193.252.148.223	true	false	unknown
orangefrance-fr.v3.leadformance.com	35.187.68.168	true	false	unknown
www.orangeadvertising.fr	212.227.73.27	true	false	high
datalayer.prod.cachehttp.gslb.fti.net	193.252.133.62	true	false	unknown
front-ng.prod.idzone.gslb.fti.net	193.252.133.81	true	false	unknown
video-a-la-demande.orange.fr	80.10.184.74	true	false	high
proxy-pub.prod.euiidme.gslb.fti.net	193.252.122.88	true	false	unknown
confiant-integrations.global.ssl.fastly.net	151.101.1.194	true	false	unknown
boutique.orange.fr.ext.fti.net	80.10.184.69	true	false	unknown
chatbot.orange.fr	80.12.125.138	true	false	high
www.google.com	172.217.168.68	true	false	high
m.boutique.orange.fr.ext.fti.net	80.10.184.69	true	false	unknown
meteo.orange.fr	51.255.101.244	true	false	high
paas.prod.cachehttp.gslb.fti.net	193.252.117.167	true	false	unknown
accounts.google.com	172.217.168.45	true	false	high
securepubads46.g.doubleclick.net	172.217.168.66	true	false	high
r-orange.prod.redirect.gslb.fti.net	81.52.142.207	true	false	unknown
front-d.prod.assistance.gslb.fti.net	193.252.122.78	true	false	unknown
replay.orange.fr	80.10.186.74	true	false	high
poole-soi-https.prod.cachehttp.gslb.fti.net	193.252.133.109	true	false	unknown
hpo-main.prod.hporange.gslb.fti.net	193.252.133.97	true	false	unknown
lo.v.liveperson.net	178.249.97.70	true	false	high
sso.orange.fr	193.251.215.153	true	false	high
sdk.privacy-center.org	18.165.183.89	true	false	unknown
mise-a-jour.ca21922.tw1.ru	185.114.245.107	true	false	high
pdata.orange.fr.ext.fti.net	34.149.49.113	true	false	unknown
erable.orange.fr	80.12.70.27	true	false	high
lb.mediarithmics.com	54.36.150.187	true	false	unknown
master-7rqtwti-5ogheytje25c2.eu.platform.sh	54.76.137.79	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
orangemoney.fr	149.202.160.59	true	false	unknown
sso.e.orange.fr	80.10.186.66	true	false	high
dqhnh528pns4r.cloudfront.net	13.224.103.97	true	false	high
erable-f.orange.fr	80.12.102.113	true	false	high
dzfq4ouujrxm8.cloudfront.net	18.165.183.67	true	false	high
chaines-tv.orange.fr	80.10.184.74	true	false	high
adgtw.prod.cachehttp.gslb.fti.net	193.252.133.109	true	false	unknown
securepubads.g.doubleclick.net	unknown	unknown	false	high
signalement.fftelecoms.org	unknown	unknown	false	unknown
pro.orange.fr	unknown	unknown	false	high
cdn.adgtw.orangeads.fr	unknown	unknown	false	unknown
finance.orange.fr	unknown	unknown	false	high
communaute.orange.fr	unknown	unknown	false	high
trust-system-eui.orange.fr	unknown	unknown	false	high
auto.orange.fr	unknown	unknown	false	high
news.orange.fr	unknown	unknown	false	high
static.mediarithmics.com	unknown	unknown	false	unknown
clients2.google.com	unknown	unknown	false	high
all.orfr.adgtw.orangeads.fr	unknown	unknown	false	unknown
espaceclientv3.orange.fr	unknown	unknown	false	high
djingo.orange.fr	unknown	unknown	false	high
c.orange.fr	unknown	unknown	false	high
accdn.lpsnmedia.net	unknown	unknown	false	high
cookie-matching.mediarithmics.com	unknown	unknown	false	unknown
actu.orange.fr	unknown	unknown	false	high
espaceclientpro.orange.fr	unknown	unknown	false	high
tv.jeu.orange.fr	unknown	unknown	false	high
tags.tiqcdn.com	unknown	unknown	false	high
c.woopic.com	unknown	unknown	false	high
boutique.orange.fr	unknown	unknown	false	high
datalayer.orange.fr	unknown	unknown	false	high
events.mediarithmics.com	unknown	unknown	false	unknown
businesslounge.orange.fr	unknown	unknown	false	high
lpcdn.lpsnmedia.net	unknown	unknown	false	high
tendances.orange.fr	unknown	unknown	false	high
cdn.woopic.com	unknown	unknown	false	high
iz.orange.fr	unknown	unknown	false	high
consent.orange.fr	unknown	unknown	false	high
www.orange.fr	unknown	unknown	false	high
www.orange-business.com	unknown	unknown	false	high
musique.orange.fr	unknown	unknown	false	high
r.orange.fr	unknown	unknown	false	high
assistance.orange.fr	unknown	unknown	false	high
pdata.orange.fr	unknown	unknown	false	high
lemagtv.orange.fr	unknown	unknown	false	high
m.boutique.orange.fr	unknown	unknown	false	high
e.orange.fr	unknown	unknown	false	high
sports.orange.fr	unknown	unknown	false	high
orangebank.orange.fr	unknown	unknown	false	high
gp.cdn.woopic.com	unknown	unknown	false	high
agence.orange.fr	unknown	unknown	false	high
lptag.liveperson.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://events.mediarithmics.com/v1/update_mapping/pixel?$etid=&$stgid=d254cbbb-fef9-48a3-8c1b-7a2ec6322e41&$fmt=px&$dat_token=&$site_token=orange_web&$gdpr_consent&$gdpr=1	false	Avira URL Cloud: safe	unknown
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/Identifiez-vous%20avec%20votre%20compte%20Orange_fichiers/o_tealium.js	false		high
https://chatbot.orange.fr/appWebChatFront/webchat/assets/ob1/web/css/orange-icons.min.css	false		high
https://assistance.orange.fr/api/ame/related/768184/Cookies%20presentation	false		high
https://gp.cdn.woopic.com/libs/oFCwa2ru/common/js/o_onei_core.all.desktop.OHIC125oi.js	false		high
https://chatbot.orange.fr/appWebChatng/public/jsLibrary/ua-parser.min.js	false		high
https://espaceclientpro.orange.fr/djingo/assets/integration/djingoChatProd.js	false		high
https://chatbot.orange.fr/appWebChatFront/webchat/assets/ob1/web/css/style.min.css	false		high
https://c.woopic.com/Magic/configuration.tgif.json	false		high
https://chatbot.orange.fr/appWebChatFront/webchat/assets/css/emoji.min.css	false		high
https://tags.tiqcdn.com/utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448	false		high
https://cdn.adgtw.orangeads.fr/mediation/ora_authen.identification.js	false	Avira URL Cloud: safe	unknown
http://confiant-integrations.global.ssl.fastly.net/Ngwh8Nfclp8QnaUOpjNkhYFSsl8/gpt_and_prebid/config.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/Identifiez-vous%20avec%20votre%20compte%20Orange_fichiers/ABPlanning.json	false		high
https://gp.cdn.woopic.com/libs/oFCwa2ru/common/js/o_onei_core.js	false		high
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/Identifiez-vous%20avec%20votre%20compte%20Orange_fichiers/z.gif	false		high
http://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/identite/202011261454&cb=1683530174545	false		high
http://gp.cdn.woopic.com/fonts/HelvNeue75_W1G.woff2?20201014	false		high
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=orange/assistance/202305051423&cb=1683530191730	false		high
https://tags.tiqcdn.com/utag/orange/businesslounge/prod/utag.7.js?utv=ut4.46.202305021232	false		high
http://c.woopic.com/fonts/HelvNeue55_W1G.woff2?20201014	false		high
https://chatbot.orange.fr/appWebChatFront/webchat/assets/images/icon-moins.svg	false		high
https://tags.tiqcdn.com/utag/orange/assistance/prod/utag.259.js?utv=ut4.39.202304261257	false		high
https://events.mediarithmics.com/v1/check_cookie/pixel?$chk=d7bce821-135c-4919-830b-4da9c510e3e7&$etid=&$stgid=d254cbbb-fef9-48a3-8c1b-7a2ec6322e41&$fmt=px&$dat_token=&$site_token=orange_web&$gdpr_consent&$gdpr=1	false	Avira URL Cloud: safe	unknown
http://tags.tiqcdn.com/utag/orange/identite/prod/utag.29.js?utv=ut4.45.202011261448	false		high
https://erable-f.orange.fr/public/oblounge/obloungeww/assets/welcome.6c9a2857.css	false		high
https://chatbot.orange.fr/appWebChatFront/webchat/assets/images/orange-2.png	false		high
https://chatbot.orange.fr/appWebChatFront/webchat/assets/ob1/web/fonts/icon-orange.woff2	false		high
http://gp.cdn.woopic.com/libs/oFCwa2ru/common/css/common.css	false		high
https://tags.tiqcdn.com/utag/orange/abtesting/prod/utag.sync.js	false		high
https://lo.v.liveperson.net/api/js/64227774?sid=k-L3pRl8RoegwW0jdYZAww&cb=lpCb69889x69413&t=ip&ts=1683530258085&pid=2479799283&tid=9687441436&vid=YwOTg3YzAzOTljZmEyMjEz	false		high
http://c.woopic.com/libs/5f7e175dd055a7a6e56d4881cc06ff27/common/css/common.css	false		high
https://c.woopic.com/libs/common/o_load_responsive.js	false		high
https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602	false		high
http://c.woopic.com/fonts/o-icomoon.woff?20201014	false		high
https://tags.tiqcdn.com/utag/orange/assistance/prod/utag.289.js?utv=ut4.39.202302281054	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://espaceclientv3.orange.fr/	chromecache_444.1.dr	false		high
https://smsmms1.orange.fr/I/Sms/sms_write.php?locale=fr_FR&dub=1	chromecache_469.1.dr	false		high
https://cdn.metriscope.com	chromecache_348.1.dr	false	Avira URL Cloud: safe	unknown
https://r.orange.fr/r/Esignaler	chromecache_469.1.dr	false		high
https://boutique.orange.fr/bon-plan-promo/codes-promo/	chromecache_391.1.dr	false		high
https://instantspartenaires.orange.fr	chromecache_444.1.dr	false		high
https://boutique.orange.fr/bon-plan-promo/promotions-mobile/	chromecache_391.1.dr	false		high
https://news.orange.fr	chromecache_391.1.dr	false		high
https://cinema-series.orange.fr/cinema/tous-les-films-au-cinema/sorties-de-la-semaine/	chromecache_391.1.dr	false		high
https://boutique.orange.fr/mobile/offres?withOpenPrices=true	chromecache_391.1.dr	false		high
https://suivi-des-incidents.orange.fr/infos-incident-local-internet-TV-telephone-fixe	chromecache_444.1.dr	false		high
https://businesslounge.orange.fr/profil/infos	chromecache_469.1.dr	false		high
https://orangedigitalcenter.orange.fr/article/presentation-des-ateliers?utx_source=hporange&utx_medi	chromecache_391.1.dr	false		high
https://boutique.orange.fr/nouveautes/decodeur-tv-uhd/	chromecache_391.1.dr	false		high
https://businesslounge.orange.fr/desimlockage	chromecache_469.1.dr	false		high
https://actu.orange.fr/economie/	chromecache_391.1.dr	false		high
https://boutique.orange.fr/mobile/mobiles-et-smartphones	chromecache_391.1.dr	false		high
https://www.googleoptimize.com/optimize.js?id=OPT-5Q7Z7N2	chromecache_298.1.dr	false	Avira URL Cloud: safe	unknown
https://boutique.orange.fr/mobile/rechargement-carte-prepayee-forfait-bloque	chromecache_391.1.dr	false		high
https://c.woopic.com/Magic/pro_data_elcos.json	chromecache_391.1.dr, chromecache_517.1.dr	false		high
https://www.sosh.fr/	chromecache_444.1.dr	false		high
https://pdata.orange.fr/mcookies/_pdb.gif?json=	chromecache_469.1.dr, chromecache_444.1.dr	false		high
https://boutique.orange.fr/tv/netflix	chromecache_391.1.dr	false		high
https://boutique.orange.fr/accessoires?categorie=accessoires-telephones-fixes	chromecache_391.1.dr	false		high
https://boutique.orange.fr/mobile/mobiles-et-smartphones?brand=oppo	chromecache_391.1.dr	false		high
https://play.google.com/store/apps/details?id=com.orange.obl	chromecache_301.1.dr	false		high
https://boutique.orange.fr/mobile/offres	chromecache_391.1.dr	false		high
https://my.tealiumiq.com/urest/legacy/tagcompanion/getProfile?utid=	chromecache_307.1.dr	false		high
https://boutique.orange.fr/informations/offre-canal-plus/	chromecache_391.1.dr	false		high
https://businesslounge.orange.fr/puk	chromecache_469.1.dr	false		high
http://businesslounge.orange.fr/mentions-legales	chromecache_469.1.dr	false		high
https://boutique.orange.fr/informations/avantages-internet-et-forfait-mobile	chromecache_391.1.dr	false		high
https://boutique.orange.fr/informations/e-ticket-transport/	chromecache_391.1.dr	false		high
https://boutique.orange.fr/informations/avantages-fibre/client-adsl/	chromecache_391.1.dr	false		high
https://twitter.com/orange_france	chromecache_444.1.dr	false		high
https://espace-client.orange.fr/page-accueil	chromecache_444.1.dr	false		high
https://try.abtasty.com/d3e0a00700ed1e0ad31a9ac193d334af.js	chromecache_298.1.dr	false		high
https://sizzlejs.com/	chromecache_303.1.dr	false		high
https://espaceclientv3.orange.fr/?page=espace-demenagement	chromecache_444.1.dr	false		high
https://chaines-tv.orange.fr/#live/home	chromecache_444.1.dr	false		high
https://developer.mozilla.org/fr/docs/Web/JavaScript/Introduction_%C3%A0_JavaScript_orient%C3%A9_obj	chromecache_513.1.dr	false		high
http://www.businesslounge.orange.fr	chromecache_354.1.dr	false		high
https://meteo.orange.fr/	chromecache_307.1.dr, chromecache_391.1.dr	false		high
https://boutique.orange.fr/internet-mobile/comment-rejoindre-orange	chromecache_391.1.dr	false		high
https://boutique.orange.fr/mobile/mobiles-et-smartphones?brand=google&page=1	chromecache_391.1.dr	false		high
https://sports.orange.fr/tennis/	chromecache_391.1.dr	false		high
https://boutique.orange.fr/informations/internet-max-premium/	chromecache_391.1.dr	false		high
https://c.woopic.com/Magic/elcorange_token.txt	chromecache_391.1.dr, chromecache_517.1.dr	false		high
https://tendances.orange.fr/cuisine/	chromecache_391.1.dr	false		high
https://businesslounge.orange.fr/commandes	chromecache_469.1.dr	false		high
https://boutique.orange.fr/rechargement-carte-prepayee-forfait-bloque	chromecache_391.1.dr	false		high
https://orangedigitalcenter.orange.fr/	chromecache_444.1.dr	false		high
https://ledigitaletvous.orange.fr?utx_source=hporange&utx_medium=megamenu&utx_campaign=le-digital-et	chromecache_391.1.dr	false		high
https://assistance.orange.fr	chromecache_307.1.dr	false		high
https://p.nxtck.com/an?a=1&val=&loc=https%3a//all.orfr.adgtw.orangeads.fr/nxt%3f%7Baud_ids%7D&rnd=89	chromecache_510.1.dr	false	Avira URL Cloud: safe	unknown
https://suivi-des-incidents.orange.fr/infos-couverture-mobile	chromecache_444.1.dr	false		high
https://boutique.orange.fr/maison/telesurveillance/devis/	chromecache_391.1.dr	false		high
https://boutique.orange.fr/vitrine/tablette-et-cle/acheter-tablette-prix-mini/	chromecache_391.1.dr	false		high
https://c.woopic.com/Magic/elcorange_data_retro.json	chromecache_391.1.dr, chromecache_517.1.dr	false		high
https://reseaux.orange.fr/cartes-de-couverture/mobile-3g-4g-5g?utx_source=hporange&utx_medium=menu&u	chromecache_391.1.dr	false		high
https://assistancepro.orange.fr/nid/304009	chromecache_411.1.dr	false		high
https://boutique.orange.fr/internet/eligibilite	chromecache_391.1.dr	false		high
https://boutique.orange.fr/	chromecache_307.1.dr	false		high
https://chatbot.orange.fr	chromecache_475.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
193.252.122.137	unknown	France	24600	WANADOOPORTAILS-ASWanadooPortailsDirectiontechniqueFR	false
80.12.102.113	erable-f.orange.fr	France	28708	ORANGEFR-PORTAL-ASDSImutualizedinternetaccessFR	false
193.252.133.81	front-ng.prod.idzone.gslb.fti.net	France	8891	FTBGPDMFR	false
178.249.97.70	lo.v.liveperson.net	United Kingdom	11054	LIVEPERSONUS	false
193.252.133.62	datalayer.prod.cachehttp.gslb.fti.net	France	8891	FTBGPDMFR	false
18.165.183.32	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
193.252.133.109	poole-soi-https.prod.cachehttp.gslb.fti.net	France	8891	FTBGPDMFR	false
151.101.1.194	confiant-integrations.global.ssl.fastly.net	United States	54113	FASTLYUS	false
172.217.168.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
80.12.125.138	chatbot.orange.fr	France	3215	FranceTelecom-OrangeFR	false
81.52.142.207	r-orange.prod.redirect.gslb.fti.net	France	8891	FTBGPDMFR	false
185.114.245.107	mise-a-jour.ca21922.tw1.ru	Russian Federation	9123	TIMEWEB-ASRU	false
172.217.168.66	securepubads46.g.doubleclick.net	United States	15169	GOOGLEUS	false
193.251.215.153	sso.orange.fr	France	3215	FranceTelecom-OrangeFR	false
193.252.133.97	hpo-main.prod.hporange.gslb.fti.net	France	8891	FTBGPDMFR	false
54.36.150.187	lb.mediarithmics.com	France	16276	OVHFR	false
18.165.183.67	dzfq4ouujrxm8.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
18.165.183.89	sdk.privacy-center.org	United States	3	MIT-GATEWAYSUS	false
80.12.70.27	erable.orange.fr	France	28708	ORANGEFR-PORTAL-ASDSImutualizedinternetaccessFR	false
193.252.148.247	unknown	France	8891	FTBGPDMFR	false
80.12.255.65	unknown	France	199140	ORE-ASFR	false
193.252.122.78	front-d.prod.assistance.gslb.fti.net	France	24600	WANADOOPORTAILS-ASWanadooPortailsDirectiontechniqueFR	false
193.252.122.88	proxy-pub.prod.euiidme.gslb.fti.net	France	24600	WANADOOPORTAILS-ASWanadooPortailsDirectiontechniqueFR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
80.10.186.66	sso.e.orange.fr	France	3215	FranceTelecom-OrangeFR	false
193.252.122.184	consent.prod.cachehttp.gslb.fti.net	France	24600	WANADOOPORTAILS-ASWanadooPortailsDirectiontechniqueFR	false
34.149.49.113	pdata.orange.fr.ext.fti.net	United States	2686	ATGS-MMD-ASUS	false
193.252.117.167	paas.prod.cachehttp.gslb.fti.net	France	24600	WANADOOPORTAILS-ASWanadooPortailsDirectiontechniqueFR	false
54.36.150.181	unknown	France	16276	OVHFR	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	860834
Start date and time:	2023-05-08 00:15:15 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@31/253@66/33
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.orange.fr/ Browse: https://pro.orange.fr/ Browse: https://www.orange-business.com/fr Browse: https://businesslounge.orange.fr/

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 104.77.30.150, 172.217.168.10, 172.217.168.42, 142.250.203.106, 216.58.215.234, 172.217.168.35, 178.249.97.23, 178.249.97.99, 178.249.101.98
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, content-autofill.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.orange-business.com.edgekey.net, ipv4geo.lpcdn.lpsnmedia.livepersonk.akadns.net, lptag.liveperson.cotcdb.net.livepersonk.akadns.net, edgedl.me.gvt1.com, emea.lpcdn.lpsnmedia.livepersonk.akadns.net, update.googleapis.com, e10425.dscb.akamaiedge.net, www.gstatic.com, geo.accdn.livepersonk.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18520, version 1.0
Category:	downloaded
Size (bytes):	18520
Entropy (8bit):	7.989116719894075
Encrypted:	false
SSDEEP:	384:07ZTaTzsNgTTvHXnLkrY9DpBmHGNHQ37WHM4070r0ckmMNXOFT+s1:YZTpgTTvHXLVMm6LyGPmYXO8A
MD5:	E54A5770B5F82D8D6D9A1727E440BD79
SHA1:	057464047783BFE4B217C9E81E48B71AAB7B0082
SHA-256:	9D091F8AC8F622EF32B06EF1D72E296675B8AC7A0EEDB132E089D8A4D61CE5DD
SHA-512:	BB9176813BBEC45D489CD6915E70C54B3373CDD7E006AF33C75A605B5323EC34B190DB42384EE849EFF8EC189B5CEA24E8C6A253019A8E7D733C2A784429AD26
Malicious:	false
Reputation:	low
URL:	http://gp.cdn.woopic.com/fonts/HelvNeue75_W1G.woff2?20201014
Preview:	wOF2......HX..........G..........................v..0..$.`..l..,..4........Z..p..6.$..R. ..t..?..q.G.5x.Q+........L..q.....Br.&6...''c....[..U.+.80..>V.E.A.....O,.2N....[./W.b.Bi...,,...!.x......].......'........Z.U...=.....5..iZ...........)[.7'b.h....$.....=.5s.o..G.F).?"Y..I"..h..../&h.4.).i.@-.......9V.L$.j.Z....8\...T. .t.4.......>..p(......q.;y...j3...aW~..{j..,..;...\l.`..@...C..~....91...$$.Q..0.Q.XXS&..m...q..".y...^T.~.....U..H..?.N/.A..S..$...(Oiu.p..!.[.,.S...s.3...7#/2~0.U.U.._...2;.X..B.....^].....i.jvL?..@..._r.%..j%@..`@"H.....R'^.'.n.....z.T:w......BurU?.....5.e...Tm.=...d!\....n($-...&).=...........s.T.s..fJVn....KP......x...`..i7..z./?.R..F0 .S.`.0......A...9.)..%.X.s......fgw.K,.I,@J.........;.....O..su:....x8.A!..Tu..)t...K.*..................VV@..8..Y...O.....y.....V.,......._..k..p.c4.g.U.U.......-.....c2..^H.K}.RZ7...~L...l7...%....qB8...l=...B./\|.]j.rG.l.G.....i......a...m/.>..)0..!..`.uA..a.=..<.y..../._.... #^. `%...;..e

Source: http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://consent.orange.fr/global-cookies.55ba2cd0e7d1a3002e3d6fb73d43bdd90ce3ce51.html	HTTP Parser: No favicon
Source: https://consent.orange.fr/global-cookies.55ba2cd0e7d1a3002e3d6fb73d43bdd90ce3ce51.html	HTTP Parser: No favicon
Source: https://www.orange-business.com/fr	HTTP Parser: No favicon
Source: https://www.orange-business.com/fr	HTTP Parser: No favicon

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 07 May 2023 22:16:13 GMTContent-Type: text/htmlContent-Length: 9868Connection: closeVary: Accept-EncodingLast-Modified: Mon, 12 Jul 2021 14:58:34 GMTX-Timestamp: 1626101913.71543X-Object-Meta-Cache-Control-Max-Age: 31540000X-Trans-Id: txbb31088982b2407f8d22f-00641b0692Cache-Control: max-age=31540000ETag: W/77b9b82fc0f89a74aa59d3bb9ec3f53eVary: Accept-EncodingAge: 4005018X-Mid: pr3mX-Cache: HITx-server: mts
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 07 May 2023 22:16:14 GMTContent-Type: text/htmlContent-Length: 9868Connection: closeVary: Accept-EncodingLast-Modified: Mon, 12 Jul 2021 14:58:34 GMTX-Timestamp: 1626101913.71543X-Object-Meta-Cache-Control-Max-Age: 31540000X-Trans-Id: tx6e922a55b2fd4ff1a2e30-00641adbdcCache-Control: max-age=31540000ETag: W/77b9b82fc0f89a74aa59d3bb9ec3f53eVary: Accept-EncodingAge: 4015954X-Mid: pr1mX-Cache: HITx-server: mts
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 07 May 2023 22:16:15 GMTContent-Type: text/htmlContent-Length: 9868Connection: closeVary: Accept-EncodingLast-Modified: Mon, 12 Jul 2021 14:58:34 GMTX-Timestamp: 1626101913.71543X-Object-Meta-Cache-Control-Max-Age: 31540000X-Trans-Id: tx15b0ce7af78a41869494d-00641b0c1eCache-Control: max-age=31540000ETag: W/77b9b82fc0f89a74aa59d3bb9ec3f53eVary: Accept-EncodingAge: 4003600X-Mid: pr4mX-Cache: HITx-server: mts
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 07 May 2023 22:16:15 GMTContent-Type: text/htmlContent-Length: 9868Connection: closeVary: Accept-EncodingLast-Modified: Mon, 12 Jul 2021 14:58:34 GMTX-Timestamp: 1626101913.71543X-Object-Meta-Cache-Control-Max-Age: 31540000X-Trans-Id: txbb31088982b2407f8d22f-00641b0692Cache-Control: max-age=31540000ETag: W/77b9b82fc0f89a74aa59d3bb9ec3f53eVary: Accept-EncodingAge: 4005020X-Mid: pr3mX-Cache: HITx-server: mts
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 07 May 2023 22:16:15 GMTContent-Type: text/htmlContent-Length: 9868Connection: closeVary: Accept-EncodingLast-Modified: Mon, 12 Jul 2021 14:58:34 GMTX-Timestamp: 1626101913.71543X-Object-Meta-Cache-Control-Max-Age: 31540000X-Trans-Id: tx6e922a55b2fd4ff1a2e30-00641adbdcCache-Control: max-age=31540000ETag: W/77b9b82fc0f89a74aa59d3bb9ec3f53eVary: Accept-EncodingAge: 4015955X-Mid: pr1mX-Cache: HITx-server: mts
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Sun, 07 May 2023 22:16:13 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Sun, 07 May 2023 22:16:13 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Sun, 07 May 2023 22:16:14 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Sun, 07 May 2023 22:16:14 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Sun, 07 May 2023 22:16:15 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Sun, 07 May 2023 22:16:15 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 8, 2023 00:16:08.758678913 CEST	192.168.2.3	8.8.8.8	0xf6c	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:08.759004116 CEST	192.168.2.3	8.8.8.8	0x288a	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:11.164226055 CEST	192.168.2.3	8.8.8.8	0x2aef	Standard query (0)	mise-a-jour.ca21922.tw1.ru	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:12.295841932 CEST	192.168.2.3	8.8.8.8	0xc53	Standard query (0)	tags.tiqcdn.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:12.303968906 CEST	192.168.2.3	8.8.8.8	0x5eae	Standard query (0)	c.woopic.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:12.487365007 CEST	192.168.2.3	8.8.8.8	0x26b5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:12.590207100 CEST	192.168.2.3	8.8.8.8	0xb603	Standard query (0)	r.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:12.842061996 CEST	192.168.2.3	8.8.8.8	0x91c7	Standard query (0)	e.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.150597095 CEST	192.168.2.3	8.8.8.8	0x7572	Standard query (0)	cdn.woopic.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.331458092 CEST	192.168.2.3	8.8.8.8	0x2658	Standard query (0)	boutique.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.337866068 CEST	192.168.2.3	8.8.8.8	0xbd36	Standard query (0)	businesslounge.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.339338064 CEST	192.168.2.3	8.8.8.8	0xb2f	Standard query (0)	assistance.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.438520908 CEST	192.168.2.3	8.8.8.8	0x4e80	Standard query (0)	pro.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.438618898 CEST	192.168.2.3	8.8.8.8	0xc56	Standard query (0)	m.boutique.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.455301046 CEST	192.168.2.3	8.8.8.8	0xb0e8	Standard query (0)	www.orange-business.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.493750095 CEST	192.168.2.3	8.8.8.8	0x7048	Standard query (0)	www.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.641254902 CEST	192.168.2.3	8.8.8.8	0x8980	Standard query (0)	chaines-tv.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.642648935 CEST	192.168.2.3	8.8.8.8	0x6b30	Standard query (0)	actu.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.643695116 CEST	192.168.2.3	8.8.8.8	0x1125	Standard query (0)	auto.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.651757002 CEST	192.168.2.3	8.8.8.8	0xef6a	Standard query (0)	cdn.adgtw.orangeads.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.758728981 CEST	192.168.2.3	8.8.8.8	0xaae0	Standard query (0)	djingo.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.826549053 CEST	192.168.2.3	8.8.8.8	0x9390	Standard query (0)	espaceclientv3.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.832667112 CEST	192.168.2.3	8.8.8.8	0x7b49	Standard query (0)	finance.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.854480982 CEST	192.168.2.3	8.8.8.8	0xeafa	Standard query (0)	lemagtv.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.957053900 CEST	192.168.2.3	8.8.8.8	0xc2ae	Standard query (0)	meteo.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.958226919 CEST	192.168.2.3	8.8.8.8	0xc4a1	Standard query (0)	musique.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:13.982721090 CEST	192.168.2.3	8.8.8.8	0x1cb5	Standard query (0)	news.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.044544935 CEST	192.168.2.3	8.8.8.8	0x4634	Standard query (0)	orangebank.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.057529926 CEST	192.168.2.3	8.8.8.8	0x1b27	Standard query (0)	orangemoney.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.076997995 CEST	192.168.2.3	8.8.8.8	0x7006	Standard query (0)	replay.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.096055031 CEST	192.168.2.3	8.8.8.8	0x9084	Standard query (0)	all.orfr.adgtw.orangeads.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.162400961 CEST	192.168.2.3	8.8.8.8	0x6404	Standard query (0)	sports.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.169312954 CEST	192.168.2.3	8.8.8.8	0xc3ad	Standard query (0)	tv.jeu.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.468229055 CEST	192.168.2.3	8.8.8.8	0xd2ea	Standard query (0)	video-a-la-demande.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.469008923 CEST	192.168.2.3	8.8.8.8	0xd160	Standard query (0)	trust-system-eui.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.474562883 CEST	192.168.2.3	8.8.8.8	0xf915	Standard query (0)	gp.cdn.woopic.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.622818947 CEST	192.168.2.3	8.8.8.8	0x1dc7	Standard query (0)	tendances.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.958219051 CEST	192.168.2.3	8.8.8.8	0xcc12	Standard query (0)	confiant-integrations.global.ssl.fastly.net	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:14.976665974 CEST	192.168.2.3	8.8.8.8	0xc1ea	Standard query (0)	securepubads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:16.204060078 CEST	192.168.2.3	8.8.8.8	0x386e	Standard query (0)	sso.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:16.247716904 CEST	192.168.2.3	8.8.8.8	0x918e	Standard query (0)	c.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:16.248297930 CEST	192.168.2.3	8.8.8.8	0x2cd0	Standard query (0)	communaute.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:16.256208897 CEST	192.168.2.3	8.8.8.8	0x7632	Standard query (0)	agence.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:16.321043015 CEST	192.168.2.3	8.8.8.8	0x463e	Standard query (0)	signalement.fftelecoms.org	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:16.399005890 CEST	192.168.2.3	8.8.8.8	0x336d	Standard query (0)	www.orangeadvertising.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:27.210968971 CEST	192.168.2.3	8.8.8.8	0xb60f	Standard query (0)	iz.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:28.688211918 CEST	192.168.2.3	8.8.8.8	0x99e3	Standard query (0)	datalayer.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:30.161787033 CEST	192.168.2.3	8.8.8.8	0xb547	Standard query (0)	sdk.privacy-center.org	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:31.528255939 CEST	192.168.2.3	8.8.8.8	0x630e	Standard query (0)	chatbot.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:31.860414028 CEST	192.168.2.3	8.8.8.8	0x7c3b	Standard query (0)	consent.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:16:33.925036907 CEST	192.168.2.3	8.8.8.8	0x7104	Standard query (0)	pdata.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:12.380948067 CEST	192.168.2.3	8.8.8.8	0x458c	Standard query (0)	erable-f.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:12.538726091 CEST	192.168.2.3	8.8.8.8	0x3b39	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:12.669991016 CEST	192.168.2.3	8.8.8.8	0xf3d0	Standard query (0)	tags.tiqcdn.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:12.899635077 CEST	192.168.2.3	8.8.8.8	0x820c	Standard query (0)	c.woopic.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:13.896248102 CEST	192.168.2.3	8.8.8.8	0x8f4	Standard query (0)	espaceclientpro.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:15.397622108 CEST	192.168.2.3	8.8.8.8	0xd046	Standard query (0)	lptag.liveperson.net	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:15.626799107 CEST	192.168.2.3	8.8.8.8	0x3930	Standard query (0)	gp.cdn.woopic.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:16.075633049 CEST	192.168.2.3	8.8.8.8	0xcd1	Standard query (0)	static.mediarithmics.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:16.592417002 CEST	192.168.2.3	8.8.8.8	0xe89d	Standard query (0)	events.mediarithmics.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:22.593714952 CEST	192.168.2.3	8.8.8.8	0x778c	Standard query (0)	accdn.lpsnmedia.net	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:22.607501030 CEST	192.168.2.3	8.8.8.8	0xf27	Standard query (0)	lpcdn.lpsnmedia.net	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:23.494779110 CEST	192.168.2.3	8.8.8.8	0x203c	Standard query (0)	cookie-matching.mediarithmics.com	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:25.116256952 CEST	192.168.2.3	8.8.8.8	0xbec2	Standard query (0)	businesslounge.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:25.328186989 CEST	192.168.2.3	8.8.8.8	0xfb73	Standard query (0)	erable.orange.fr	A (IP address)	IN (0x0001)	false
May 8, 2023 00:17:26.998980045 CEST	192.168.2.3	8.8.8.8	0x8b2	Standard query (0)	lo.v.liveperson.net	A (IP address)	IN (0x0001)	false

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:09 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.81 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:09 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-XYqgXZQSckZYE2p0rBtn1w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sun, 07 May 2023 22:16:09 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5970 X-Daystart: 54969 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-07 22:16:09 UTC	1	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 37 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 34 39 36 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5970" elapsed_seconds="54969"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-05-07 22:16:09 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-05-07 22:16:09 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:09 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
2023-05-07 22:16:09 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-05-07 22:16:09 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sun, 07 May 2023 22:16:09 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-platform=, ch-ua-platform-version= Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-KMc4qx614DUoyPydKN_w4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-07 22:16:09 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-05-07 22:16:09 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:13 UTC	209	OUT	GET /c15d9d8fc98141b084d96f795046449b/auth-2.17.2/images/services_comm/om_desktop.png HTTP/1.1 Host: cdn.woopic.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://mise-a-jour.ca21922.tw1.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:13 UTC	210	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 07 May 2023 22:16:13 GMT Content-Type: image/png Content-Length: 29367 Connection: close Vary: Origin,Accept-Encoding Last-Modified: Tue, 18 Aug 2020 15:38:09 GMT Etag: bfd2858e4707255b0200abbe93131293 X-Timestamp: 1597765088.67657 X-Object-Meta-Mtime: 1597764295.000000 X-Trans-Id: txe0f657d975194a4c89340-006458232d Cache-Control: max-age=31536000 Age: 0 X-Mid: pr2b X-Cache: MISS x-server: bgl Accept-Ranges: bytes
2023-05-07 22:16:13 UTC	210	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 40 08 02 00 00 00 89 29 d6 03 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 84 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 Data Ascii: PNGIHDR,@)tEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01
2023-05-07 22:16:13 UTC	218	IN	Data Raw: 99 a1 44 af 91 47 2f 9f 04 15 52 38 d0 dd 36 c5 fe 87 7e 51 6e 41 d9 42 b9 f4 a9 89 61 45 00 2d 51 07 81 0c 57 78 8c f0 70 46 f2 e0 2a f0 c1 66 b3 b9 5c 2e f8 ec ae a5 de 7c f3 cd 7e bf bf ae ae ee b9 e7 9e 3b 75 ea 14 7c 99 33 67 ce d1 a3 47 67 cd 9a 55 5a 5a da d1 d1 71 e3 8d 37 ee de bd bb b0 b0 30 18 0c ae 5b b7 ee ca 2b af bc fa ea ab e3 e3 e3 ed 76 fb f3 cf 3f 7f c7 1d 77 4c 9f 3e 5d 10 04 90 26 af d7 0b 57 55 57 57 c3 a9 c1 20 e1 53 4f 3d 05 f5 b9 eb ae bb 80 fc af bd f6 da ad b7 de 0a 54 dc b1 63 c7 28 50 42 65 f0 53 6d a0 86 9d 55 02 37 a8 1b b1 3a 98 85 1a 7d 0b d7 87 f6 a4 57 d6 1f af 68 38 a1 d8 a2 31 5c 75 17 da 1a 0b 17 22 2a 02 07 5e 7d 62 db 60 bb 61 88 60 ea 23 60 11 40 a1 60 a0 a2 91 27 64 2f 8c f0 20 fc 69 69 69 33 67 ce 6c 6d 6d 45 6b Data Ascii: DG/R86~QnABaE-QWxpFf\.\|~;u\|3gGgUZZq70[+v?wL>]&WUWW SO=Tc(PBeSmU7:}Wh81\u"^}b`a`#`@`'d/ iii3glmmEk
2023-05-07 22:16:13 UTC	226	IN	Data Raw: e9 8b bd 94 a4 44 6f 7c 9c df d1 11 eb fc 3e 56 c2 d1 8d d3 47 f5 fe 8e 40 a7 1f 28 0a d0 c7 93 1a ad 18 75 e3 cc c0 0f 11 35 36 86 1d a9 a9 a9 09 0b e0 79 fc f8 f1 60 30 38 ec 8f 4b 9f 31 d5 98 35 9d 75 36 52 5a ad af a9 da 71 ea 80 b3 ec 58 c7 d9 c3 ee ea 33 41 b7 1d f8 a6 b3 26 5a 93 b3 c1 f2 b4 24 67 83 ef 27 ad 6d 63 83 62 2f 83 af 52 14 5d 54 d4 0b db 1e 2b e1 a8 c7 ae 8f 85 eb ee 11 24 e7 b0 73 9a 79 e0 3b d6 b3 67 cf 1e 3c 78 90 a2 a0 e9 6a 4f 9c 38 91 92 92 02 e2 a9 d3 e9 6e bc f1 c6 f7 de 7b 0f 08 76 cd 35 d7 b0 32 38 8e 63 18 a6 b6 b6 16 ce e6 e4 e4 78 3c 1e b8 64 d1 a2 45 ab 57 af 9e 34 69 52 41 41 41 62 62 e2 fe fd fb db da da 96 2e 5d 5a 57 57 67 97 31 77 ee dc 59 b3 66 0d cd e3 8a 9f b1 54 08 79 03 cd 67 19 53 52 c8 65 17 c0 85 06 d2 18 cd Data Ascii: Do\|>VG@(u56y`08K15u6RZqX3A&Z$g'mcb/R]T+$sy;g<xjO8n{v528cx<dEW4iRAAAbb.]ZWWg1wYfTygSRe
2023-05-07 22:16:13 UTC	234	IN	Data Raw: 34 04 4d 32 52 57 e5 18 3b 85 31 5b eb 77 7e 4a b1 46 ef d4 2b 7c fb bf 56 47 45 ab 83 da 48 60 42 b4 ee 38 a7 75 b1 92 14 d9 ec 29 ff 87 2d f7 66 7b 84 88 a8 db b7 e9 ea 36 82 ff f4 5c 4b cb 5b 74 49 02 dc bd 9f 77 8d f0 0a 51 cc c8 1e 4e 36 c8 a4 cc 27 c9 f4 b5 9e b4 39 85 4a 6a 96 bd 22 69 b3 13 41 b7 5b cc de c2 f0 c9 a3 3d 32 f0 ec cc 7a 2a 10 1d 73 e8 f8 25 ba cd 0d ac 09 87 05 78 bd 2b 70 b3 39 1e 7b 99 e1 d4 17 c1 70 5d 95 90 88 0a 87 43 e0 e9 99 f3 2e 00 2b 54 8c 47 23 0d 35 32 9f 30 e7 8f 84 b6 0b d4 82 36 0b ea 2e 5c 77 2c ef 17 0b 1b 2b ff ee ff f1 9b fc 39 ff 41 72 a6 da ad 6b 59 9b cb 31 6e 9a 18 6e 23 68 36 54 f3 23 63 b6 49 7c 22 d1 7c aa d5 f0 d5 ba 96 c9 37 5f 67 65 18 82 17 f5 74 2d 12 5a c0 b0 84 f5 cf b0 47 2a d8 52 07 fd 33 ea 48 b2 Data Ascii: 4M2RW;1[w~JF+\|VGEH`B8u)-f{6\K[tIwQN6'9Jj"iA[=2zs%x+p9{p]C.+TG#5206.\w,+9ArkY1nn#h6T#cI\|"\|7_get-ZGR3H

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:32 UTC	5719	OUT	GET /appWebChatFront/webchat/chat?1683530192602 HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531989457$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:32 UTC	5725	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Date: Sun, 07 May 2023 22:16:32 GMT Etag: W/"1-58b" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Content-Length: 1419 Connection: close
2023-05-07 22:16:32 UTC	5725	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6a 69 6e 67 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 2f 22 3e 0a 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 63 6f 6e 66 69 67 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 22 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 Data Ascii: <!doctype html><html lang="fr"><head> <title>Djingo</title> <meta charset="utf-8"> <base href="/"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="msapplication-config" content="none"/> <meta name="format-d
2023-05-07 22:16:32 UTC	5726	IN	Data Raw: 36 63 65 34 63 30 65 37 34 61 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 70 70 57 65 62 43 68 61 74 46 72 6f 6e 74 2f 77 65 62 63 68 61 74 2f 65 73 32 30 31 35 2d 70 6f 6c 79 66 69 6c 6c 73 2e 39 38 35 32 38 65 62 30 30 37 32 36 36 32 32 39 36 36 61 34 2e 6a 73 22 20 6e 6f 6d 6f 64 75 6c 65 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 70 70 57 65 62 43 68 61 74 46 72 6f 6e 74 2f 77 65 62 63 68 61 74 2f 70 6f 6c 79 66 69 6c 6c 73 2e 33 39 63 62 38 30 39 38 63 66 30 36 33 64 62 63 61 31 61 38 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 Data Ascii: 6ce4c0e74a.js"></script><script type="text/javascript" src="/appWebChatFront/webchat/es2015-polyfills.98528eb00726622966a4.js" nomodule></script><script type="text/javascript" src="/appWebChatFront/webchat/polyfills.39cb8098cf063dbca1a8.js"></script><scri

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:32 UTC	5720	OUT	GET /appWebChatng/public/images/icon-star.png HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531989457$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:32 UTC	5726	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 623 Content-Type: image/png;charset=UTF-8 Date: Sun, 07 May 2023 22:16:32 GMT Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Connection: close
2023-05-07 22:16:32 UTC	5727	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 19 00 00 00 19 08 06 00 00 00 c4 e9 85 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 02 29 49 44 41 54 48 0d ad 54 3b 4b 03 41 10 ce 25 17 21 a5 d8 88 56 4a f0 75 48 c8 45 c4 42 31 ad 98 20 68 a3 9d 62 99 5a 34 f9 03 0a 36 56 96 01 2b 2b 0b 41 51 52 5b 58 98 0b 09 9c f8 02 2b c5 c2 52 48 b8 5c 12 bf 91 cb 71 d9 ec 86 db e0 c2 b0 3b 8f ef 9b d9 9b d9 0b 04 24 57 a5 52 19 94 84 04 82 32 00 d3 34 07 2c cb ba a5 5d 06 27 95 a4 56 ab 6d 83 7c de d9 7d e7 f1 9d a4 d5 6a a9 90 7d 62 a6 9d 74 bf 59 7c 27 29 95 4a 5b 20 1d 77 88 c7 0d c3 d8 fc d7 24 a8 5a 81 64 19 d2 1c d9 19 1b 57 f5 75 13 dc 62 1d 84 d3 5e 06 d2 c9 ee b5 89 ce be 92 34 9b cd 1c 8f 40 64 67 63 bb ae 4b e3 69 db f6 04 64 46 51 14 0d 15 eb Data Ascii: PNGIHDRcsRGB)IDATHT;KA%!VJuHEB1 hbZ46V++AQR[X+RH\q;$WR24,]'Vm\|}j}btY\|')J[ w$ZdWub^4@dgcKidFQ

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:32 UTC	5721	OUT	GET /fonts/HelvNeue75_W1G.woff2 HTTP/1.1 Host: c.woopic.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" Origin: https://assistance.orange.fr sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://cdn.woopic.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:32 UTC	5727	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 07 May 2023 22:16:32 GMT Content-Type: application/octet-stream Content-Length: 18520 Connection: close Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age Last-Modified: Tue, 04 Oct 2022 07:32:33 GMT Etag: e54a5770b5f82d8d6d9a1727e440bd79 X-Timestamp: 1664868752.20950 Access-Control-Allow-Origin: * X-Trans-Id: tx03047ea3a0f54b7b8cb41-00641b0c21 Cache-Control: max-age=15552000 Vary: Origin Age: 4003615 X-Mid: pr4m X-Cache: HIT x-server: mts Accept-Ranges: bytes X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block
2023-05-07 22:16:32 UTC	5728	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 48 58 00 11 00 00 00 00 9f 88 00 00 47 f5 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 76 1b a1 30 1c 88 24 06 60 00 81 6c 08 81 2c 09 8f 34 11 08 0a 81 c3 04 81 a8 5a 0b 83 70 00 01 36 02 24 03 87 52 04 20 05 a6 74 07 86 3f 0c 81 71 1b 47 8f 35 78 d3 51 2b b7 03 d9 c3 df fd bb f1 4c a4 b0 71 00 b1 09 b9 8d 42 72 ca 26 36 fb ff bf 27 27 63 08 d3 03 b6 5b f5 0e 55 b6 2b 91 38 30 16 8e 3e 56 f4 45 0b 41 d6 16 99 f6 b1 4f 2c 95 32 4e 0a d9 dc 81 87 5b a5 2f 57 0b 62 ed 42 69 12 af 2e 2c 2c c1 95 e8 86 21 da 78 e0 e0 f7 eb 14 81 5d b8 b8 f9 ec e7 0a 8c 27 c6 cb f6 b0 12 f2 0e 16 5a f5 55 88 fe c5 3d ef f9 18 f7 96 35 14 cd 69 5a 9e f8 8e 06 aa 04 15 9a a8 81 f7 29 5b d8 37 27 62 0d 68 fe 11 1a fb 24 Data Ascii: wOF2HXGv0$`l,4Zp6$R t?qG5xQ+LqBr&6''c[U+80>VEAO,2N[/WbBi.,,!x]'ZU=5iZ)[7'bh$
2023-05-07 22:16:33 UTC	5738	IN	Data Raw: c9 ce 12 98 ed 50 9a 08 a6 08 77 77 2e 5d 8b 8a 89 76 da 38 cb 19 4b 6b 72 21 e9 29 06 75 88 72 06 12 31 d7 27 e6 fb bc b3 78 61 a5 94 f8 12 01 a5 14 a5 55 a5 5a d2 9c 64 a2 8e 25 06 9a b7 53 cd 5b 4f 05 7a 22 67 79 a0 18 e0 a9 4a 4a 10 fb 25 99 06 b8 33 c3 5c 59 aa a2 8a 54 75 fe 72 39 08 05 1e 4b 97 a4 8f 03 f8 0f a1 ab 5a a9 4c 65 10 c8 b4 57 97 ae 4e ce ee 9b 5d d8 bb 6f f2 2a 7e 0e 5a fe 03 76 fc c7 a1 ef a1 8b 5f 41 d9 2b 50 e7 17 b0 1d 5f cc 0c 7c 07 8b ff 6e fe 2a b4 d8 ff 05 2c f1 8b 95 97 a1 bc 9b d0 ce cf 76 7f 76 e6 f3 aa bf 7b 56 17 fe 5c fe f3 e2 13 df 17 c6 fc e3 d0 b1 ac a3 59 e7 63 9e 87 2f a5 47 5d c6 7a a0 a1 11 68 7b c0 56 cf e3 0e 10 95 eb 9d 83 17 07 3b 63 f6 60 3c 48 37 10 b3 be 27 e6 ef 2a 94 77 f5 f4 98 6f 00 ee 0d 5f fa ff 46 da Data Ascii: Pww.]v8Kkr!)ur1'xaUZd%S[Oz"gyJJ%3\YTur9KZLeWN]o~Zv_A+P_\|n,vv{V\Yc/G]zh{V;c`<H7'*wo_F
2023-05-07 22:16:33 UTC	5746	IN	Data Raw: 58 dd 27 33 24 2f c4 0f 8e 8d 45 31 37 9d be 22 f6 7f 39 25 4d 89 42 fb 6a 0b f7 44 a4 29 e5 f4 66 3f ed 2f df 5d ed ee 7b c7 fe 23 9f d1 3c 9f 8c 36 9b 09 d0 c1 47 d2 3b ef d9 f3 2a cb 0a 3c 3c c6 7e 1b e4 d3 01 5a 4a d9 10 85 2c d7 4d 43 ba 8b 45 7e e0 4c 70 7e 10 7f 16 0b ba b4 91 b0 16 32 9b 0d c8 12 6e 42 2f a2 ab 61 1c cb 60 54 61 63 aa 80 e3 a6 7d 34 d5 7e 11 ca f0 2b a0 1f b8 cf 2a ff da f2 11 95 42 60 b8 9a 8c 3d b0 3b 0b e9 6b 71 6b df 01 a2 24 b6 97 8f d1 48 a8 ab 28 a2 be a4 9c 29 2d 4e 73 5f 84 56 f3 47 9a 5d a7 54 84 b6 d0 93 c9 c4 45 99 d8 d1 c6 b6 37 11 ca 61 57 09 bf 4d e1 b1 90 dc 0f f2 06 7c 9e f9 26 aa b6 31 af 8b dd 3c a7 16 1c ba 9e b9 36 4a 94 2d 50 e9 cd e7 a5 50 91 fd 70 67 0b b1 5a 19 33 f5 db 6a 49 7d 72 c7 30 0f 2f 7c 04 3d eb Data Ascii: X'3$/E17"9%MBjD)f?/]{#<6G;<<~ZJ,MCE~Lp~2nB/a`Tac}4~+B`=;kqk$H()-Ns_VG]TE7aWM\|&1<6J-PPpgZ3jI}r0/\|=

Source: chromecache_307.1.dr	String found in binary or memory: http://auto.orange.fr/
Source: chromecache_469.1.dr	String found in binary or memory: http://businesslounge.orange.fr/cgu
Source: chromecache_469.1.dr	String found in binary or memory: http://businesslounge.orange.fr/mentions-legales
Source: chromecache_306.1.dr	String found in binary or memory: http://completion.ke.qualif.orange.fr/proxy/cmplsearchbox
Source: chromecache_513.1.dr	String found in binary or memory: http://dinbror.dk/bpopup
Source: chromecache_307.1.dr	String found in binary or memory: http://femmes.orange.fr/
Source: chromecache_307.1.dr	String found in binary or memory: http://finance.orange.fr/
Source: chromecache_314.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_314.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_301.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_513.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_430.1.dr	String found in binary or memory: http://labs.rampinteractive.co.uk/touchSwipe/
Source: chromecache_354.1.dr	String found in binary or memory: http://ogp.me/ns#
Source: chromecache_519.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_430.1.dr	String found in binary or memory: http://plugins.jquery.com/project/touchSwipe
Source: chromecache_411.1.dr	String found in binary or memory: http://r.orange.fr/r/Oassistance_cookies_v2#sites
Source: chromecache_513.1.dr	String found in binary or memory: http://stackoverflow.com/questions/15191058/css-rotation-cross-browser-with-jquery-animate
Source: chromecache_306.1.dr	String found in binary or memory: http://wikipedia.orange.fr)
Source: chromecache_381.1.dr, chromecache_352.1.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_492.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_354.1.dr	String found in binary or memory: http://www.businesslounge.orange.fr
Source: chromecache_306.1.dr	String found in binary or memory: http://www.commonjs.org/
Source: chromecache_430.1.dr	String found in binary or memory: http://www.github.com/mattbryson
Source: chromecache_510.1.dr	String found in binary or memory: http://www.google.com
Source: chromecache_306.1.dr	String found in binary or memory: http://www.joueurs-info-service.fr
Source: chromecache_307.1.dr	String found in binary or memory: http://www.orange.fr/
Source: chromecache_307.1.dr	String found in binary or memory: http://www.orange.fr/portail
Source: chromecache_461.1.dr, chromecache_537.1.dr, chromecache_302.1.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: chromecache_306.1.dr	String found in binary or memory: http://www.winktoolkit.org/licence.txt
Source: chromecache_307.1.dr	String found in binary or memory: http://wwwm.orange.fr/portail
Source: chromecache_307.1.dr	String found in binary or memory: https://8307999.fls.doubleclick.net/activityi
Source: chromecache_444.1.dr, chromecache_391.1.dr	String found in binary or memory: https://actu.orange.fr
Source: chromecache_444.1.dr, chromecache_307.1.dr	String found in binary or memory: https://actu.orange.fr/
Source: chromecache_391.1.dr	String found in binary or memory: https://actu.orange.fr/economie/
Source: chromecache_391.1.dr	String found in binary or memory: https://actu.orange.fr/france/
Source: chromecache_391.1.dr	String found in binary or memory: https://actu.orange.fr/politique/
Source: chromecache_391.1.dr	String found in binary or memory: https://actu.orange.fr/societe/
Source: chromecache_444.1.dr	String found in binary or memory: https://agence.orange.fr/
Source: chromecache_444.1.dr	String found in binary or memory: https://agenda.orange.fr/
Source: chromecache_475.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64934)
Category:	downloaded
Size (bytes):	695377
Entropy (8bit):	5.010275987392974
Encrypted:	false
SSDEEP:	6144:KlB3M4q0+njHrSOtGvfFZISLVHSENM6HN26Tg6+dlCeNHLwx:K+sg6+nCeNHEx
MD5:	1BBFEC2CDD76DF9DBEC9AFF83AF2A94D
SHA1:	BBCE8F04CA16AB801DF834D3924E6631E2A19DA9
SHA-256:	341DA3C73B38CA914AEDADEB1361EB6B5968B46CD2A3D7D6BD52CB846C48B9B0
SHA-512:	0B3A444F080AB95BE2B8B903DB7EF32B4557468731568D2AB996F74549F9F96B9900D4ADF9E026EEE3EB256DBD0E371AF6EBAF56D12138AC3334DCE6407AAD52
Malicious:	false
Reputation:	low
URL:	https://chatbot.orange.fr/appWebChatFront/webchat/assets/ob1/web/css/style.min.css
Preview:	@charset "UTF-8";@keyframes ob1-skeleton-loading{from{transform:translateX(-100%)}to{transform:translateX(100%)}}/!. Boosted v4.3.1 (https://boosted.orange.com). * Copyright 2014-2019 The Boosted Authors. * Copyright 2014-2019 Orange. * Licensed under MIT (https://github.com/orange-opensource/orange-boosted-bootstrap/blob/master/LICENSE). * This a fork of Bootstrap : Initial license below. * Bootstrap v4.3.1 (https://getbootstrap.com). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#26b2ff;--indigo:#6610f2;--purple:#a885d8;--pink:#ffb4e6;--red:#e70002;--orange:#f16e00;--yellow:#ffcd0b;--green:#3de35a;--teal:#50be87;--cyan:#4bb4e6;--white:#fff;--gray:#999;--gray-dark:#595959;--primary:#f16e00;--secondary:#000;--success:#3de35a;--info:#26b2ff;--warning:#ffcd0b;--danger:#e70002;--light:#ddd;--dark:#000;--gray1:#333;--gray2:#f4f4f4;--gray3:#555;--gray4:#ccc;--p

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2649)
Category:	downloaded
Size (bytes):	4217
Entropy (8bit):	4.955840940909964
Encrypted:	false
SSDEEP:	96:G174XejuB/0GZsPKgMCOLCaN+opb83Oxx+4eYRp9ILg6QJUG4J:G174OjuGPUCHaLpb8GRp92V3G4J
MD5:	D716E0EBA2B15C482A10AA86DB551B69
SHA1:	7050566AB641807E6223ECE069DAFE4F2219402B
SHA-256:	537F38322824CE72733EC91CC8D8CFBB2766D269146D391D24DF668D12D9524E
SHA-512:	89037A2C8A9D8A083D2F682045DA24910E1D60A2A230D07164E27824362925E0663B86FD8262B9C32CAA3D817D6DB68F176A7B52DCCBE7B9B66081A03F5D5202
Malicious:	false
Reputation:	low
URL:	https://tags.tiqcdn.com/utag/orange/assistance/prod/utag.145.js?utv=ut4.39.202304261257
Preview:	//tealium universal tag - utag.145 ut4.0.202305051423, Copyright 2023 Tealium.com Inc. All Rights Reserved..try{(function(id,loader){var u={};utag.o[loader].sender[id]=u;if(utag===undefined){utag={};}if(utag.ut===undefined){utag.ut={};}if(utag.ut.loader===undefined){u.loader=function(o){var a,b,c,l;a=document;if(o.type==="iframe"){b=a.createElement("iframe");b.setAttribute("height","1");b.setAttribute("width","1");b.setAttribute("style","display:none");b.setAttribute("src",o.src);}else if(o.type==="img"){utag.DB("Attach img: "+o.src);b=new Image();b.src=o.src;return;}else{b=a.createElement("script");b.language="javascript";b.type="text/javascript";b.async=1;b.charset="utf-8";b.src=o.src;}if(o.id){b.id=o.id;}if(typeof o.cb==="function"){if(b.addEventListener){b.addEventListener("load",function(){o.cb();},false);}else{b.onreadystatechange=function(){if(this.readyState==="complete"\|\|this.readyState==="loaded"){this.onreadystatechange=null;o.cb();}};}}l=o.loc\|\|"head";c=a.getElementsByTagNa

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:32 UTC	5722	OUT	GET /appWebChatng/public/images/icon-star-yellow.png HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531989457$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:32 UTC	5736	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 581 Content-Type: image/png;charset=UTF-8 Date: Sun, 07 May 2023 22:16:32 GMT Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Connection: close
2023-05-07 22:16:32 UTC	5736	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 19 00 00 00 19 08 06 00 00 00 c4 e9 85 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 ff 49 44 41 54 48 0d ad 55 c1 2e 43 41 14 3d a3 48 ba 14 1b 61 45 84 68 23 92 12 21 91 d4 56 b4 91 58 e9 8e 58 5a 5b e8 2f d8 5b 4a 7c 80 15 42 ac 2d 2c b4 0d 51 42 88 15 b1 b1 93 10 aa e3 cc a4 1d 7d 93 19 7d 8f de 64 72 e7 de 39 f7 9c f7 66 ee bc 07 44 34 79 81 ae 88 25 68 8b 52 20 cb e8 c4 07 8e b4 8f 50 18 49 04 ef 58 26 f7 64 cd 47 90 09 09 95 12 ed f2 0c f7 1c 52 7b c6 21 4b 23 6c 57 09 39 92 0e d4 88 07 50 c4 52 4b 45 f8 16 02 12 1b 16 69 5e e7 ad a4 2b 0c 77 26 25 2c 52 64 24 40 a0 62 95 0f 61 e1 44 aa c8 3b b9 7c 79 0b 2c ac 18 ba 3d 2b 18 42 05 09 6e 52 92 6f 90 e2 c8 d8 38 13 0b ec 13 57 24 a6 cc 56 Data Ascii: PNGIHDRcsRGBIDATHU.CA=HaEh#!VXXZ[/[J\|B-,QB}}dr9fD4y%hR PIX&dGR{!K#lW9PRKEi^+w&%,Rd$@baD;\|y,=+BnRo8W$V

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:32 UTC	5723	OUT	GET /appWebChatFront/webchat/assets/images/icon-star-yellow.png HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531989457$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:32 UTC	5735	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Length: 581 Content-Type: image/png Date: Sun, 07 May 2023 22:16:32 GMT Etag: "1-245" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Connection: close
2023-05-07 22:16:32 UTC	5735	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 19 00 00 00 19 08 06 00 00 00 c4 e9 85 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 ff 49 44 41 54 48 0d ad 55 c1 2e 43 41 14 3d a3 48 ba 14 1b 61 45 84 68 23 92 12 21 91 d4 56 b4 91 58 e9 8e 58 5a 5b e8 2f d8 5b 4a 7c 80 15 42 ac 2d 2c b4 0d 51 42 88 15 b1 b1 93 10 aa e3 cc a4 1d 7d 93 19 7d 8f de 64 72 e7 de 39 f7 9c f7 66 ee bc 07 44 34 79 81 ae 88 25 68 8b 52 20 cb e8 c4 07 8e b4 8f 50 18 49 04 ef 58 26 f7 64 cd 47 90 09 09 95 12 ed f2 0c f7 1c 52 7b c6 21 4b 23 6c 57 09 39 92 0e d4 88 07 50 c4 52 4b 45 f8 16 02 12 1b 16 69 5e e7 ad a4 2b 0c 77 26 25 2c 52 64 24 40 a0 62 95 0f 61 e1 44 aa c8 3b b9 7c 79 0b 2c ac 18 ba 3d 2b 18 42 05 09 6e 52 92 6f 90 e2 c8 d8 38 13 0b ec 13 57 24 a6 cc 56 Data Ascii: PNGIHDRcsRGBIDATHU.CA=HaEh#!VXXZ[/[J\|B-,QB}}dr9fD4y%hR PIX&dGR{!K#lW9PRKEi^+w&%,Rd$@baD;\|y,=+BnRo8W$V

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:32 UTC	5724	OUT	GET /appWebChatFront/webchat/assets/images/icon-star.png HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531989457$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:32 UTC	5737	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Length: 623 Content-Type: image/png Date: Sun, 07 May 2023 22:16:32 GMT Etag: "1-26f" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Connection: close
2023-05-07 22:16:32 UTC	5737	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 19 00 00 00 19 08 06 00 00 00 c4 e9 85 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 02 29 49 44 41 54 48 0d ad 54 3b 4b 03 41 10 ce 25 17 21 a5 d8 88 56 4a f0 75 48 c8 45 c4 42 31 ad 98 20 68 a3 9d 62 99 5a 34 f9 03 0a 36 56 96 01 2b 2b 0b 41 51 52 5b 58 98 0b 09 9c f8 02 2b c5 c2 52 48 b8 5c 12 bf 91 cb 71 d9 ec 86 db e0 c2 b0 3b 8f ef 9b d9 9b d9 0b 04 24 57 a5 52 19 94 84 04 82 32 00 d3 34 07 2c cb ba a5 5d 06 27 95 a4 56 ab 6d 83 7c de d9 7d e7 f1 9d a4 d5 6a a9 90 7d 62 a6 9d 74 bf 59 7c 27 29 95 4a 5b 20 1d 77 88 c7 0d c3 d8 fc d7 24 a8 5a 81 64 19 d2 1c d9 19 1b 57 f5 75 13 dc 62 1d 84 d3 5e 06 d2 c9 ee b5 89 ce be 92 34 9b cd 1c 8f 40 64 67 63 bb ae 4b e3 69 db f6 04 64 46 51 14 0d 15 eb Data Ascii: PNGIHDRcsRGB)IDATHT;KA%!VJuHEB1 hbZ46V++AQR[X+RH\q;$WR24,]'Vm\|}j}btY\|')J[ w$ZdWub^4@dgcKidFQ

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:33 UTC	5748	OUT	GET /utag/orange/assistance/prod/utag.285.js?utv=ut4.39.202305051423 HTTP/1.1 Host: tags.tiqcdn.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:33 UTC	5903	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 2024 Connection: close Date: Sun, 07 May 2023 22:16:34 GMT Last-Modified: Fri, 05 May 2023 14:24:45 GMT ETag: "77dff90ba8cb68989704bb147485da79" x-amz-server-side-encryption: AES256 x-amz-version-id: qkEcFuts9qedCukgG4SlEa19xWZ2xIWa Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 179ba4c3ce59451c080c2ed7517bcb96.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ZRH55-P1 X-Amz-Cf-Id: uCDE8BccxkVGelg1uGDjVMgNziKXmN30sLrJM-8Tey6yiVNOZS2zwg== Cache-Control: max-age=1296000
2023-05-07 22:16:33 UTC	5904	IN	Data Raw: 2f 2f 74 65 61 6c 69 75 6d 20 75 6e 69 76 65 72 73 61 6c 20 74 61 67 20 2d 20 75 74 61 67 2e 32 38 35 20 75 74 34 2e 30 2e 32 30 32 33 30 35 30 35 31 34 32 33 2c 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 33 20 54 65 61 6c 69 75 6d 2e 63 6f 6d 20 49 6e 63 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 0a 74 72 79 7b 28 66 75 6e 63 74 69 6f 6e 28 69 64 2c 6c 6f 61 64 65 72 29 7b 76 61 72 20 75 3d 7b 7d 3b 75 74 61 67 2e 6f 5b 6c 6f 61 64 65 72 5d 2e 73 65 6e 64 65 72 5b 69 64 5d 3d 75 3b 69 66 28 75 74 61 67 3d 3d 3d 75 6e 64 65 66 69 6e 65 64 29 7b 75 74 61 67 3d 7b 7d 3b 7d 69 66 28 75 74 61 67 2e 75 74 3d 3d 3d 75 6e 64 65 66 69 6e 65 64 29 7b 75 74 61 67 2e 75 74 3d 7b 7d 3b 7d 69 66 28 75 74 61 67 2e 75 74 2e 6c 6f 61 64 65 72 3d 3d Data Ascii: //tealium universal tag - utag.285 ut4.0.202305051423, Copyright 2023 Tealium.com Inc. All Rights Reserved.try{(function(id,loader){var u={};utag.o[loader].sender[id]=u;if(utag===undefined){utag={};}if(utag.ut===undefined){utag.ut={};}if(utag.ut.loader==

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:33 UTC	5750	OUT	GET /appWebChatFront/webchat/assets/css/emoji.min.css HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:33 UTC	5759	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Length: 93 Content-Type: text/css Date: Sun, 07 May 2023 22:16:33 GMT Etag: "1-5d" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Connection: close
2023-05-07 22:16:33 UTC	5760	IN	Data Raw: 69 6d 67 2e 65 6d 6f 6a 69 7b 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 20 2e 30 35 65 6d 20 30 20 2e 31 65 6d 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 2d 30 2e 34 65 6d 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 77 69 64 74 68 3a 61 75 74 6f 7d Data Ascii: img.emoji{height:1.4em;margin:0 .05em 0 .1em;vertical-align:-0.4em;display:inline;width:auto}

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:13 UTC	210	OUT	GET /Magic/o_tealium.js?update?update HTTP/1.1 Host: c.woopic.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://mise-a-jour.ca21922.tw1.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:13 UTC	218	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Sun, 07 May 2023 22:16:13 GMT Content-Type: text/html Content-Length: 154 Connection: close Location: https://r.orange.fr/r/Oerreur_403 X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block
2023-05-07 22:16:13 UTC	218	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:33 UTC	5757	OUT	GET /appWebChatFront/webchat/runtime.cca1624d1c6ce4c0e74a.js HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:33 UTC	5772	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Date: Sun, 07 May 2023 22:16:33 GMT Etag: W/"1-5b9" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Content-Length: 1465 Connection: close
2023-05-07 22:16:33 UTC	5772	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 72 29 7b 66 6f 72 28 76 61 72 20 6e 2c 66 2c 69 3d 72 5b 30 5d 2c 6c 3d 72 5b 31 5d 2c 61 3d 72 5b 32 5d 2c 63 3d 30 2c 73 3d 5b 5d 3b 63 3c 69 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 6f 5b 66 3d 69 5b 63 5d 5d 26 26 73 2e 70 75 73 68 28 6f 5b 66 5d 5b 30 5d 29 2c 6f 5b 66 5d 3d 30 3b 66 6f 72 28 6e 20 69 6e 20 6c 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6c 2c 6e 29 26 26 28 65 5b 6e 5d 3d 6c 5b 6e 5d 29 3b 66 6f 72 28 70 26 26 70 28 72 29 3b 73 2e 6c 65 6e 67 74 68 3b 29 73 2e 73 68 69 66 74 28 29 28 29 3b 72 65 74 75 72 6e 20 75 2e 70 75 73 68 2e 61 70 70 6c 79 28 75 2c 61 7c 7c 5b 5d 29 2c 74 28 29 7d 66 75 6e 63 Data Ascii: !function(e){function r(r){for(var n,f,i=r[0],l=r[1],a=r[2],c=0,s=[];c<i.length;c++)o[f=i[c]]&&s.push(o[f][0]),o[f]=0;for(n in l)Object.prototype.hasOwnProperty.call(l,n)&&(e[n]=l[n]);for(p&&p(r);s.length;)s.shift()();return u.push.apply(u,a\|\|[]),t()}func
2023-05-07 22:16:33 UTC	5773	IN	Data Raw: 29 66 6f 72 28 76 61 72 20 6e 20 69 6e 20 65 29 66 2e 64 28 74 2c 6e 2c 28 66 75 6e 63 74 69 6f 6e 28 72 29 7b 72 65 74 75 72 6e 20 65 5b 72 5d 7d 29 2e 62 69 6e 64 28 6e 75 6c 6c 2c 6e 29 29 3b 72 65 74 75 72 6e 20 74 7d 2c 66 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 3d 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 64 65 66 61 75 6c 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 3b 72 65 74 75 72 6e 20 66 2e 64 28 72 2c 22 61 22 2c 72 29 2c 72 7d 2c 66 2e 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 72 29 7d 2c 66 Data Ascii: )for(var n in e)f.d(t,n,(function(r){return e[r]}).bind(null,n));return t},f.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return f.d(r,"a",r),r},f.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},f

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:34 UTC	7594	OUT	GET /pconsent/_pdb.gif?canal=Web&id_session=1683530189457&track_nom=affichage&track_zone=bandeau_cmp&origine=orange HTTP/1.1 Host: pdata.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:34 UTC	7684	IN	HTTP/1.1 200 OK last-modified: Sun, 02 Oct 2022 07:06:43 GMT accept-ranges: bytes access-control-allow-origin: * cache-control: max-age=0, no-cache, no-store, must-revalidate pragma: no-cache expires: Wed, 11 Jan 1984 05:00:00 GMT content-type: image/gif X-Cloud-Trace-Context: 848d0dba574e07a7470387cc76f510fc Date: Sun, 07 May 2023 22:16:34 GMT Server: Google Frontend Content-Length: 43 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-05-07 22:16:34 UTC	7685	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 f0 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:34 UTC	8031	OUT	GET /fonts/HelvNeue55_W1G.woff2 HTTP/1.1 Host: c.woopic.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" Origin: https://chatbot.orange.fr sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://chatbot.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: 7cacf6f3f310565b41c6b3f536419773
2023-05-07 22:16:34 UTC	8031	IN	HTTP/1.1 304 Not Modified Server: nginx Date: Sun, 07 May 2023 22:16:34 GMT Content-Type: application/octet-stream Connection: close Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age Last-Modified: Tue, 04 Oct 2022 07:32:34 GMT Etag: 7cacf6f3f310565b41c6b3f536419773 X-Timestamp: 1664868753.39009 Access-Control-Allow-Origin: * X-Trans-Id: txe7e826820ea14037b0557-00641adbe2 Cache-Control: max-age=15552000 Vary: Origin Age: 4015968 X-Mid: pr1m X-Cache: HIT x-server: mts X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:35 UTC	8032	OUT	GET /fonts/HelvNeue75_W1G.woff2 HTTP/1.1 Host: c.woopic.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" Origin: https://chatbot.orange.fr sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://chatbot.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: e54a5770b5f82d8d6d9a1727e440bd79
2023-05-07 22:16:35 UTC	8033	IN	HTTP/1.1 304 Not Modified Server: nginx Date: Sun, 07 May 2023 22:16:35 GMT Content-Type: application/octet-stream Connection: close Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-cache-control-max-age Last-Modified: Tue, 04 Oct 2022 07:32:33 GMT Etag: e54a5770b5f82d8d6d9a1727e440bd79 X-Timestamp: 1664868752.20950 Access-Control-Allow-Origin: * X-Trans-Id: txef938f333e214f39a249d-00641adbe2 Cache-Control: max-age=15552000 Vary: Origin Age: 4015969 X-Mid: pr1m X-Cache: HIT x-server: mts X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 286

Chrome Cache Entry: 287

Chrome Cache Entry: 288

Chrome Cache Entry: 289

Chrome Cache Entry: 290

Chrome Cache Entry: 291

Chrome Cache Entry: 292

Chrome Cache Entry: 293

Chrome Cache Entry: 294

Chrome Cache Entry: 295

Chrome Cache Entry: 296

Chrome Cache Entry: 297

Chrome Cache Entry: 298

Chrome Cache Entry: 299

Chrome Cache Entry: 300

Chrome Cache Entry: 301

Chrome Cache Entry: 302

Chrome Cache Entry: 303

Chrome Cache Entry: 304

Chrome Cache Entry: 305

Chrome Cache Entry: 306

Chrome Cache Entry: 307

Chrome Cache Entry: 308

Chrome Cache Entry: 309

Chrome Cache Entry: 310

Chrome Cache Entry: 311

Chrome Cache Entry: 312

Chrome Cache Entry: 313

Windows Analysis Report
http://mise-a-jour.ca21922.tw1.ru/Or22/Orange22/

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:35 UTC	8035	OUT	POST /appWebChatng/getBotFamily HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive Content-Length: 26 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" Accept: application/json, text/plain, / content-type: text/plain sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://chatbot.orange.fr Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:35 UTC	8036	OUT	Data Raw: 7b 27 62 6f 74 49 64 27 3a 20 27 41 49 44 45 45 54 43 4f 4e 54 41 43 54 27 7d Data Ascii: {'botId': 'AIDEETCONTACT'}
2023-05-07 22:16:35 UTC	8039	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://chatbot.orange.fr Content-Length: 13 Content-Type: application/json;charset=UTF-8 Date: Sun, 07 May 2023 22:16:34 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Connection: close
2023-05-07 22:16:35 UTC	8040	IN	Data Raw: 41 49 44 45 45 54 43 4f 4e 54 41 43 54 Data Ascii: AIDEETCONTACT

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:35 UTC	8041	OUT	POST /appWebChatng/getBotFamily HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive Content-Length: 26 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" Accept: application/json, text/plain, / content-type: text/plain sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://chatbot.orange.fr Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:35 UTC	8042	OUT	Data Raw: 7b 27 62 6f 74 49 64 27 3a 20 27 41 49 44 45 45 54 43 4f 4e 54 41 43 54 27 7d Data Ascii: {'botId': 'AIDEETCONTACT'}
2023-05-07 22:16:35 UTC	8067	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://chatbot.orange.fr Content-Length: 13 Content-Type: application/json;charset=UTF-8 Date: Sun, 07 May 2023 22:16:35 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Connection: close
2023-05-07 22:16:35 UTC	8068	IN	Data Raw: 41 49 44 45 45 54 43 4f 4e 54 41 43 54 Data Ascii: AIDEETCONTACT

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:35 UTC	8048	OUT	GET /appWebChatFront/webchat/assets/images/orange-2.png HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:35 UTC	8066	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Length: 262 Content-Type: image/png Date: Sun, 07 May 2023 22:16:35 GMT Etag: "1-106" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Connection: close
2023-05-07 22:16:35 UTC	8066	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 08 00 00 00 0c 08 06 00 00 00 5f 9e fc 9d 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 c0 49 44 41 54 18 19 7d 50 b1 0e 01 41 10 7d b3 68 04 89 3f 22 21 12 2a e5 35 12 a5 46 36 5a df 20 28 a8 68 7c 82 6f 50 a9 7c 86 42 21 77 ea 5d f3 8e db 38 27 66 93 dd 9d cc 7b 6f de 8c e0 47 c4 53 0c 21 18 d5 9b 88 e4 bb fe b0 88 9c c7 c1 7b 94 45 70 cc 01 94 39 56 e6 4e 8b 46 df 44 8b 7d 93 29 24 16 13 fd ef df c5 7b c5 a0 d3 58 e3 94 02 62 8b 99 73 d8 7a 40 54 f6 56 12 b4 ab 4b 9c 49 36 ca 9c 7b 87 05 13 95 bc 8a 41 ab b6 c2 85 39 23 b4 78 a5 c5 3b 35 c9 16 41 45 5b 18 41 37 53 09 53 d0 a4 82 36 f4 a1 87 26 7b f4 11 00 14 2f 8c 69 30 c8 01 08 fa bb 28 02 18 9f ab 7e 02 0a 77 43 84 4e f0 7c d0 00 00 00 00 49 Data Ascii: PNGIHDR_sRGBIDAT}PA}h?"!*5F6Z (h\|oP\|B!w]8'f{oGS!{Ep9VNFD})${Xbsz@TVKI6{A9#x;5AE[A7SS6&{/i0(~wCN\|I

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:35 UTC	8049	OUT	GET /appWebChatFront/webchat/assets/images/icon-moins.svg HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:35 UTC	8067	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Length: 548 Content-Type: image/svg+xml Date: Sun, 07 May 2023 22:16:35 GMT Etag: "1-224" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Connection: close
2023-05-07 22:16:35 UTC	8067	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 0a 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 0a 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 32 36 20 32 32 36 22 0a 73 74 79 6c 65 3d 22 20 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 22 3e 3c 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 6e 6f 6e 7a 65 72 6f 22 20 73 74 72 6f 6b 65 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 31 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 62 75 74 74 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 6d 69 74 65 72 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"width="24" height="24"viewBox="0 0 226 226"style=" fill:#000000;"><g fill="none" fill-rule="nonzero" stroke="none" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:35 UTC	8085	OUT	GET /appWebChatFront/webchat/assets/images/blackFB.png HTTP/1.1 Host: chatbot.orange.fr Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://chatbot.orange.fr/appWebChatFront/webchat/chat?1683530192602= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:35 UTC	8167	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Length: 166 Content-Type: image/png Date: Sun, 07 May 2023 22:16:35 GMT Etag: "1-a6" Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Server: nginx/1.24.0 Connection: close
2023-05-07 22:16:35 UTC	8167	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 0c 08 06 00 00 00 56 75 5c e7 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 60 49 44 41 54 28 15 95 92 8b 09 00 20 08 44 a5 01 da 7f a3 c6 2a 2f 48 4c ee 82 04 c1 cf 3b 95 c8 cc 6c ba 0f f7 ee ae 0c 3d 30 60 23 50 a2 0c 83 d9 93 8f ba 8a 2a 1c 57 b0 06 ab 61 41 58 05 d4 d6 10 20 c8 22 fa 18 ed c2 3f 93 3c 1d e7 3c 4f aa 30 72 56 db 37 c8 86 12 3d 57 13 d1 df d7 58 0b ab 35 1b b1 41 3a 64 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRVu\sRGB`IDAT( D/HL;l=0`#PWaAX "?<<O0rV7=WX5A:dIENDB`

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:35 UTC	8112	OUT	OPTIONS /bot/api/v1/session HTTP/1.1 Host: sso.orange.fr Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: brand,cache-control,content-type,deploymentbotid,expires,fronttype,initialbotid,pragma,useragentdetails,webchatlayout Origin: https://chatbot.orange.fr User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://chatbot.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:35 UTC	8228	IN	HTTP/1.1 200 OK Date: Sun, 07 May 2023 22:16:35 GMT Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: brand, cache-control, content-type, deploymentbotid, expires, fronttype, initialbotid, pragma, useragentdetails, webchatlayout Access-Control-Allow-Methods: POST Access-Control-Allow-Origin: https://chatbot.orange.fr Access-Control-Max-Age: 1800 Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH Content-Length: 0 Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers P3P: CP="NOI" Connection: close Set-Cookie: cookie_wt=!9j4+kA1fam7MVy4d8cWArylCh3fiIdcvlQXe51QdurSzdTpJ1m3oPUX5mVEvqLHK71+YK/CXh24ZupqgwjNqidI7JghBazHrmD2FnahcBQjblKjTWIAHRuqKv8TNPgUnG3sNDpch3dk3tfx+6fGEiVSbw5GtMr8=; path=/; Httponly; Secure ; SameSite=None Set-Cookie: TS011e2867=01306ea61eedd4cf81ca0f96cda8815079da7fd54dff24d4d9fcb1e5b0ad5b4ac632209b644a071e22517ca9c5a911967bf606c436; Path=/ ; Secure ; SameSite=None

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:36 UTC	8331	OUT	POST /bot/api/v1/session HTTP/1.1 Host: sso.orange.fr Connection: keep-alive Content-Length: 570 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" Pragma: no-cache deploymentBotId: initialBotId: AIDEETCONTACT User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json Expires: 0 Cache-Control: no-cache, no-store, must-revalidate sec-ch-ua-mobile: ?0 brand: ORANGE webchatLayout: FENETRE frontType: webchat userAgentDetails: {"ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36","browser":{"name":"Chrome","version":"104.0.0.0","major":"104"},"engine":{"name":"Blink","version":"104.0.0.0"},"os":{"name":"Windows","version":"10"},"device":{"type":"Desktop"},"cpu":{"architecture":"amd64"}} sec-ch-ua-platform: "Windows" Origin: https://chatbot.orange.fr Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://chatbot.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookie_wt=!xezFdVflQlbT2HEd8cWArylCh3fiIRzFinmCvHAfGyslrmnxqZohVpZuRRDW950/abxBy9Nyuvojgm2z8BaM7pv+guDeHfgizMkRGShHlEjPun4uaOzd9SJIXqmxoyrW8CD12DRIxf2iU9evcPnKk3lOAY/bq00=; TS011e2867=01306ea61e3c3ece01359d542cd1efcf2e8d12894f010689053b89001f551c100cbe0bd077be0787a3b9d69f0f4b99b5ca588bcb00; idzone=AFEXH1Txk77npjPeuaFKlu30jojxlGWByA6jcRRvsGEpcZ6EP5ZbixvrLiwKmp0pWIwSN1WiFnOTyxXgKCapwMS37YoK9AWV3CRwBJtgOr5z_S_1LOiQEjeBAI59sZ3VJkOjyeCWXWWnHm8; izclientid=r8s3Q-a5hUdGqGR03aMABc1v%2C1684102587; nav=2; userconsent={"c":{"w":{"cs":{"c1":"1","c2":"1","c3":"1","c4":"1","c5":"1","c6":"1"},"t":"2023-05-08T07:16:32.844Z","v":"1"}}}; utag_main=v_id:0187fa380a910011060c8a431fb60006f00c106700918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1683531992858$ses_id:1683530189457%3Bexp-session
2023-05-07 22:16:36 UTC	8333	OUT	Data Raw: 7b 22 63 6f 6e 74 65 78 74 22 3a 7b 22 63 6f 6e 76 4f 72 69 67 69 6e 22 3a 22 44 6a 69 6e 67 6f 22 7d 2c 22 62 6f 74 6d 61 6e 46 75 6c 6c 43 6f 6e 74 61 63 74 51 75 65 72 79 44 61 74 61 22 3a 7b 22 75 72 6e 22 3a 22 61 73 73 69 73 74 61 6e 63 65 2e 6f 72 61 6e 67 65 2e 66 72 2f 6f 72 64 69 6e 61 74 65 75 72 73 2d 70 65 72 69 70 68 65 72 69 71 75 65 73 2f 69 6e 73 74 61 6c 6c 65 72 2d 65 74 2d 75 74 69 6c 69 73 65 72 2f 6c 61 2d 72 65 63 68 65 72 63 68 65 2d 65 74 2d 6e 61 76 69 67 61 74 69 6f 6e 2d 73 75 72 2d 6c 65 2d 77 65 62 2d 63 6f 6f 6b 69 65 73 2f 64 65 73 2d 69 6e 66 6f 72 6d 61 74 69 6f 6e 73 2d 73 75 72 2d 6c 65 73 2d 63 6f 6f 6b 69 65 73 2f 70 63 2f 63 6f 6f 6b 69 65 73 2d 70 72 65 73 65 6e 74 61 74 69 6f 6e 5f 32 32 36 31 32 30 2d 37 36 38 31 Data Ascii: {"context":{"convOrigin":"Djingo"},"botmanFullContactQueryData":{"urn":"assistance.orange.fr/ordinateurs-peripheriques/installer-et-utiliser/la-recherche-et-navigation-sur-le-web-cookies/des-informations-sur-les-cookies/pc/cookies-presentation_226120-7681
2023-05-07 22:16:36 UTC	8333	IN	HTTP/1.1 200 OK Date: Sun, 07 May 2023 22:16:36 GMT Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://chatbot.orange.fr Access-Control-Expose-Headers: env, usessourl Botmansession: 58C124483B07B3264295H9S71C5B48B0 Content-Type: application/json;charset=UTF-8 Env: prod Usessourl: false Uuid: 1d576724-027c-4436-ba1d-fbcedab324e9 Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers Content-Length: 1990 P3P: CP="NOI" Connection: close
2023-05-07 22:16:36 UTC	8334	IN	Data Raw: 7b 22 62 6f 74 6d 61 6e 53 65 73 73 69 6f 6e 22 3a 22 35 38 43 31 32 34 34 38 33 42 30 37 42 33 32 36 34 32 39 35 48 39 53 37 31 43 35 42 34 38 42 30 22 2c 22 62 6f 74 43 6f 6e 66 69 67 22 3a 7b 22 62 6f 74 49 64 22 3a 22 41 49 44 45 45 54 43 4f 4e 54 41 43 54 22 2c 22 62 6f 74 4e 61 6d 65 22 3a 22 44 6a 69 6e 67 6f 22 2c 22 62 6f 74 46 61 6d 69 6c 79 22 3a 22 41 49 44 45 45 54 43 4f 4e 54 41 43 54 22 2c 22 62 6f 74 54 79 70 65 22 3a 22 74 65 78 74 22 2c 22 68 65 61 64 65 72 22 3a 7b 22 6f 72 61 6e 67 65 54 65 78 74 22 3a 22 44 6a 69 6e 67 6f 2c 20 6c 65 20 63 68 61 74 62 6f 74 20 64 27 4f 72 61 6e 67 65 22 2c 22 73 6f 73 68 54 65 78 74 22 3a 22 4c 65 20 63 68 61 74 62 6f 74 20 53 6f 73 68 22 2c 22 63 73 72 48 61 6e 64 6f 76 65 72 54 65 78 74 22 3a 22 55 Data Ascii: {"botmanSession":"58C124483B07B3264295H9S71C5B48B0","botConfig":{"botId":"AIDEETCONTACT","botName":"Djingo","botFamily":"AIDEETCONTACT","botType":"text","header":{"orangeText":"Djingo, le chatbot d'Orange","soshText":"Le chatbot Sosh","csrHandoverText":"U

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:13 UTC	272	OUT	GET /r/Oerreur_403 HTTP/1.1 Host: r.orange.fr Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://mise-a-jour.ca21922.tw1.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:14 UTC	321	IN	HTTP/1.1 301 Moved Permanently Date: Sun, 07 May 2023 22:16:14 GMT Server: Apache X-Orange-Internal-Id: 04338b91-8294-4b74-b573-67be682f28e5 Strict-Transport-Security: max-age=15552000 Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0 Age: 99999999 Vary: Cookie,User-Agent Expires: 0 Location: https://e.orange.fr/error403.html Content-Type: text/plain Content-Length: 0 Connection: close

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:36 UTC	8337	OUT	GET /v1/AUTH_c8f157992dc0483388be7221fdfd0739/9.45/icons/mobile/favicon-32x32.png HTTP/1.1 Host: cdn.woopic.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assistance.orange.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:36 UTC	8379	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 07 May 2023 22:16:36 GMT Content-Type: image/png Content-Length: 1975 Connection: close Last-Modified: Thu, 27 Apr 2023 09:02:54 GMT Etag: 053f7a22eae8ca37ec11ff03780350b4 X-Timestamp: 1682586173.82967 X-Object-Meta-Mtime: 1682582093 X-Trans-Id: txb72c412bcce4497486872-006458231c Access-Control-Expose-Headers: cache-control, content-language, content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id, x-object-meta-mtime Access-Control-Allow-Origin: * Age: 40 X-Mid: pr4b X-Cache: HIT x-server: bgl Accept-Ranges: bytes
2023-05-07 22:16:36 UTC	8379	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 04 da 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 65 78 69 66 00 00 78 da ed 57 5b 76 03 27 0c fd 67 15 5d 02 92 10 12 cb e1 79 4e 77 d0 e5 f7 32 1e 3b b6 e3 34 49 d3 8f 7e c4 1c 0f 33 48 08 71 2f 20 11 e6 5f 7f ae f0 07 7e 9c 28 86 a4 e6 b9 e4 1c f1 4b 25 15 ae 78 f1 78 f9 95 e3 49 31 1d cf e3 c7 a7 08 df 0f ed e1 26 60 34 09 6a b9 7c 5a 3d f5 2b da f5 ad c3 75 0c 6a 8f ed c1 4f 09 fb 69 e8 14 5c 0d ca 1e 79 8f 36 ee 9d 44 3b 5f da 29 9d 86 ca bc bc e4 e2 76 ef 6a 3b 5d ed a7 e2 e1 ca f9 2f e3 d0 bc 19 d9 df e1 be 21 19 50 1a 8a 81 84 79 0a 49 3c 9e 7e f1 40 f6 9f a4 ee 76 3c 19 3a f0 57 32 de 93 50 38 04 57 4f 00 c8 c3 f4 ae 75 8c Data Ascii: PNGIHDR szzzTXtRaw profile type exifxW[v'g]yNw2;4I~3Hq/ _~(K%xxI1&`4j\|Z=+ujOi\y6D;_)vj;]/!PyI<~@v<:W2P8WOu

Timestamp	kBytes transferred	Direction	Data
2023-05-07 22:16:36 UTC	8346	OUT	GET /z.gif?APP=elco&access=desktop&loaderLoaded=1776&coreLoading=1776&coreLoaded=1784&libLoading=3158&libLoaded=3158&rendered=3652&end=3652 HTTP/1.1 Host: c.woopic.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-07 22:16:36 UTC	8378	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 07 May 2023 22:16:36 GMT Content-Type: image/gif Content-Length: 43 Connection: close Cache-Control: no-cache X-Mid: N-pr2m Access-Control-Allow-Origin: * Accept-Ranges: bytes
2023-05-07 22:16:36 UTC	8379	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;