url3824.artplacer.com/ls/click?upn=vRCEVzYRDK3YQ6SvtXzA-2B8-2BY0chxezhgyT6lyRl3neoTYJWnYAFIajnRDumsSVD4p8XU8yDGeLkB4wlMAb19zeZRQI4Sdz95pExW4gKZti2YuXkuNFE7-2BII89mqdmdN1y5wvjm6HkYAyhb4uaHouGtzMKaaifeCOSuSnHB6oF2j7wuO1WVV9vct0CiUGQAT0qDLuAEL70Z8sJ6i3bxLgb4pBa-2BxmspUbixbcPd1y9z66qSfmV-2FBmQdIF058mosN3ne5p45JbXSXVjIfBrvMFYA-3D-3DRPFy_YxCxpoge33FNHhRVcK23d7IMIpeKfDSjkGHZK14ZDws6lNQWDzRlLIi4DiK5BGyIAECRnCkIQlULloQJKoAdkH-2F5FE-2FEJSqgJkmcNHPF0ptnlpIj5LLGhSDd0zaVYX5LEM3U5dR-2B8IkAklujZkKH7pZUijNvsUqmvfhDzCJN-2B-2FKrwDlAp-2FiVysmWfGzsx-2BfMiaqex2tViqKNyeBIrNmj4z60-2FDsY3IlqsKOVQ1my2rU-3D
167.89.123.124302 Found 231 B URL User Request GET HTTP/1.1 url3824.artplacer.com/ls/click?upn=vRCEVzYRDK3YQ6SvtXzA-2B8-2BY0chxezhgyT6lyRl3neoTYJWnYAFIajnRDumsSVD4p8XU8yDGeLkB4wlMAb19zeZRQI4Sdz95pExW4gKZti2YuXkuNFE7-2BII89mqdmdN1y5wvjm6HkYAyhb4uaHouGtzMKaaifeCOSuSnHB6oF2j7wuO1WVV9vct0CiUGQAT0qDLuAEL70Z8sJ6i3bxLgb4pBa-2BxmspUbixbcPd1y9z66qSfmV-2FBmQdIF058mosN3ne5p45JbXSXVjIfBrvMFYA-3D-3DRPFy_YxCxpoge33FNHhRVcK23d7IMIpeKfDSjkGHZK14ZDws6lNQWDzRlLIi4DiK5BGyIAECRnCkIQlULloQJKoAdkH-2F5FE-2FEJSqgJkmcNHPF0ptnlpIj5LLGhSDd0zaVYX5LEM3U5dR-2B8IkAklujZkKH7pZUijNvsUqmvfhDzCJN-2B-2FKrwDlAp-2FiVysmWfGzsx-2BfMiaqex2tViqKNyeBIrNmj4z60-2FDsY3IlqsKOVQ1my2rU-3D
IP 167.89.123.124:80
File type HTML document, ASCII text
Hash 402b8b0ff2811730e4e9985126dc1668
379b53748bb44a73c2dceafa8ece0827fd57e3f4
66207251492b9087cdbae6004810a4b157f34a9803f9082c39bc16261dce440f
GET /ls/click?upn=vRCEVzYRDK3YQ6SvtXzA-2B8-2BY0chxezhgyT6lyRl3neoTYJWnYAFIajnRDumsSVD4p8XU8yDGeLkB4wlMAb19zeZRQI4Sdz95pExW4gKZti2YuXkuNFE7-2BII89mqdmdN1y5wvjm6HkYAyhb4uaHouGtzMKaaifeCOSuSnHB6oF2j7wuO1WVV9vct0CiUGQAT0qDLuAEL70Z8sJ6i3bxLgb4pBa-2BxmspUbixbcPd1y9z66qSfmV-2FBmQdIF058mosN3ne5p45JbXSXVjIfBrvMFYA-3D-3DRPFy_YxCxpoge33FNHhRVcK23d7IMIpeKfDSjkGHZK14ZDws6lNQWDzRlLIi4DiK5BGyIAECRnCkIQlULloQJKoAdkH-2F5FE-2FEJSqgJkmcNHPF0ptnlpIj5LLGhSDd0zaVYX5LEM3U5dR-2B8IkAklujZkKH7pZUijNvsUqmvfhDzCJN-2B-2FKrwDlAp-2FiVysmWfGzsx-2BfMiaqex2tViqKNyeBIrNmj4z60-2FDsY3IlqsKOVQ1my2rU-3D HTTP/1.1
Host: url3824.artplacer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 May 2023 17:42:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 231
Connection: keep-alive
Location: https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ==
X-Robots-Tag: noindex, nofollow
rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ==
34.215.187.240302 Found 0 B URL User Request GET HTTP/1.1 rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ==
IP 34.215.187.240:443
Certificate IssuerDigiCert Inc
Subject*.campaign.adobe.com
Fingerprint02:73:C5:AC:F2:AB:07:CE:20:42:35:C2:82:E4:6B:9E:AD:45:E8:DE
ValidityWed, 20 Jul 2022 00:00:00 GMT - Sun, 20 Aug 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ== HTTP/1.1
Host: rollins-mkt-prod1.campaign.adobe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 26 May 2023 17:42:03 GMT
Server: Apache
X-Robots-Tag: noindex
Connection: keep-alive, Keep-Alive
Location: https://alawaelafrica.com/.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ==
Content-length: 0
Pragma: no-cache
Cache-Control: no-cache
Expires: Fri, 26 May 2023 17:42:03 GMT
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Content-Type: text/plain; charset=iso-8859-1
alawaelafrica.com/.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ==
65.108.234.151302 Found 113 B URL User Request GET HTTP/1.1 alawaelafrica.com/.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ==
IP 65.108.234.151:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subject*.alawaelafrica.com
Fingerprint0C:96:6B:AB:EF:3F:05:6B:41:01:84:52:29:4C:B1:C2:93:64:EB:89
ValidityThu, 18 May 2023 17:04:53 GMT - Wed, 16 Aug 2023 17:04:52 GMT
File type ASCII text, with no line terminators
Hash fd4740081d40a67c78e06444e14c6e27
927e867f1b3266cca1c41a6b38b8d319e2e7386c
28486d86fd8c41ea42a672c01d1a8cc7640d78f06618aff4876b3ccbbb13add5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /.ojnew/tmp/ZGF2aWQuc2ltbW9uc0Bsc2ljb3JwLmNvbQ== HTTP/1.1
Host: alawaelafrica.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 26 May 2023 17:42:04 GMT
Server: Apache
Location: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd7d0054dbcb51e
172.67.176.78 42 B URL 0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd7d0054dbcb51e
IP 172.67.176.78:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd7d0054dbcb51e HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 17:42:04 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cd7d006ee140b65-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Fri, 26 May 2023 19:42:04 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
0gpilhhtlb646b2a32a499c.ocupac.ru/jq/c68cbc46d943a46ec70d9a420dca17686470ef6e248c0
172.67.176.78200 OK 86 kB URL GET HTTP/3 0gpilhhtlb646b2a32a499c.ocupac.ru/jq/c68cbc46d943a46ec70d9a420dca17686470ef6e248c0
IP 172.67.176.78:443
Requested by https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Certificate IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Analyzer Verdict Alert fortinet Phishing
GET /jq/c68cbc46d943a46ec70d9a420dca17686470ef6e248c0 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Cookie: cf_clearance=9P6PJduNeyY7NrX5XDA47xeIpDCA2F1oyaq3PTUmqiE-1685122924-0-160; PHPSESSID=d0bc21fd70be0aee3d6e7f373d918642
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:42:08 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 02 Jun 2023 17:42:06 GMT
last-modified: Mon, 22 May 2023 17:44:14 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o48oPmnUNdUqE%2FwUqtpl%2F%2BVmG%2Bh1P2YLUCrrLze9BVg9nRDk%2By5LHY5DcHLuLzCkIO4na8X9davFGeon9w2DfMV0os5WnC%2FJr5XLRzbA%2BkbaQI2Qjzdw4mdi%2BKpVVUQxBLigiiC5sko7wq%2BjIX9Go9toBJo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd7d01c0d090b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/axios/dist/axios.min.js
104.16.122.175302 Found 32 kB URL GET HTTP/2 unpkg.com/axios/dist/axios.min.js
IP 104.16.122.175:443
Requested by https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 26 May 2023 17:42:08 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H1CJDYYWKW3Q6NJ58JT3NNT6-arn
cf-cache-status: HIT
age: 21
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cd7d01c2ed1b523-OSL
X-Firefox-Spdy: h2
0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com
172.67.176.78302 Found 7.4 kB URL User Request POST HTTP/3 0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com
IP 172.67.176.78:443
Certificate IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
POST /Mdavid.simmons@lsicorp.com HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com?__cf_chl_tk=ZkH2GV2sRsOuieJU.czfXW3D3McP.K8RcHbQxOWRb6Y-1685122924-0-gaNycGzNC9A
Content-Type: application/x-www-form-urlencoded
Content-Length: 3190
Origin: https://0gpilhhtlb646b2a32a499c.ocupac.ru
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Fri, 26 May 2023 17:42:07 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
set-cookie: cf_clearance=9P6PJduNeyY7NrX5XDA47xeIpDCA2F1oyaq3PTUmqiE-1685122924-0-160; path=/; expires=Sat, 25-May-24 17:42:07 GMT; domain=.ocupac.ru; HttpOnly; Secure; SameSite=None
PHPSESSID=d0bc21fd70be0aee3d6e7f373d918642; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHFl4ygseGFFDIOU1lAg%2BRHJFLGM1FxDGERdneu3wj0fgi%2FcFWwy8eYgy%2FVHzEh9Ym%2FJfRxjX3KjGygoMkNDTKSpFmHodjcLhZr1OcslcLvt9SQZ5i5HXMD4ARq%2BzpWi74ZkNX20NN8R0lsyeiWceAPyoso%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd7d015ee5f0b65-OSL
alt-svc: h3=":443"; ma=86400
0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
172.67.176.78200 OK 7.4 kB URL User Request GET HTTP/3 0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
IP 172.67.176.78:443
Certificate IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators
Hash a4fccd027a556657a1e7961935126831
d35e623bb495937834b466385238c3ca1fb18586
70b2ae0249ec7535440e0f0cfd5f5834d54a9bc2e8828f833ae655709c6aefc5
Analyzer Verdict Alert fortinet Phishing
GET /beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com?__cf_chl_tk=ZkH2GV2sRsOuieJU.czfXW3D3McP.K8RcHbQxOWRb6Y-1685122924-0-gaNycGzNC9A
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=9P6PJduNeyY7NrX5XDA47xeIpDCA2F1oyaq3PTUmqiE-1685122924-0-160; PHPSESSID=d0bc21fd70be0aee3d6e7f373d918642
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:42:07 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cmCKdLGWE6d%2FFajdyt5QZmDT14%2BfOz5DcXmTL8FMv%2FTklZnDONXrrir9JcktOxfj4vLpFvz9U2ADfaoDSlgrE4VxXrF86vHC6CI5bLaGEEPnKyqUxg7hI1R4zFaNFooHrBOnow3G3iF9CCAgcvtHaslEB6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd7d01adc060b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
0gpilhhtlb646b2a32a499c.ocupac.ru/boot/c68cbc46d943a46ec70d9a420dca17686470ef6e248c3
172.67.176.78200 OK 51 kB URL GET HTTP/3 0gpilhhtlb646b2a32a499c.ocupac.ru/boot/c68cbc46d943a46ec70d9a420dca17686470ef6e248c3
IP 172.67.176.78:443
Requested by https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Certificate IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT
File type ASCII text, with very long lines (50758)
Hash 67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Analyzer Verdict Alert fortinet Phishing
GET /boot/c68cbc46d943a46ec70d9a420dca17686470ef6e248c3 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Cookie: cf_clearance=9P6PJduNeyY7NrX5XDA47xeIpDCA2F1oyaq3PTUmqiE-1685122924-0-160; PHPSESSID=d0bc21fd70be0aee3d6e7f373d918642
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:42:08 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 02 Jun 2023 17:42:06 GMT
last-modified: Mon, 22 May 2023 17:44:14 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqeyiO9rYL2A%2BJ6o3pQf5VDdn4l0X5JFsWbgul07bC6mKAN8E1RZTTw0WTRWV2YcHh0ZBL1UOvhQdNr4k2QyB5%2FFJzoEOuBJkShyAJN%2Fr9sev8KVDy8V4A61v74fwHqWisujKyKbWyaVxNbbEMb20P09dIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd7d01c1d0b0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
0gpilhhtlb646b2a32a499c.ocupac.ru/jm/c68cbc46d943a46ec70d9a420dca17686470ef6e248c8
172.67.176.78200 OK 7.3 kB URL GET HTTP/3 0gpilhhtlb646b2a32a499c.ocupac.ru/jm/c68cbc46d943a46ec70d9a420dca17686470ef6e248c8
IP 172.67.176.78:443
Requested by https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Certificate IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT
File type ASCII text, with very long lines (7344), with no line terminators
Hash f335e180c66cfa35ea3152a33884ec67
0b99d4d6d595e23b8c864f9c39d16813f886e850
7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324
Analyzer Verdict Alert fortinet Phishing
GET /jm/c68cbc46d943a46ec70d9a420dca17686470ef6e248c8 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Cookie: cf_clearance=9P6PJduNeyY7NrX5XDA47xeIpDCA2F1oyaq3PTUmqiE-1685122924-0-160; PHPSESSID=d0bc21fd70be0aee3d6e7f373d918642
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:42:09 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 02 Jun 2023 17:42:07 GMT
last-modified: Mon, 22 May 2023 17:44:14 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZlHghFBzzb0xIsAp2FISkxXU3ZNmIPqWUC%2B6tSfunEExtSny38BkUdEIRbW23TItRYoiu4kdKLBu%2FEj4AFvWdRRrQZra1VnOfkQHxwPD%2BcLJpriIeKG1%2FGC30slqo0J0yHSPir51yoww%2FlF0omwwGXz%2BlgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd7d01c1d0d0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/axios@1.4.0/dist/axios.min.js
104.16.122.175200 OK 32 kB URL GET HTTP/2 unpkg.com/axios@1.4.0/dist/axios.min.js
IP 104.16.122.175:443
Requested by https://0gpilhhtlb646b2a32a499c.ocupac.ru/beebb091955c06fa68b3eb8afc0bae516470ef6e1686dPASbeebb091955c06fa68b3eb8afc0bae516470ef6e1686f
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type ASCII text, with very long lines (31803)
Hash 6470a918ba1fd4b8d0882df0269ddb82
97814fdab64aa7d1b30f082f9eb272d4b1ce18a2
fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e
GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0gpilhhtlb646b2a32a499c.ocupac.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 May 2023 17:42:08 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 1822020
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cd7d01c4f01b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com
172.67.176.78403 Forbidden 7.7 kB URL User Request GET HTTP/2 0gpilhhtlb646b2a32a499c.ocupac.ru/Mdavid.simmons@lsicorp.com
IP 172.67.176.78:443
Certificate IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7886), with no line terminators
Hash 44332ba206ec727667dee62a1c4e9cf5
302e0094172ca7537dcec4b77c2f67b8faea90ae
e8e037fe3e3c3046f97d843bad1fe7d389e6347db958f5b77502b76e924b7029
Analyzer Verdict Alert fortinet Phishing
GET /Mdavid.simmons@lsicorp.com HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Fri, 26 May 2023 17:42:04 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFWWztFNW174qjCZ%2FqOB%2FjXxDArQw9Ub4Z3t0x2K6G4uP7%2BZtj2NQDMQqCv1k%2F9Z9E0tGNKQ%2BqJHQd%2F1uU0XXzsCZIf9Uy7M6m05dFL8uJKQTEd726Wz9tjCSOcsCbdiAn9rXG%2BBFPvbujx%2Bmu%2B%2BHHqA3OM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd7d0054dbcb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2