moob.financial/email/verification/aqdurm/bHNwZW5jZXJAc2FpZ3JwLmNvbQ==
66.29.130.45200 OK 0 B URL User Request GET HTTP/1.1 moob.financial/email/verification/aqdurm/bHNwZW5jZXJAc2FpZ3JwLmNvbQ==
IP 66.29.130.45:443
Certificate IssuerLet's Encrypt
Subjectmoob.financial
FingerprintF7:E2:28:CD:D6:A1:2B:DA:8A:3C:07:A5:92:B2:E3:EA:EB:0A:FF:1E
ValiditySun, 26 Mar 2023 06:40:10 GMT - Sat, 24 Jun 2023 06:40:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
fortinet Phishing
GET /email/verification/aqdurm/bHNwZW5jZXJAc2FpZ3JwLmNvbQ== HTTP/1.1
Host: moob.financial
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 11 May 2023 00:59:15 GMT
Server: Apache
refresh: 0;url=https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
jglnawygym6446e5fab58c5.dofiles.ru/cdn-cgi/styles/challenges.css
104.21.81.197200 OK 2.7 kB URL GET HTTP/3 jglnawygym6446e5fab58c5.dofiles.ru/cdn-cgi/styles/challenges.css
IP 104.21.81.197:443
Requested by https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
Certificate IssuerLet's Encrypt
Subjectdofiles.ru
FingerprintE2:F0:FD:C8:CB:ED:3C:D5:8B:BE:37:46:97:2A:D6:4E:E3:D5:62:04
ValidityMon, 24 Apr 2023 08:28:21 GMT - Sun, 23 Jul 2023 08:28:20 GMT
File type gzip compressed data, from Unix\012- data
Hash 9816e313faf220ea079ca8d18a8adcbd
e6e12142b69fa0de2595aaf68d6fa46dca8c98b4
a24a05de7d3fe5e71f73eb37ce9f566d60b6398226e7dbc13b917bbc25fa0ba9
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: jglnawygym6446e5fab58c5.dofiles.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 11 May 2023 00:59:16 GMT
content-type: text/css
last-modified: Fri, 28 Apr 2023 14:11:18 GMT
etag: W/"644bd406-19c8"
server: cloudflare
cf-ray: 7c567a732ed5fabc-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 11 May 2023 02:59:16 GMT
cache-control: max-age=7200, public
content-encoding: gzip
jglnawygym6446e5fab58c5.dofiles.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c567a71fb6eb517
104.21.81.197200 OK 4.8 kB URL GET HTTP/3 jglnawygym6446e5fab58c5.dofiles.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c567a71fb6eb517
IP 104.21.81.197:443
Requested by https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
Certificate IssuerLet's Encrypt
Subjectdofiles.ru
FingerprintE2:F0:FD:C8:CB:ED:3C:D5:8B:BE:37:46:97:2A:D6:4E:E3:D5:62:04
ValidityMon, 24 Apr 2023 08:28:21 GMT - Sun, 23 Jul 2023 08:28:20 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5034), with no line terminators
Hash a8ba79ab29a8eb1c10b60c2341330887
afed6ecb4c36368a4bd44094eef06144d7d49754
3fbb6170de290d6fb999fa557ed98480e460bb823bbe3121cc1ce3e6baeaba93
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c567a71fb6eb517 HTTP/1.1
Host: jglnawygym6446e5fab58c5.dofiles.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com?__cf_chl_rt_tk=h5KXD3bL3I7UOMMU5U_LZTozvnvaGR67KRdaCSlII1g-1683766756-0-gaNycGzNDXs
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 11 May 2023 00:59:16 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9lJ9KHJS4hc%2B2bwF1Hu6Nqi5QBkOWsKi87vhSez4V8Pb1kKDAWe0pAw%2FCTFALJI%2Bdeoipx3liVdzIZj4yEibEMky2v0Yz3uNZRJzJu%2Bza%2BhVqHjgQZTCjyBVZkJDJc6rg3SNxm9pYh2t9m9DL9iHdpgYo5XC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c567a739ee3fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
jglnawygym6446e5fab58c5.dofiles.ru/favicon.ico
104.21.81.197403 Forbidden 7.0 kB URL GET HTTP/3 jglnawygym6446e5fab58c5.dofiles.ru/favicon.ico
IP 104.21.81.197:443
Requested by https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
Certificate IssuerLet's Encrypt
Subjectdofiles.ru
FingerprintE2:F0:FD:C8:CB:ED:3C:D5:8B:BE:37:46:97:2A:D6:4E:E3:D5:62:04
ValidityMon, 24 Apr 2023 08:28:21 GMT - Sun, 23 Jul 2023 08:28:20 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7200), with no line terminators
Hash 36e44aff902947b56e56d2f5df60b4f3
3123627412170c2629f92bf6b2d423844be7929e
8b2cff6da47eb06e156535c6a70ccf310519bfc0383dfb65609ca1109d3fc549
GET /favicon.ico HTTP/1.1
Host: jglnawygym6446e5fab58c5.dofiles.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Thu, 11 May 2023 00:59:16 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7shdIGlZuldqW8AQ6dO5Vb1gzkKxyjBvwmzLNubI9TcCnEa77HN77lhceQvvboWhweIgIec%2BPBynSkxCZxn5lZwDX6wwSixGBvui3PJesDPJVenUNq1K8YihSLny7VV2%2BH4kBBIb3vvpiLffNUQ9ZO5lFRe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c567a73def1fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
104.21.81.197403 Forbidden 8.1 kB URL User Request GET HTTP/2 jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
IP 104.21.81.197:443
Certificate IssuerLet's Encrypt
Subjectdofiles.ru
FingerprintE2:F0:FD:C8:CB:ED:3C:D5:8B:BE:37:46:97:2A:D6:4E:E3:D5:62:04
ValidityMon, 24 Apr 2023 08:28:21 GMT - Sun, 23 Jul 2023 08:28:20 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8263), with no line terminators
Hash e0c1c5b206f9d9b467739ea1bd666a19
d0627d2b138d8dde9cdb20ce8c6d29dd231b4ed2
a1ab6615b9c41887a229d24258f0734fde4762c7e4352ecdb532ce6a3acd160c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
fortinet Phishing
GET /Mlspencer@saigrp.com HTTP/1.1
Host: jglnawygym6446e5fab58c5.dofiles.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 11 May 2023 00:59:16 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwsUpiKt0o6gyAfLAzV%2FaRvY5eXm1hj%2FktXB3pgEO054d0ohz2ZiuqW%2F%2FduZpWC8tjziLyKrEwQoVOahn1SW%2FPUhP9hRxetWXoUg3VyUm88DAdU0gLWsMmRm8AgZynFiN1eh1fbrAyayxC62VCOeCzgn5oXl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c567a71fb6eb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jglnawygym6446e5fab58c5.dofiles.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c567a71fb6eb517
104.21.81.197200 OK 42 B URL GET HTTP/3 jglnawygym6446e5fab58c5.dofiles.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c567a71fb6eb517
IP 104.21.81.197:443
Requested by https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
Certificate IssuerLet's Encrypt
Subjectdofiles.ru
FingerprintE2:F0:FD:C8:CB:ED:3C:D5:8B:BE:37:46:97:2A:D6:4E:E3:D5:62:04
ValidityMon, 24 Apr 2023 08:28:21 GMT - Sun, 23 Jul 2023 08:28:20 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c567a71fb6eb517 HTTP/1.1
Host: jglnawygym6446e5fab58c5.dofiles.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jglnawygym6446e5fab58c5.dofiles.ru/Mlspencer@saigrp.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 11 May 2023 00:59:16 GMT
content-type: image/gif
content-length: 42
last-modified: Fri, 28 Apr 2023 14:11:18 GMT
etag: "644bd406-2a"
server: cloudflare
cf-ray: 7c567a737edffabc-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 11 May 2023 02:59:16 GMT
cache-control: max-age=7200, public
accept-ranges: bytes