urlquery - report: url3824.artplacer.com/ls/click?upn=vRCEVzYRDK3YQ6SvtXzA-2B8-2BY0chxezhgyT6lyRl3neoTYJWnYAFIajnRDumsSVD4p8XU8yDGeLkB4wlMAb19zeZRQI4Sdz95pExW4gKZti2YuXkuNFE7-2BII89mqdmdN1y5wvjm6HkYAyhb4uaHouGtzMKaaifeCOSuSnHB6oF2j7wuO1WVV9vct0CiUGQAT0qDLuAEL70Z8sJ6i3bxLgb4pBa-2BxmspUbixbcPd1y9z7L0UKUscsnDQS0vAhwgtywJ4P-2BpqMSP-2BoUI7iJEkDNKQ-3D-3Dn2tz_YxCxpoge33FNHhRVcK23d-2BmKDV7V51hLzfsQ0ortZ51TyL0IBSDmcRigptfh0ZhwdU0bUwjCaWpsQRjGNs03eZx-2BloONBPhQNRxN8WzxxvOlPBHCBOk7LHen-2FhoOF7v-2Fz-2Ft4pbMCNdDn-2By9qQr0GEAjqSW6Wc7SkcPkRzaMklQ1-2BFV46fDJ6J7Djl4-2BBymAnwTJV-2BGLJwiRP2mPnMoWi97lsjPn1o2iWR3wyygJ8zL8-3D

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
ocsp.godaddy.com (1)	698	2012-05-20 21:28:57	2023-05-26 05:09:17	330	2286	192.124.249.23
rollins-mkt-prod1.campaign.adobe.com (1)	0	2023-05-23 21:19:07	2023-05-26 06:49:54	644	456	34.215.187.240
alawaelafrica.com (1)	0	2023-05-26 16:11:33	2023-05-26 16:11:33	521	392	65.108.234.151
0gpilhhtlb646b2a32a499c.ocupac.ru (7)	0	2023-05-26 16:11:37	2023-05-26 16:11:37	4855	172479	172.67.176.78
unpkg.com (2)	11693	2016-01-08 00:26:01	2023-05-26 09:02:10	864	64800	104.16.123.175
url3824.artplacer.com (1)	0	2023-05-26 16:11:32	2023-05-26 16:11:32	964	629	167.89.123.54

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/images/trace/managed/js/transpare (...)	Phishing
2023-05-26	medium	0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com	Phishing
2023-05-26	medium	0gpilhhtlb646b2a32a499c.ocupac.ru/jq/674b856cc89f9200a4f4820aa41b60f86470c9 (...)	Phishing
2023-05-26	medium	0gpilhhtlb646b2a32a499c.ocupac.ru/boot/674b856cc89f9200a4f4820aa41b60f86470 (...)	Phishing
2023-05-26	medium	0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com	Phishing
2023-05-26	medium	0gpilhhtlb646b2a32a499c.ocupac.ru/jm/674b856cc89f9200a4f4820aa41b60f86470c9 (...)	Phishing
2023-05-26	medium	0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470c9f49 (...)	Phishing

Date	UQ / IDS / BL	URL	IP
2023-06-05 21:02:16 UTC	0 - 0 - 1	trk.email.jordans.com/ls/click?upn=JFvCUU5Qks (...)	167.89.115.56
2023-06-04 23:10:49 UTC	0 - 2 - 0	emt2.zippia.com/ls/click?upn=SYiRFDorhRm4QIUX (...)	167.89.115.56
2023-06-04 03:44:51 UTC	0 - 6 - 0	ny.energyintel.com/ls/click?upn=ZwwBDc-2BT0Kg (...)	167.89.115.56
2023-06-03 17:20:48 UTC	0 - 3 - 0	url8314.asperitascap.com/ls/click?upn=FOLcC-2 (...)	167.89.115.56
2023-06-01 21:30:42 UTC	0 - 7 - 0	email-links.crexi.com/ls/click?upn=nZ9Rf1kUMj (...)	167.89.115.56

Date	UQ / IDS / BL	URL	IP
2023-06-06 05:14:28 UTC	0 - 0 - 0	u33152670.ct.sendgrid.net/asm/unsubscribe/?us (...)	167.89.123.122
2023-06-05 21:02:16 UTC	0 - 0 - 1	trk.email.jordans.com/ls/click?upn=JFvCUU5Qks (...)	167.89.115.56
2023-06-05 17:04:03 UTC	0 - 3 - 0	url8314.asperitascap.com/ls/click?upn=FOLcC-2 (...)	167.89.123.54
2023-06-05 16:32:50 UTC	0 - 6 - 0	url7752.alignedup.com/ls/click?upn=JkC8jkC4i7 (...)	167.89.115.120
2023-06-05 13:23:34 UTC	0 - 3 - 0	url8314.asperitascap.com/ls/click?upn=FOLcC-2 (...)	167.89.123.124

Date	UQ / IDS / BL	URL	IP
2023-05-30 19:38:15 UTC	2 - 0 - 0	url3824.artplacer.com/ls/click?upn=vRCEVzYRDK (...)	167.89.123.54
2023-05-26 22:26:07 UTC	2 - 0 - 4	url3824.artplacer.com/ls/click?upn=vRCEVzYRDK (...)	167.89.123.124
2023-05-26 18:17:16 UTC	2 - 0 - 7	url3824.artplacer.com/ls/click?upn=vRCEVzYRDK (...)	167.89.115.120
2023-05-26 17:42:19 UTC	2 - 0 - 7	url3824.artplacer.com/ls/click?upn=vRCEVzYRDK (...)	167.89.115.120
2023-05-26 15:02:24 UTC	2 - 0 - 7	url3824.artplacer.com/ls/click?upn=vRCEVzYRDK (...)	167.89.115.56

Date	UQ / IDS / BL	URL	IP
2023-06-06 06:06:24 UTC	0 - 0 - 2	apiservices.krxd.net/click_tracker/track?kx_e (...)	151.101.2.133
2023-06-06 06:03:51 UTC	0 - 0 - 2	apart-benidorm.es/nedsecur.stm/login.php?sess (...)	5.9.48.70
2023-06-06 06:03:56 UTC	0 - 0 - 0	cdn.tercept.com/js/trcpt?account_id=TCPT-1565	54.230.111.91
2023-06-06 06:00:25 UTC	0 - 0 - 3	ww1.download2-cdn.com/	35.186.238.101
2023-06-06 05:59:11 UTC	0 - 1 - 0	refpa57118.top/L	178.253.37.98

Request	Response
GET /ls/click?upn=vRCEVzYRDK3YQ6SvtXzA-2B8-2BY0chxezhgyT6lyRl3neoTYJWnYAFIajnRDumsSVD4p8XU8yDGeLkB4wlMAb19zeZRQI4Sdz95pExW4gKZti2YuXkuNFE7-2BII89mqdmdN1y5wvjm6HkYAyhb4uaHouGtzMKaaifeCOSuSnHB6oF2j7wuO1WVV9vct0CiUGQAT0qDLuAEL70Z8sJ6i3bxLgb4pBa-2BxmspUbixbcPd1y9z7L0UKUscsnDQS0vAhwgtywJ4P-2BpqMSP-2BoUI7iJEkDNKQ-3D-3Dn2tz_YxCxpoge33FNHhRVcK23d-2BmKDV7V51hLzfsQ0ortZ51TyL0IBSDmcRigptfh0ZhwdU0bUwjCaWpsQRjGNs03eZx-2BloONBPhQNRxN8WzxxvOlPBHCBOk7LHen-2FhoOF7v-2Fz-2Ft4pbMCNdDn-2By9qQr0GEAjqSW6Wc7SkcPkRzaMklQ1-2BFV46fDJ6J7Djl4-2BBymAnwTJV-2BGLJwiRP2mPnMoWi97lsjPn1o2iWR3wyygJ8zL8-3D HTTP/1.1 Host: url3824.artplacer.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	167.89.123.54 HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Server: nginx Date: Fri, 26 May 2023 15:02:08 GMT Content-Length: 231 Connection: keep-alive Location: https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQub2RvbUBwbGV4b3Nncm91cC5jb20= X-Robots-Tag: noindex, nofollow --- Additional Info --- Magic: HTML document, ASCII text Size: 231 Md5: 6abb7981697bb33afaf6a1740c0d88ff Sha1: 9a08e1f550c9d1c5583473b6a907fdbfe9a08eae Sha256: 21ff2f6861b23ae6f2aa00b58ca1d6f0c8c7782a2feb7b18ef70468401e586e9
POST / HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	192.124.249.23 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: Sucuri/Cloudproxy Date: Fri, 26 May 2023 15:02:09 GMT Content-Length: 1778 Connection: keep-alive X-Sucuri-ID: 19023 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Fri, 26 May 2023 02:27:16 GMT Expires: Sat, 27 May 2023 02:27:16 GMT ETag: "769d92ee0f9c2352e3d0372ffa3af47e6b6cb901" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" --- Additional Info --- Magic: data Size: 1778 Md5: c738a3af33c5658c0593c80cc0fab986 Sha1: 769d92ee0f9c2352e3d0372ffa3af47e6b6cb901 Sha256: a6d69f42a3d47b9c15bfd7da0cb1794e049f93515c24033fc7acfa97bb2b045d
GET /rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQub2RvbUBwbGV4b3Nncm91cC5jb20= HTTP/1.1 Host: rollins-mkt-prod1.campaign.adobe.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	34.215.187.240 HTTP/1.1 302 Found Content-Type: text/plain; charset=iso-8859-1 Date: Fri, 26 May 2023 15:02:09 GMT Server: Apache X-Robots-Tag: noindex Connection: keep-alive, Keep-Alive Location: https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQub2RvbUBwbGV4b3Nncm91cC5jb20= Content-length: 0 Pragma: no-cache Cache-Control: no-cache Expires: Fri, 26 May 2023 15:02:09 GMT X-UA-Compatible: IE=edge X-XSS-Protection: 1; mode=block Keep-Alive: timeout=5, max=100 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /.ojnew/tmp/ZGF2aWQub2RvbUBwbGV4b3Nncm91cC5jb20= HTTP/1.1 Host: alawaelafrica.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	65.108.234.151 HTTP/1.1 302 Found Content-Type: text/html; charset=UTF-8 Date: Fri, 26 May 2023 15:02:10 GMT Server: Apache Location: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked --- Additional Info --- Magic: ASCII text, with no line terminators Size: 114 Md5: c3eb94116514eefc8877b16b0c4eb289 Sha1: 5d4446fca287b5a3041b84895203fdde2974cf4c Sha256: 51eb73c04cfdcea5d1018723c68382336366b9ebf32088af14c79849965f6fff urlquery: - Phishing - Microsoft Outlook
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd6e5c9bf43b51d HTTP/1.1 Host: 0gpilhhtlb646b2a32a499c.ocupac.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	172.67.176.78 HTTP/3 200 OK content-type: image/gif date: Fri, 26 May 2023 15:02:10 GMT content-length: 42 last-modified: Thu, 25 May 2023 08:39:03 GMT etag: "646f1ea7-2a" server: cloudflare cf-ray: 7cd6e5cb6b0eb503-OSL x-frame-options: DENY x-content-type-options: nosniff vary: Accept-Encoding expires: Fri, 26 May 2023 17:02:10 GMT cache-control: max-age=7200, public accept-ranges: bytes --- Additional Info --- Magic: GIF image data, version 89a, 1 x 1\012- data Size: 42 Md5: d89746888da2d9510b64a9f031eaecd5 Sha1: d5fceb6532643d0d84ffe09c40c481ecdf59e15a Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Blocklists: - fortinet: Phishing
POST /Mdavid.odom@plexosgroup.com HTTP/1.1 Host: 0gpilhhtlb646b2a32a499c.ocupac.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com?__cf_chl_tk=NQ0WcwgoWYX8.tjaPW3T3p6lPG9GIyP3vIOu5oIBgs4-1685113330-0-gaNycGzNDXs Content-Type: application/x-www-form-urlencoded Content-Length: 3617 Origin: https://0gpilhhtlb646b2a32a499c.ocupac.ru DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache	172.67.176.78 HTTP/3 302 Found content-type: text/html; charset=UTF-8 date: Fri, 26 May 2023 15:02:14 GMT location: ./beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b set-cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; path=/; expires=Sat, 25-May-24 15:02:12 GMT; domain=.ocupac.ru; HttpOnly; Secure; SameSite=None PHPSESSID=c3c965f114ed74e66807422c44400fa0; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache x-turbo-charged-by: LiteSpeed cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bm5uT2BQn5IC8G6Ws5r1koFeoHrvjRSTi8r1AFVJ1Fzv7ukndli%2Fu6eipf17jaG08SDl6g2ghw2iy7%2FdAAWbbcKcvVn6jmcoZdxHV24ZcOwk2WLvgI8mlhHsxReJEW%2FeynShfT48W6pVsLvnQQcvJyvRn4g%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7cd6e5d9998bb503-OSL alt-svc: h3=":443"; ma=86400 --- Additional Info --- Magic: Size: 7351 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Blocklists: - fortinet: Phishing
GET /jq/674b856cc89f9200a4f4820aa41b60f86470c9f4a0df0 HTTP/1.1 Host: 0gpilhhtlb646b2a32a499c.ocupac.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache	172.67.176.78 HTTP/3 200 OK content-type: application/javascript date: Fri, 26 May 2023 15:02:14 GMT cache-control: public, max-age=604800 expires: Fri, 02 Jun 2023 15:02:12 GMT last-modified: Mon, 22 May 2023 17:44:14 GMT vary: Accept-Encoding x-turbo-charged-by: LiteSpeed cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSuZ6C0WAHJ90815UeW0QxCJu4X%2FnBjFIbLN0QpI7BkpfXpfcbOpQdutGgScIMZEdSMWi1yTtJQ%2BBNe5YruL1lE%2Fv0WKm2au2gVpcAvhgkXZnMmmAXufBZZ4plCPKV87m7VtP9NjP5jz9dv40htLOQXVqls%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7cd6e5e3aac1b503-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 --- Additional Info --- Magic: ASCII text, with very long lines (32065) Size: 85578 Md5: 2f6b11a7e914718e0290410e85366fe9 Sha1: 69bb69e25ca7d5ef0935317584e6153f3fd9a88c Sha256: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Blocklists: - fortinet: Phishing
GET /boot/674b856cc89f9200a4f4820aa41b60f86470c9f4a0df4 HTTP/1.1 Host: 0gpilhhtlb646b2a32a499c.ocupac.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache	172.67.176.78 HTTP/3 200 OK content-type: application/javascript date: Fri, 26 May 2023 15:02:14 GMT cache-control: public, max-age=604800 expires: Fri, 02 Jun 2023 15:02:12 GMT last-modified: Mon, 22 May 2023 17:44:14 GMT vary: Accept-Encoding x-turbo-charged-by: LiteSpeed cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=venzLMuSYwSDP%2F3l6Fc8fjX07WhKAqgrK7HN7hGK42kFN3%2FDnQY1ry%2B7Kl7Q2XEd3LM4tsckLSUGWA0skHuuXrwU7xad3zIjmYIzqooP6qM8tKBcaeLUsMvFiSAe0np9wwvcADSDVCwmF8cMgQzckGm03dk%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7cd6e5e3aac9b503-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 --- Additional Info --- Magic: ASCII text, with very long lines (50758) Size: 51039 Md5: 67176c242e1bdc20603c878dee836df3 Sha1: 27a71b00383d61ef3c489326b3564d698fc1227c Sha256: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Blocklists: - fortinet: Phishing
GET /axios/dist/axios.min.js HTTP/1.1 Host: unpkg.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	104.16.123.175 HTTP/2 302 Found content-type: text/plain; charset=utf-8 date: Fri, 26 May 2023 15:02:14 GMT access-control-allow-origin: * cache-control: public, s-maxage=600, max-age=60 location: /axios@1.4.0/dist/axios.min.js vary: Accept, Accept-Encoding via: 1.1 fly.io fly-request-id: 01H1C98A4B0AB0VWZM83XDGF2S-fra cf-cache-status: HIT age: 50 strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff server: cloudflare cf-ray: 7cd6e5e3cd91b4fa-OSL X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 31842 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /axios@1.4.0/dist/axios.min.js HTTP/1.1 Host: unpkg.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	104.16.123.175 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Fri, 26 May 2023 15:02:14 GMT access-control-allow-origin: * cache-control: public, max-age=31536000 last-modified: Sat, 26 Oct 1985 08:15:00 GMT etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI" via: 1.1 fly.io fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra cf-cache-status: HIT age: 1812426 vary: Accept-Encoding strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff server: cloudflare cf-ray: 7cd6e5e3ddb6b4fa-OSL content-encoding: br X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (31803) Size: 31842 Md5: 6470a918ba1fd4b8d0882df0269ddb82 Sha1: 97814fdab64aa7d1b30f082f9eb272d4b1ce18a2 Sha256: fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e
GET /Mdavid.odom@plexosgroup.com HTTP/1.1 Host: 0gpilhhtlb646b2a32a499c.ocupac.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	172.67.176.78 HTTP/2 403 Forbidden content-type: text/html; charset=UTF-8 date: Fri, 26 May 2023 15:02:10 GMT cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-frame-options: SAMEORIGIN cf-mitigated: challenge cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OCVIAfp9GOdWcZ%2BmS5poWUZz7VPOqh9qiNzqdmy6HDxrWGdCz90YpZS8oTcczV6GvPT00ZHLPscJ%2F0O%2Fzctge%2FEVM2umcXp49bR6whMZZc4vW0AUc9k85DthpUjuiIooN2YQyrsfBKK3x5KOeQhJHJmZ8h8%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7cd6e5c9bf43b51d-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8316), with no line terminators Size: 8148 Md5: fd82b6cc95285c9d473f277acfbc3426 Sha1: 4b9abf82b724567a112a1178bf48fc56bf9a664b Sha256: 1054f64a24d3aba27877217702c1814604d5048200d5d7af72b23f38521de4fa Blocklists: - fortinet: Phishing
GET /jm/674b856cc89f9200a4f4820aa41b60f86470c9f4a0dfc HTTP/1.1 Host: 0gpilhhtlb646b2a32a499c.ocupac.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache	172.67.176.78 HTTP/3 200 OK content-type: application/javascript date: Fri, 26 May 2023 15:02:14 GMT cache-control: public, max-age=604800 expires: Fri, 02 Jun 2023 15:02:12 GMT last-modified: Mon, 22 May 2023 17:44:14 GMT vary: Accept-Encoding x-turbo-charged-by: LiteSpeed cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcYn1JXLyxVycYhZiJtH1waRdo527spLWpemBIMWBKroOGMkOTIBAs8EvqPkP2LFXlbOnHi5xvOnxCGY527vttYnq7x%2BiE8klR%2B2KQ54Inzb%2F1nDYHfWDzOIUCa1MleYc7iRXisJMjFmXyZE0Tn3dOSVdOA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7cd6e5e3aacbb503-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 --- Additional Info --- Magic: ASCII text, with very long lines (7344), with no line terminators Size: 7309 Md5: f335e180c66cfa35ea3152a33884ec67 Sha1: 0b99d4d6d595e23b8c864f9c39d16813f886e850 Sha256: 7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324 Blocklists: - fortinet: Phishing
GET /beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b HTTP/1.1 Host: 0gpilhhtlb646b2a32a499c.ocupac.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com?__cf_chl_tk=NQ0WcwgoWYX8.tjaPW3T3p6lPG9GIyP3vIOu5oIBgs4-1685113330-0-gaNycGzNDXs DNT: 1 Connection: keep-alive Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache	172.67.176.78 HTTP/3 200 OK content-type: text/html; charset=UTF-8 date: Fri, 26 May 2023 15:02:14 GMT expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache vary: Accept-Encoding x-turbo-charged-by: LiteSpeed cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hn9mgNt3mU658zWwe2sYnifnj43FvA%2FqGdeOo82hBWzeW3%2F7nmfFfXqU9ZlEKJb27HtDr6a2GXHw%2F7AksOU81dr3YKo4yEyJhZ39CE3fjIxNyCR6cQpJM4KpNCapK2bgBneM7D%2ByWZq8UVuRvU%2BZgfAuNbk%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7cd6e5e2c99db503-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators Size: 7351 Md5: 07b1320d0e70105cf3b87fcf229d064b Sha1: a84910f813e919ea3e57995a8ca9bd9b5ec6fcde Sha256: 884d852f4131a1537317ff9f381a108c59db52dd99ef61c6f9df2e7b1ef8409b Blocklists: - fortinet: Phishing

                                        
                                            GET /.ojnew/tmp/ZGF2aWQub2RvbUBwbGV4b3Nncm91cC5jb20= HTTP/1.1 

                                        
                                            
Host: alawaelafrica.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             65.108.234.151

                                            
                                                HTTP/1.1 302 Found 

                                            
                                                
Content-Type: text/html; charset=UTF-8

                                            

                                            
                                                
Date: Fri, 26 May 2023 15:02:10 GMT 

                                            
                                                
Server: Apache 

                                            
                                                
Location: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com 

                                            
                                                
Keep-Alive: timeout=5, max=100 

                                            
                                                
Connection: Keep-Alive 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with no line terminators

                                                Size:   114

                                                Md5:    c3eb94116514eefc8877b16b0c4eb289

                                                Sha1:   5d4446fca287b5a3041b84895203fdde2974cf4c

                                                Sha256: 51eb73c04cfdcea5d1018723c68382336366b9ebf32088af14c79849965f6fff

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Phishing - Microsoft Outlook

                                        
                                            GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd6e5c9bf43b51d HTTP/1.1 

                                        
                                            
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
TE: trailers

                                        
                                             172.67.176.78

                                            
                                                HTTP/3 200 OK 

                                            
                                                
content-type: image/gif

                                            

                                            
                                                
date: Fri, 26 May 2023 15:02:10 GMT 

                                            
                                                
content-length: 42 

                                            
                                                
last-modified: Thu, 25 May 2023 08:39:03 GMT 

                                            
                                                
etag: "646f1ea7-2a" 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd6e5cb6b0eb503-OSL 

                                            
                                                
x-frame-options: DENY 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
expires: Fri, 26 May 2023 17:02:10 GMT 

                                            
                                                
cache-control: max-age=7200, public 

                                            
                                                
accept-ranges: bytes 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  GIF image data, version 89a, 1 x 1\012- data

                                                Size:   42

                                                Md5:    d89746888da2d9510b64a9f031eaecd5

                                                Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a

                                                Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Phishing

                                        
                                            POST /Mdavid.odom@plexosgroup.com HTTP/1.1 

                                        
                                            
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com?__cf_chl_tk=NQ0WcwgoWYX8.tjaPW3T3p6lPG9GIyP3vIOu5oIBgs4-1685113330-0-gaNycGzNDXs 

                                        
                                            
Content-Type: application/x-www-form-urlencoded 

                                        
                                            
Content-Length: 3617 

                                        
                                            
Origin: https://0gpilhhtlb646b2a32a499c.ocupac.ru 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             172.67.176.78

                                            
                                                HTTP/3 302 Found 

                                            
                                                
content-type: text/html; charset=UTF-8

                                            

                                            
                                                
date: Fri, 26 May 2023 15:02:14 GMT 

                                            
                                                
location: ./beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b 

                                            
                                                
set-cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; path=/; expires=Sat, 25-May-24 15:02:12 GMT; domain=.ocupac.ru; HttpOnly; Secure; SameSite=None
PHPSESSID=c3c965f114ed74e66807422c44400fa0; path=/; secure 

                                            
                                                
expires: Thu, 19 Nov 1981 08:52:00 GMT 

                                            
                                                
cache-control: no-cache, no-store, must-revalidate, max-age=0 

                                            
                                                
pragma: no-cache 

                                            
                                                
x-turbo-charged-by: LiteSpeed 

                                            
                                                
cf-cache-status: DYNAMIC 

                                            
                                                
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bm5uT2BQn5IC8G6Ws5r1koFeoHrvjRSTi8r1AFVJ1Fzv7ukndli%2Fu6eipf17jaG08SDl6g2ghw2iy7%2FdAAWbbcKcvVn6jmcoZdxHV24ZcOwk2WLvgI8mlhHsxReJEW%2FeynShfT48W6pVsLvnQQcvJyvRn4g%3D"}],"group":"cf-nel","max_age":604800} 

                                            
                                                
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd6e5d9998bb503-OSL 

                                            
                                                
alt-svc: h3=":443"; ma=86400 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   7351

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Phishing

                                        
                                            GET /jq/674b856cc89f9200a4f4820aa41b60f86470c9f4a0df0 HTTP/1.1 

                                        
                                            
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b 

                                        
                                            
Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             172.67.176.78

                                            
                                                HTTP/3 200 OK 

                                            
                                                
content-type: application/javascript

                                            

                                            
                                                
date: Fri, 26 May 2023 15:02:14 GMT 

                                            
                                                
cache-control: public, max-age=604800 

                                            
                                                
expires: Fri, 02 Jun 2023 15:02:12 GMT 

                                            
                                                
last-modified: Mon, 22 May 2023 17:44:14 GMT 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
x-turbo-charged-by: LiteSpeed 

                                            
                                                
cf-cache-status: DYNAMIC 

                                            
                                                
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSuZ6C0WAHJ90815UeW0QxCJu4X%2FnBjFIbLN0QpI7BkpfXpfcbOpQdutGgScIMZEdSMWi1yTtJQ%2BBNe5YruL1lE%2Fv0WKm2au2gVpcAvhgkXZnMmmAXufBZZ4plCPKV87m7VtP9NjP5jz9dv40htLOQXVqls%3D"}],"group":"cf-nel","max_age":604800} 

                                            
                                                
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd6e5e3aac1b503-OSL 

                                            
                                                
content-encoding: br 

                                            
                                                
alt-svc: h3=":443"; ma=86400 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (32065)

                                                Size:   85578

                                                Md5:    2f6b11a7e914718e0290410e85366fe9

                                                Sha1:   69bb69e25ca7d5ef0935317584e6153f3fd9a88c

                                                Sha256: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Phishing

                                        
                                            GET /boot/674b856cc89f9200a4f4820aa41b60f86470c9f4a0df4 HTTP/1.1 

                                        
                                            
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b 

                                        
                                            
Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             172.67.176.78

                                            
                                                HTTP/3 200 OK 

                                            
                                                
content-type: application/javascript

                                            

                                            
                                                
date: Fri, 26 May 2023 15:02:14 GMT 

                                            
                                                
cache-control: public, max-age=604800 

                                            
                                                
expires: Fri, 02 Jun 2023 15:02:12 GMT 

                                            
                                                
last-modified: Mon, 22 May 2023 17:44:14 GMT 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
x-turbo-charged-by: LiteSpeed 

                                            
                                                
cf-cache-status: DYNAMIC 

                                            
                                                
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=venzLMuSYwSDP%2F3l6Fc8fjX07WhKAqgrK7HN7hGK42kFN3%2FDnQY1ry%2B7Kl7Q2XEd3LM4tsckLSUGWA0skHuuXrwU7xad3zIjmYIzqooP6qM8tKBcaeLUsMvFiSAe0np9wwvcADSDVCwmF8cMgQzckGm03dk%3D"}],"group":"cf-nel","max_age":604800} 

                                            
                                                
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd6e5e3aac9b503-OSL 

                                            
                                                
content-encoding: br 

                                            
                                                
alt-svc: h3=":443"; ma=86400 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (50758)

                                                Size:   51039

                                                Md5:    67176c242e1bdc20603c878dee836df3

                                                Sha1:   27a71b00383d61ef3c489326b3564d698fc1227c

                                                Sha256: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Phishing

                                        
                                            GET /Mdavid.odom@plexosgroup.com HTTP/1.1 

                                        
                                            
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             172.67.176.78

                                            
                                                HTTP/2 403 Forbidden 

                                            
                                                
content-type: text/html; charset=UTF-8

                                            

                                            
                                                
date: Fri, 26 May 2023 15:02:10 GMT 

                                            
                                                
cross-origin-embedder-policy: require-corp 

                                            
                                                
cross-origin-opener-policy: same-origin 

                                            
                                                
cross-origin-resource-policy: same-origin 

                                            
                                                
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() 

                                            
                                                
referrer-policy: same-origin 

                                            
                                                
x-frame-options: SAMEORIGIN 

                                            
                                                
cf-mitigated: challenge 

                                            
                                                
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 

                                            
                                                
expires: Thu, 01 Jan 1970 00:00:01 GMT 

                                            
                                                
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OCVIAfp9GOdWcZ%2BmS5poWUZz7VPOqh9qiNzqdmy6HDxrWGdCz90YpZS8oTcczV6GvPT00ZHLPscJ%2F0O%2Fzctge%2FEVM2umcXp49bR6whMZZc4vW0AUc9k85DthpUjuiIooN2YQyrsfBKK3x5KOeQhJHJmZ8h8%3D"}],"group":"cf-nel","max_age":604800} 

                                            
                                                
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd6e5c9bf43b51d-OSL 

                                            
                                                
content-encoding: br 

                                            
                                                
alt-svc: h3=":443"; ma=86400 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8316), with no line terminators

                                                Size:   8148

                                                Md5:    fd82b6cc95285c9d473f277acfbc3426

                                                Sha1:   4b9abf82b724567a112a1178bf48fc56bf9a664b

                                                Sha256: 1054f64a24d3aba27877217702c1814604d5048200d5d7af72b23f38521de4fa

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Phishing

                                        
                                            GET /jm/674b856cc89f9200a4f4820aa41b60f86470c9f4a0dfc HTTP/1.1 

                                        
                                            
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b 

                                        
                                            
Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 

                                        
                                            
Sec-Fetch-Dest: script 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             172.67.176.78

                                            
                                                HTTP/3 200 OK 

                                            
                                                
content-type: application/javascript

                                            

                                            
                                                
date: Fri, 26 May 2023 15:02:14 GMT 

                                            
                                                
cache-control: public, max-age=604800 

                                            
                                                
expires: Fri, 02 Jun 2023 15:02:12 GMT 

                                            
                                                
last-modified: Mon, 22 May 2023 17:44:14 GMT 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
x-turbo-charged-by: LiteSpeed 

                                            
                                                
cf-cache-status: DYNAMIC 

                                            
                                                
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcYn1JXLyxVycYhZiJtH1waRdo527spLWpemBIMWBKroOGMkOTIBAs8EvqPkP2LFXlbOnHi5xvOnxCGY527vttYnq7x%2BiE8klR%2B2KQ54Inzb%2F1nDYHfWDzOIUCa1MleYc7iRXisJMjFmXyZE0Tn3dOSVdOA%3D"}],"group":"cf-nel","max_age":604800} 

                                            
                                                
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd6e5e3aacbb503-OSL 

                                            
                                                
content-encoding: br 

                                            
                                                
alt-svc: h3=":443"; ma=86400 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text, with very long lines (7344), with no line terminators

                                                Size:   7309

                                                Md5:    f335e180c66cfa35ea3152a33884ec67

                                                Sha1:   0b99d4d6d595e23b8c864f9c39d16813f886e850

                                                Sha256: 7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Phishing

                                        
                                            GET /beebb091955c06fa68b3eb8afc0bae516470c9f493c79PASbeebb091955c06fa68b3eb8afc0bae516470c9f493c7b HTTP/1.1 

                                        
                                            
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.odom@plexosgroup.com?__cf_chl_tk=NQ0WcwgoWYX8.tjaPW3T3p6lPG9GIyP3vIOu5oIBgs4-1685113330-0-gaNycGzNDXs 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cookie: cf_clearance=4HZzPVSkySoj8wXewoMJ8NpxDjFa4EDRR2wDEf2C2OQ-1685113330-0-160; PHPSESSID=c3c965f114ed74e66807422c44400fa0 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: same-origin 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             172.67.176.78

                                            
                                                HTTP/3 200 OK 

                                            
                                                
content-type: text/html; charset=UTF-8

                                            

                                            
                                                
date: Fri, 26 May 2023 15:02:14 GMT 

                                            
                                                
expires: Thu, 19 Nov 1981 08:52:00 GMT 

                                            
                                                
cache-control: no-store, no-cache, must-revalidate 

                                            
                                                
pragma: no-cache 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
x-turbo-charged-by: LiteSpeed 

                                            
                                                
cf-cache-status: DYNAMIC 

                                            
                                                
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hn9mgNt3mU658zWwe2sYnifnj43FvA%2FqGdeOo82hBWzeW3%2F7nmfFfXqU9ZlEKJb27HtDr6a2GXHw%2F7AksOU81dr3YKo4yEyJhZ39CE3fjIxNyCR6cQpJM4KpNCapK2bgBneM7D%2ByWZq8UVuRvU%2BZgfAuNbk%3D"}],"group":"cf-nel","max_age":604800} 

                                            
                                                
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd6e5e2c99db503-OSL 

                                            
                                                
content-encoding: br 

                                            
                                                
alt-svc: h3=":443"; ma=86400 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators

                                                Size:   7351

                                                Md5:    07b1320d0e70105cf3b87fcf229d064b

                                                Sha1:   a84910f813e919ea3e57995a8ca9bd9b5ec6fcde

                                                Sha256: 884d852f4131a1537317ff9f381a108c59db52dd99ef61c6f9df2e7b1ef8409b

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Phishing

URL	url3824.artplacer.com/ls/click?upn=vRCEVzYRDK3YQ6SvtXzA-2B8-2BY0chxezhgyT6lyRl3neoTYJWnYAFIajnRDumsSVD4p8XU8yDGeLkB4wlMAb19zeZRQI4Sdz95pExW4gKZti2YuXkuNFE7-2BII89mqdmdN1y5wvjm6HkYAyhb4uaHouGtzMKaaifeCOSuSnHB6oF2j7wuO1WVV9vct0CiUGQAT0qDLuAEL70Z8sJ6i3bxLgb4pBa-2BxmspUbixbcPd1y9z7L0UKUscsnDQS0vAhwgtywJ4P-2BpqMSP-2BoUI7iJEkDNKQ-3D-3Dn2tz_YxCxpoge33FNHhRVcK23d-2BmKDV7V51hLzfsQ0ortZ51TyL0IBSDmcRigptfh0ZhwdU0bUwjCaWpsQRjGNs03eZx-2BloONBPhQNRxN8WzxxvOlPBHCBOk7LHen-2FhoOF7v-2Fz-2Ft4pbMCNdDn-2By9qQr0GEAjqSW6Wc7SkcPkRzaMklQ1-2BFV46fDJ6J7Djl4-2BBymAnwTJV-2BGLJwiRP2mPnMoWi97lsjPn1o2iWR3wyygJ8zL8-3D
IP	167.89.115.56 (United States)
ASN	#11377 SENDGRID
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 15:02:24 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	7
urlquery alerts	2 Phishing - Microsoft Outlook
Tags	phishing microsoft outlook

Overview

Domain Summary (6)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 167.89.115.56

Last 5 reports on ASN: SENDGRID

Last 5 reports on domain: artplacer.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (2)

#1 JavaScript::Eval (size: 4) - SHA256: 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408

#2 JavaScript::Eval (size: 1083) - SHA256: ee4058c675edbe81372cdb96ebe321514839a55fb89e878b7b4605488328e064

Executed Writes (0)

HTTP Transactions (13)

Overview

Domain Summary (6)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 167.89.115.56

Last 5 reports on ASN: SENDGRID

Last 5 reports on domain: artplacer.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (2)

#1 JavaScript::Eval (size: 4) - SHA256: 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408

#2 JavaScript::Eval (size: 1083) - SHA256: ee4058c675edbe81372cdb96ebe321514839a55fb89e878b7b4605488328e064

Executed Writes (0)

HTTP Transactions (13)

Network Intrusion Detection Systems