r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18268
Expires: Fri, 16 Sep 2022 03:12:57 GMT
Date: Thu, 15 Sep 2022 22:08:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 21:10:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4DezmKYARn1zATyc8ZuaCdTplKIudf6N7Yaj4i5QZns2kqUcS0hsgw==
Age: 3475
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pq659OSAWL8hiEdcyo0hElIGL9QmA4WO9uFuHauXpJbJKslmhsKSwQ==
age: 63194
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 22:08:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7a7cd054ab151fc9b8216af5c0373a19
66656616d7aacb4ca7bc849ec3cb2a28d7a0e1d6
5e7f7aacc32df0827a8f086837f0a3c50e991efd6edc8f6fd4fe80a0e5b32468
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E7F7AACC32DF0827A8F086837F0A3C50E991EFD6EDC8F6FD4FE80A0E5B32468"
Last-Modified: Wed, 14 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 16 Sep 2022 04:08:30 GMT
Date: Thu, 15 Sep 2022 22:08:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 15 Sep 2022 22:03:22 GMT
Expires: Thu, 15 Sep 2022 22:07:15 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0qXoDssw9sQ4HqOESWHahFSCkffXR2jB0Qv0EcIst_cc1nsdltMLNw==
Age: 308
jefigscredit.co.ke/dost
301 Moved Permanently 240 B IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ac3ca6f06f60859e55805c46d698e12a
ed0f491764d45833faf24d3737543c815a0f9fc4
c11659c267178bf586427f5ab67d0c3c4e6e0be04aaab373120669958e91acc3
Analyzer Verdict Alert openphish Comcast Corporation
fortinet Phishing
GET /dost HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
location: https://jefigscredit.co.ke/dost/
content-length: 240
content-type: text/html; charset=iso-8859-1
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4600
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:30 GMT
Last-Modified: Thu, 15 Sep 2022 20:51:50 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
jefigscredit.co.ke/dost/
200 OK 12 kB IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6168)
Hash c3efe83741a31102819cb5bfbc70a164
f175bc04b9c902e4ad394955aeaec1a6947672d3
393e784229e9e51ee9a0deabe8213c6407e1cbc146cc35b2c46ee36458c38786
Analyzer Verdict Alert openphish Comcast Corporation
fortinet Phishing
GET /dost/ HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12476
content-type: text/html
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3jOQxAtSLYKHJVJDGyVxQA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: j1jKeCSwCAdzdpbxQIb3uHamoGc=
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
200 OK 8.4 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (815), with CRLF line terminators
Hash 79940589e33f37f68f9a80ce5e13c037
d7572fb9ef61134c9cb335a6db3740468b93b36f
6fff922e860e02fb4bc322b3807ab5e37dd8079072929c2b233c3ae9cdd21d8f
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8409
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/rta.js
200 OK 159 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/rta.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash a66a008566af0e3807b90760012863c2
e09466fb3c0b0d2b94f6233b54321d179903eb17
3ee657e09030047c5792c02cf0f206708cfd3f33aa98b0ccf28cd9c4b098f610
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/rta.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/event
200 OK 191 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/event
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with no line terminators
Hash 2d5d169b7afabb783f8994c576f005cb
d3c1f326303b3cd98f892a5ab28cea82222d058b
384d036f62eab523e123b0e2c033bdee06077fdf041c564ce56f956e6219fb24
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/event HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 191
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/segments.js
200 OK 39 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/segments.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/segments.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 39
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/data.json
200 OK 295 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/data.json
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash c4e699111d8c5ee41a03610b94ff02d5
7b4ec667ab9d73b69d752931fa675eca988ac1be
f1aa6a629871c08a077cba94a653cb0c2ace627617e442adccbf6712972bf0df
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/data.json HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 295
content-type: application/json
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/1203273213x32.js
200 OK 772 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/1203273213x32.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (403)
Hash 7c2c39d578f8a54322d2f1084bf458db
b9da3c835240b6217ced4d7f8d792de9faafea74
8210268d9c4641543fffbd2394c23a7585408a90e94fcc58f84e6ae4b568936d
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/1203273213x32.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 772
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/11648.js
200 OK 8.5 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/11648.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- C source, ASCII text, with very long lines (25399)
Hash c540292a1c3d83602949e4f4af9272cd
2695d7e1ae9dd40ab88d9e7a45cc8a8930623e74
867f02cd87490f12f458ec91eb03ba6f23f94c585c26746a2b60937b3fa3bbd3
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/11648.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8455
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/150582-10.js
200 OK 477 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/150582-10.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (728)
Hash daef3004cc94546e9cd07c793db655a6
286c98c28b3e7a628f8a5eb28134c13f58e1f779
a5bb938bc07b3bf08ae755ba4494f285c7684fef6c0dc9349e7d52f2366ad88e
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/150582-10.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 477
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/150582-15.js
200 OK 1.4 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/150582-15.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (2808)
Hash 1247a38a9cdacf0e00ed543c62127fe5
940c71c36b5a0f6bee39a4f89555b43f7dd668cd
da8f696dae05fbc2ecf74b9dcb6aadb94d1bcd7192ffe2d4528c825d43a52193
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/150582-15.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1382
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/u.gif
200 OK 42 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/u.gif
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /dost/Sign%20in%20to%20XFINITY_files/u.gif HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 42
content-type: image/gif
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/seal.png
200 OK 3.1 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/seal.png
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 142 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash be19bc645a5d70db58e4317fb1f7f791
8c38f471f3e6d17af148acaab219db7e3e4a8d23
6ab85bc152133401e0ad5ca069990f4a76413499820d4ba95a0dadb063bcc8b8
GET /dost/Sign%20in%20to%20XFINITY_files/seal.png HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 3091
content-type: image/png
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/event.gif
200 OK 42 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/event.gif
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /dost/Sign%20in%20to%20XFINITY_files/event.gif HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 42
content-type: image/gif
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
200 OK 36 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash a98fbe346dd7c66a4ca5f1f77aa75e44
ee1c12063d821ba884efe2afedd6cab81c825363
de3e0d54441cd6afe0d7d2afcb95eadf8fec5cb23ecd47a796c3818fe7fb8f4d
GET /dost/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 35514
content-type: image/jpeg
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
200 OK 1.7 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (3906), with no line terminators
Hash 0b5a2ee34ecb1141a47f9d569ff54893
a7685dbc86190a3d8161bab891ad4489a493e21f
4294186559939218bf8494573b4dce94cc722bb52f54756832bef1423d873a37
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/scripts-responsive.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1698
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/asc.txt
200 OK 17 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/asc.txt
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with no line terminators
Hash 92ecce91e58ca501e89410701805ffd2
fbc2f9374e8f5aebbc0a9ebeaeb836dfe2ee8803
af2d3351d5bb6b63e81eb19140f27324fd7b0ba94dc7c39b6154461243e4986e
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/asc.txt HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
content-length: 17
content-type: text/plain
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/1647526060x32.js
200 OK 556 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/1647526060x32.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (433)
Hash fe32fbe869ac4a88f764abd1bc438cf1
b1b4f1a0581746de7a45e1f0663220da83d02af1
ce02fcf5ec2a7c9caa9aeed72f1fbdd4581a4745da89c9dfba7e84137dcd96a6
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/1647526060x32.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 556
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
z.moatads.com/comcastapn56341864860/moatad.js
200 OK 0 B URL HTTP/2 z.moatads.com/comcastapn56341864860/moatad.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comcastapn56341864860/moatad.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DgrV/yUP0cYZJ24pT7Z5LVkFATYFOX23OVuFadPO2EW++SB5KZZT2R0SCmVojLGlVbLec6pGXtw=
x-amz-request-id: CA2DQ7A5WM2MGH3Y
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
content-type: application/x-javascript
server: AmazonS3
content-length: 0
cache-control: max-age=43236
date: Thu, 15 Sep 2022 22:08:31 GMT
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash 2a708e8ad87852a3275397766b4f910a
10921226dd11703ba1d059163d3bf753012c4681
b3a8e126acdfb501f920f2ff52f2f81f5c630afc49fbc059df250b959fe92d10
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5789
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:31 GMT
Last-Modified: Thu, 15 Sep 2022 20:32:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
us-ads.openx.net/w/1.0/jstag
200 OK 18 kB URL HTTP/2 us-ads.openx.net/w/1.0/jstag
IP
File type ASCII text, with very long lines (12594)
Hash ca11e2539b6fd3da4fab46d4a99e4c74
63b5ef84474b558f7c80ae03ab7fb367e6698da3
b3ad7ad9e334120c07265c96cd5d07f95758f743d9e1c2c41584f74d4e4c6ca2
GET /w/1.0/jstag HTTP/1.1
Host: us-ads.openx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Thu, 15 Sep 2022 23:08:31 GMT
date: Thu, 15 Sep 2022 22:08:31 GMT
content-type: text/javascript
content-length: 18070
content-encoding: gzip
cache-control: max-age=3600
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash 2a708e8ad87852a3275397766b4f910a
10921226dd11703ba1d059163d3bf753012c4681
b3a8e126acdfb501f920f2ff52f2f81f5c630afc49fbc059df250b959fe92d10
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5789
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:31 GMT
Last-Modified: Thu, 15 Sep 2022 20:32:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
200 OK 20 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 4956ec4a08b4c84bda4f013dace4b4c0
ef5298d7d2cf4496772b887976b34151bb3b8d23
5e7e8d65f2adec9cd99b63999289bb55ec664f98d6422a447b8c4bf0e588871a
GET /dost/Sign%20in%20to%20XFINITY_files/styles-light.css HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 6ce4f13fdb952851182aa37a39f126d5
b2de27c47232c1e369b3a2f27e271ec6ddf08bee
97f1c64587bda43d49602f58e37b521045c3eade20704c47941c85b15c91bdb7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2344
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:31 GMT
Last-Modified: Thu, 15 Sep 2022 21:29:27 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Thu, 15 Sep 2022 22:08:31 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6323a25f-5fd92e91177c26c268775ac7
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://jefigscredit.co.ke/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:31 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:31 GMT
server: Apache
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP
Hash 7bdda9f1de292e7e006306b2d85c9cb1
36a60514a49f5f2d58deb949fdf037ed29a067cc
83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jefigscredit.co.ke/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Thu, 15 Sep 2022 22:08:31 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L83LSN6S-15-FLBR; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqs64EB7iMkku9DtVM30fCgGQ5ja3r4skR3JMS3VWWUlEj8PCRHnL3PaUepIK0uiaTgcRgjl6Eite7CbxHIGkIV3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Thu, 15 Sep 2022 22:08:31 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6323a25f-49ba8f1d3597ae7312913125
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://jefigscredit.co.ke/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
404 Not Found 355 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 355
content-type: text/html
date: Thu, 15 Sep 2022 22:08:31 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf
404 Not Found 355 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 355
content-type: text/html
date: Thu, 15 Sep 2022 22:08:31 GMT
server: Apache
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP
Hash 7bdda9f1de292e7e006306b2d85c9cb1
36a60514a49f5f2d58deb949fdf037ed29a067cc
83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.6368403373330666&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jefigscredit.co.ke/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Thu, 15 Sep 2022 22:08:31 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L83LSN8M-13-BG5C; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqB8lHm3Fx6VO9DtVM30fCgGQ5ja3r4skR3JMS3VWWUlEj8PCRHnL3PaUepIK0uiaTgcRgjl6Eite7CbxHIGkIV3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ads.rubiconproject.com/ad/11648.js
200 OK 8.9 kB URL HTTP/2 ads.rubiconproject.com/ad/11648.js
IP
File type C source, ASCII text, with very long lines (26545)
Hash 5aecf12e8c3cb1d14458bc71c6b8cf0c
b0cedce6e8165041981ba59a9b7277053a37ba89
69dd3510681bc16e17f107ac8f2fa504aa7ce59d75ebf3248b6f85f02a6409aa
GET /ad/11648.js HTTP/1.1
Host: ads.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
x-powered-by: PHP/5.3.3
content-encoding: gzip
content-length: 8946
content-type: text/javascript
cache-control: max-age=6767
expires: Fri, 16 Sep 2022 00:01:18 GMT
date: Thu, 15 Sep 2022 22:08:31 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
smarttag.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.38795653223993365&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1
200 OK 147 B URL HTTP/1.1 smarttag.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.38795653223993365&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1
IP
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?&cb=0.38795653223993365&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1 HTTP/1.1
Host: smarttag.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Thu, 15 Sep 2022 22:08:31 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L83LSND1-B-29GQ; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qpKGqZx9UXhDu9DtVM30fCgGQ5ja3r4skR3JMS3VWWUlEj8PCRHnL3PaUepIK0uiaTgcRgjl6Eite7CbxHIGkIV3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Thu, 15 Sep 2022 22:08:31 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6323a25f-3027aa4c6f7ece684dfb016a
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://jefigscredit.co.ke/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jefigscredit.co.ke/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Thu, 15 Sep 2022 22:08:31 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L83LSNF1-1Y-1J6J; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoGn1wwCAJVte9DtVM30fCgGQ5ja3r4skR3JMS3VWWUlEj8PCRHnL3PaUepIK0uiaTgcRgjl6Eite7CbxHIGkIV3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Thu, 15 Sep 2022 22:08:31 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6323a25f-3a4560163a548efd236223cb
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://jefigscredit.co.ke/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7742321920474183&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jefigscredit.co.ke/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Thu, 15 Sep 2022 22:08:31 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L83LSNGW-E-7X3V; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|SDziDG3X/Eh49/3HLIDUge9DtVM30fCgGQ5ja3r4skR3JMS3VWWUlEj8PCRHnL3PaUepIK0uiaTgcRgjl6Eite7CbxHIGkIV3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Fri, 15-Sep-2023 22:08:31 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5680
Expires: Thu, 15 Sep 2022 23:43:11 GMT
Date: Thu, 15 Sep 2022 22:08:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5679
Expires: Thu, 15 Sep 2022 23:43:11 GMT
Date: Thu, 15 Sep 2022 22:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5679
Expires: Thu, 15 Sep 2022 23:43:11 GMT
Date: Thu, 15 Sep 2022 22:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5679
Expires: Thu, 15 Sep 2022 23:43:11 GMT
Date: Thu, 15 Sep 2022 22:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5679
Expires: Thu, 15 Sep 2022 23:43:11 GMT
Date: Thu, 15 Sep 2022 22:08:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d242ded8ac40a1eb617303256d5f34eb
afbe7dae2d65763a004b5bddc697131762da7bf2
b4b08292f36acfca7df3710c29c184c5ff18592e6383eddc5582d302184fce59
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 19e81e48-6501-4938-906c-60aa7acdb33a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUj5EE5oAMFvwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae5-3031e84f158e1ad94da4875b;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7sWzfcxt9YWCOnMbanWOiZhhv5DXzHDq8vBqd1AhMfxewBBS0ZtidA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:48 GMT
age: 1364
etag: "afbe7dae2d65763a004b5bddc697131762da7bf2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JAzbRqinDuqQuQoESEsL26c1Y1UTQ5tO1thL3ugE6LPQtNTWGaGTLg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 1200
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f876cdc19dca10c62d83d19303512c7f
9f812c7bc1b42b0cea3e42694e7d1f6738789770
c647aac44ba9eb501eb7def781ca0168b4eb71a716283cc6f4e6782939a396cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12123
x-amzn-requestid: b04ac3c4-b4d8-4094-8b7d-bd229bb7d577
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yb2GvFnEoAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63216a2a-4e5927ac3f1d0b215ce5a8dc;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 05:44:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1oFWsEaOq39GvXu3bHrB7jbl4DGKoTsUyNwHivGjRuCcjfG0KNH8iw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:11:55 GMT
age: 86197
etag: "9f812c7bc1b42b0cea3e42694e7d1f6738789770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09103090-a36c-4678-bb8f-b717f544ca1f.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09103090-a36c-4678-bb8f-b717f544ca1f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6572617127bde36c63aa1163e3352688
d97c94761ed3c1fc84ab46dcc77405e7b8c7c71c
91fdabb99b1317407413b424f50ad025c0578a57d89a0f4c8228d91a36b8e6c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09103090-a36c-4678-bb8f-b717f544ca1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6820
x-amzn-requestid: 3aab395b-9355-4a3a-b033-73420df43ee5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUksFUxoAMFr4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239aea-5be8dbdf57158b0e37ee719f;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I8QSOY13buUN6y89zoSzcjZmV8EygMJUdiPiVouUi4a5LHBJ3AM3wQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 1200
etag: "d97c94761ed3c1fc84ab46dcc77405e7b8c7c71c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28c7624e-e145-4bec-804e-f614677317dc.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28c7624e-e145-4bec-804e-f614677317dc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9fef3c1097b92969fcc294811a33f46
c16977ad5fb61e8c52aa37d533838c94ce596981
58396de6acba67a8fabb6daa1d7b7d4805533bead82817a7e508e5aed6ad8c0f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28c7624e-e145-4bec-804e-f614677317dc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11592
x-amzn-requestid: 1cf5f5b3-66f5-41eb-8102-b72d493a4ea2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU_-GX5IAMFa3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b99-65f2aeda73539e0d624528a1;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NeO8zgpcu0D6sQfil9ysw-dFdHexnXblkSKnVTkq4pZrvVFpa1qCxA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 1200
etag: "c16977ad5fb61e8c52aa37d533838c94ce596981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cc7f760-37bd-48b3-a202-6f1423e82c4d.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cc7f760-37bd-48b3-a202-6f1423e82c4d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6df210d4ad73c1cb4bf14a8b68aaaf6
50cb093cd31e53a67e0a27d9ce9439fbb8a03df8
832d746a04665e8fd808e02a3d4c4d2525fb55e8685f2c654836ebea37c4ca92
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cc7f760-37bd-48b3-a202-6f1423e82c4d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8551
x-amzn-requestid: fcb8406f-a0a4-463a-8d6c-86a465867db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUkiG2FIAMFQsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae9-4e2927b52b5ac3f907f52027;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: f7ER8lbphHucpnBSlWF1oGktAVq-lmLrZQUtLCSXrkEYdhYYaX6W3g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:53 GMT
age: 1359
etag: "50cb093cd31e53a67e0a27d9ce9439fbb8a03df8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash c2c8377c8fa7a0ea6cae1717bea39157
651663b16a956dff9eb39db58afbbb976cba027f
6683de9c805c3051f46612d5941419352d21df882661b15d7bf7303edea1887c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3434
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:32 GMT
Last-Modified: Thu, 15 Sep 2022 21:11:18 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
200 OK 39 B URL HTTP/2 pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
IP
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
GET /api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 22:08:32 GMT
content-type: application/x-javascript
content-length: 39
cache-control: private, no-transform, must-revalidate, max-age=86400
expires: Fri, 16 Sep 2022 22:08:32 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
set-cookie: mc=6323a260-159f8-f411d-a7c43; expires=Mon, 16-Oct-2023 22:08:32 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2 HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/images/fb-logo-29.png
404 Not Found 355 B URL HTTP/2 jefigscredit.co.ke/static/images/fb-logo-29.png
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
GET /static/images/fb-logo-29.png HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 355
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2 HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2 HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
200 OK 17 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6078), with CRLF line terminators
Hash 9922458cb6254769b56591dbc1dc09fe
9e5e45878fd2024b41bc47dcb59a096fb65bc65d
686657c40c7df232e408c1bb2ee85b6d7bdb256581ecd22686d23bd178befc9a
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Cookie: OX_sd=1; OX_plg=pm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16871
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/dest5.htm
200 OK 4.2 kB URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/dest5.htm
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (581), with CRLF line terminators
Hash bca5675fe990e0cf10ada92892b4469b
fe22bdb21a46264c5d41dd0a032f26cfcd9314bf
ac3af5d86b1b86bed0c272d4bee25d13f4993322fce9906018c299a764365d6b
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/dest5.htm HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Cookie: OX_sd=1; OX_plg=pm; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4199
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 7dff4bc87dbee6fd33e0d7a3dc5ed3bd
59878d4dd98e60b39dcf7ac288e77bb262afab5d
8c3a027cee1f48144eb0504deff1f2b9aa98c9fc3f4e3057ece6caac9f604315
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4308
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:32 GMT
Last-Modified: Thu, 15 Sep 2022 20:56:44 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
302 Found 0 B URL HTTP/2 staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: staticxx.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: pyGpSLy+quOlfx7Mg2cUwKwarbu6SMNxdC1FfbHphpJ8XkjOjQ9KLvHJzxgmwjNaqYy2XlINpFoc2fNn+EcBag==
content-length: 0
priority: u=3,i
x-fb-trip-id: 1904183273
date: Thu, 15 Sep 2022 22:08:32 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff
404 Not Found 583 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 59f6ae7c7f154ec74d418d4ed6fc5b0e
674860108a41ab23ba5f73635749332bd8a46b7e
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
content-length: 583
vary: Accept-Encoding
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 7dff4bc87dbee6fd33e0d7a3dc5ed3bd
59878d4dd98e60b39dcf7ac288e77bb262afab5d
8c3a027cee1f48144eb0504deff1f2b9aa98c9fc3f4e3057ece6caac9f604315
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4255
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:32 GMT
Last-Modified: Thu, 15 Sep 2022 20:57:37 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
www.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
404 Not Found 72 B URL HTTP/2 www.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP
File type HTML document, ASCII text, with no line terminators
Hash 2556c01148fc3cf811a190ae37345224
644567805749ab3ec4df4a00c82b0a4f8566f25d
f65e4cc023578b2bb3522d09231cd56eb84d209b18d501eeebf8a0b098f7635e
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jefigscredit.co.ke/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: nWjX8+PplOy/921P8G0y0XEE10kJvMMiTkHGuJM11qyqx00A5uQ8AcPfIbxN+6P6UteCQzkD3WuQUEBIeLSUcQ==
content-length: 72
date: Thu, 15 Sep 2022 22:08:32 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
404 Not Found 355 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 355
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
404 Not Found 355 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 355
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
404 Not Found 355 B URL HTTP/2 jefigscredit.co.ke/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
last-modified: Tue, 15 Mar 2022 22:06:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 355
content-type: text/html
date: Thu, 15 Sep 2022 22:08:32 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 530591dc0a55040e027700b17b146ced
0db0a3aa9be66e90de92a0ebf36d2b92e56af389
d9813e073f1e1817da6d9246c3abe9ae4376297794d83f25b688257fed90d67a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:32 GMT
Server: ECS (amb/6B8D)
Content-Length: 471
serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s74296946713609?AQB=1&ndh=1&t=15%2F8%2F2022%2022%3A8%3A16%204%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fjefigscredit.co.ke%2Fdost%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fdost%2F%2F%3Asign%20in&v1=%2Fdost%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fdost%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
302 Found 0 B URL HTTP/2 serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s74296946713609?AQB=1&ndh=1&t=15%2F8%2F2022%2022%3A8%3A16%204%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fjefigscredit.co.ke%2Fdost%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fdost%2F%2F%3Asign%20in&v1=%2Fdost%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fdost%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/ss/comcastnetdev/1/H.27.5/s74296946713609?AQB=1&ndh=1&t=15%2F8%2F2022%2022%3A8%3A16%204%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fjefigscredit.co.ke%2Fdost%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fdost%2F%2F%3Asign%20in&v1=%2Fdost%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fdost%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceos.comcast.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
access-control-allow-origin: *
vary: Origin
date: Thu, 15 Sep 2022 22:08:32 GMT
content-type: text/plain;charset=utf-8
expires: Wed, 14 Sep 2022 22:08:32 GMT
last-modified: Fri, 16 Sep 2022 22:08:32 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|3191D13058F4D0C6-40001948E40CAE2A[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Sat, 14 Sep 2024 22:08:08 GMT;
location: https://serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s74296946713609?AQB=1&pccr=true&vidn=3191D13058F4D0C6-40001948E40CAE2A&ndh=1&t=15%2F8%2F2022%2022%3A8%3A16%204%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fjefigscredit.co.ke%2Fdost%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fdost%2F%2F%3Asign%20in&v1=%2Fdost%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fdost%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s74296946713609?AQB=1&pccr=true&vidn=3191D13058F4D0C6-40001948E40CAE2A&ndh=1&t=15%2F8%2F2022%2022%3A8%3A16%204%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fjefigscredit.co.ke%2Fdost%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fdost%2F%2F%3Asign%20in&v1=%2Fdost%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fdost%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
200 OK 43 B URL HTTP/2 serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s74296946713609?AQB=1&pccr=true&vidn=3191D13058F4D0C6-40001948E40CAE2A&ndh=1&t=15%2F8%2F2022%2022%3A8%3A16%204%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fjefigscredit.co.ke%2Fdost%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fdost%2F%2F%3Asign%20in&v1=%2Fdost%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fdost%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
IP
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/comcastnetdev/1/H.27.5/s74296946713609?AQB=1&pccr=true&vidn=3191D13058F4D0C6-40001948E40CAE2A&ndh=1&t=15%2F8%2F2022%2022%3A8%3A16%204%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fjefigscredit.co.ke%2Fdost%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fdost%2F%2F%3Asign%20in&v1=%2Fdost%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fdost%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceos.comcast.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jefigscredit.co.ke/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Thu, 15 Sep 2022 22:08:32 GMT
expires: Wed, 14 Sep 2022 22:08:32 GMT
last-modified: Fri, 16 Sep 2022 22:08:32 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|3191D130023BA616-40001490040C39C0[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Sat, 14 Sep 2024 22:08:08 GMT;
etag: 3571865983607603200-4619906585899841983
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
secure-assets.rubiconproject.com/static/psa/blank/1x1.png
200 OK 155 B URL HTTP/2 secure-assets.rubiconproject.com/static/psa/blank/1x1.png
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 0fed6b76619acefb38a43867d5fbbd65
b4881fe00376089907ce39fb43398fe2b9d55b8a
172f8ce100094feaee2d292f56c5a847b0a89852a43e79ef7743d28d06dec7d7
GET /static/psa/blank/1x1.png HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
accept-ranges: bytes
content-type: image/png
content-encoding: gzip
content-length: 155
date: Thu, 15 Sep 2022 22:08:32 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash bb5011a32469d04a8c6eef616480093e
10d67597f4d964e4b7ac3356cd07f75f70af0189
a14a68abd9f16becedc20dabd6921592f1d50a141475635d7412afe1157619fc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1606
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:32 GMT
Last-Modified: Thu, 15 Sep 2022 21:41:46 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
200 OK 471 B IP
Hash e54f9597f04b82a26bad08882e91bdf7
3cde63d75bf41426ca5761d1aef248be5f37741a
7bc46ed3668d3abbd02d49eaacf0f0ac947bf63ec51a06b65069d05deb219f2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2492
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:32 GMT
Last-Modified: Thu, 15 Sep 2022 21:27:00 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash e54f9597f04b82a26bad08882e91bdf7
3cde63d75bf41426ca5761d1aef248be5f37741a
7bc46ed3668d3abbd02d49eaacf0f0ac947bf63ec51a06b65069d05deb219f2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3988
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 22:08:32 GMT
Last-Modified: Thu, 15 Sep 2022 21:02:04 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=33731128270&varName=crtg_content
204 No Content 0 B URL HTTP/2 rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=33731128270&varName=crtg_content
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=33731128270&varName=crtg_content HTTP/1.1
Host: rtax.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 15 Sep 2022 22:08:32 GMT
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
200 OK 689 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
IP
File type ASCII text, with very long lines (1656), with no line terminators
Hash 7f7c7d17bb4e1ad400f61e683d3eae45
40c026f9bda7a7463b7be0062e3200ed34bc8b34
6a11facb5d0c84fd7b8dfc4016a043345335189fac5605e97e6b3d0af83cae35
GET /id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-1-v040-05aa24c02.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=58827965064636209412592109736200081133; Max-Age=15552000; Expires=Tue, 14 Mar 2023 22:08:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: QaBUQ7MMQrw=
Content-Length: 689
Connection: keep-alive
dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_mid=00803926271411715504852505600969055860&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
200 OK 684 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_mid=00803926271411715504852505600969055860&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
IP
File type ASCII text, with very long lines (1651), with no line terminators
Hash 990bd985ab633f92c012a6d8c7cff97f
dc4b6d04fcecdd324c6ad8562dca266c98d405b7
dfec924d35080bfc8391ddd2c90b29bd0d1311387e263c490ab773fa735dc2e9
GET /id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_mid=00803926271411715504852505600969055860&d_cb=s_c_il%5B0%5D._setMarketingCloudFields HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-1-v040-0e6779a3e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=01146774168629565154890176962203876553; Max-Age=15552000; Expires=Tue, 14 Mar 2023 22:08:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: QAalfVpbSC0=
Content-Length: 684
Connection: keep-alive
comcastathena.demdex.net/event?d_mid=00803926271411715504852505600969055860&d_nsid=1&d_ld=_ts%3D1663279696747&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1663279696747&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fdost%2F%2F%3Asign%20in&c_eVar1=%2Fdost%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fdost%2F
200 OK 150 B URL HTTP/1.1 comcastathena.demdex.net/event?d_mid=00803926271411715504852505600969055860&d_nsid=1&d_ld=_ts%3D1663279696747&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1663279696747&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fdost%2F%2F%3Asign%20in&c_eVar1=%2Fdost%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fdost%2F
IP
File type ASCII text, with no line terminators
Hash aa4b471bbf92b81d8361d4e4793d4c6b
1c4d31a5785b6f73f33a25b4d62e6308bafea4ef
dc402ea7cc00f57969625d5f216054269608eeb71c0afed2c2d0f890585c1e2e
GET /event?d_mid=00803926271411715504852505600969055860&d_nsid=1&d_ld=_ts%3D1663279696747&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1663279696747&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fdost%2F%2F%3Asign%20in&c_eVar1=%2Fdost%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fdost%2F HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-2-v040-02140805d.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=01146774168629565154890176962203876553; Max-Age=15552000; Expires=Tue, 14 Mar 2023 22:08:33 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: B9utXwwbRkI=
Content-Length: 150
Connection: keep-alive
ocsp.comodoca.com/
200 OK 471 B IP
Hash 1d60a333bf22c2f067942ec29eaf7aa1
07d63542129cd8e62569bf8a8c576eb5b0a99363
98bfc5cf5c7dc8d578c2f9f5568afc7ba028f1777ca1b4fd5ded84ebdcc55dbe
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:08:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 02:43:00 GMT
Expires: Tue, 20 Sep 2022 02:42:59 GMT
Etag: "07d63542129cd8e62569bf8a8c576eb5b0a99363"
Cache-Control: max-age=589723,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4ae80b882b517-OSL
login.comcast.net/static/images/global/favicon.ico
200 OK 1.2 kB URL HTTP/1.1 login.comcast.net/static/images/global/favicon.ico
IP
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 8591b1e1977be23073d13751a5f203d0
3f549eff3cf641803992d8748202bf0775f4765e
a0307845ad0d4579ae6e7283a02b81403767295ab37cc0b144ac9d60772ebf97
GET /static/images/global/favicon.ico HTTP/1.1
Host: login.comcast.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 22:08:33 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Last-Modified: Tue, 11 Jan 2022 16:05:32 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=491
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/moatad.js
200 OK 0 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/moatad.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/moatad.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/moatad_002.js
200 OK 0 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/moatad_002.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/moatad_002.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/all.js
200 OK 0 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/all.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/all.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/jquery-1.js
200 OK 0 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/jquery-1.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/jquery-1.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/omniture_visId.js
200 OK 0 B URL HTTP/2 jefigscredit.co.ke/dost/Sign%20in%20to%20XFINITY_files/omniture_visId.js
IP
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Analyzer Verdict Alert fortinet Phishing
GET /dost/Sign%20in%20to%20XFINITY_files/omniture_visId.js HTTP/1.1
Host: jefigscredit.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jefigscredit.co.ke/dost/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 23 Apr 2022 12:33:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Thu, 15 Sep 2022 22:08:30 GMT
server: Apache
X-Firefox-Spdy: h2
207.174.214.206
15.236.176.210
104.110.14.155
213.19.162.61
52.30.136.252
31.13.72.12
3.65.117.255
0.0.0.0