royalheritageinternationalschool.com/aop/aut/sf_rand_string_lowercase6/c3RldmVAYmFua3Bhay5jb20=
192.185.129.35200 OK 0 B URL User Request GET HTTP/2 royalheritageinternationalschool.com/aop/aut/sf_rand_string_lowercase6/c3RldmVAYmFua3Bhay5jb20=
IP 192.185.129.35:443
ASN #46606 UNIFIEDLAYER-AS-1
Certificate IssuerLet's Encrypt
Subject*.royalheritageinternationalschool.com
Fingerprint70:17:31:44:49:B1:28:41:99:BD:7B:4C:78:CF:08:45:EF:91:60:10
ValiditySat, 20 May 2023 01:03:07 GMT - Fri, 18 Aug 2023 01:03:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /aop/aut/sf_rand_string_lowercase6/c3RldmVAYmFua3Bhay5jb20= HTTP/1.1
Host: royalheritageinternationalschool.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 27 May 2023 03:31:10 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 0
refresh: 0;url=https://9gski.fobidaa.ru/Msteve@bankpak.com
x-server-cache: false
X-Firefox-Spdy: h2
9gski.fobidaa.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cdb2e9ee9f20b39
104.21.37.66200 OK 42 B URL GET HTTP/3 9gski.fobidaa.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cdb2e9ee9f20b39
IP 104.21.37.66:443
Requested by https://9gski.fobidaa.ru/Msteve@bankpak.com
Certificate IssuerGoogle Trust Services LLC
Subjectfobidaa.ru
FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2
ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cdb2e9ee9f20b39 HTTP/1.1
Host: 9gski.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9gski.fobidaa.ru/Msteve@bankpak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:56 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cdb2e9fabcab523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Sat, 27 May 2023 05:30:56 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cdb2ea10eb5b509
104.18.6.185200 OK 161 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cdb2ea10eb5b509
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 161 kB (160756 bytes)
Hash 558c282fc956567f060fee8a63ef9f8a
da9f76dd92f794dfae62f3249dcd10ba487d9b34
ebca2c3f6302a30e179f167f0a448e4e53dbd95bb33a68d87fd441ac9c79fcc3
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cdb2ea10eb5b509 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7cdb2ea18f0ab509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
9gski.fobidaa.ru/Msteve@bankpak.com
104.21.37.66403 Forbidden 8.0 kB URL User Request GET HTTP/2 9gski.fobidaa.ru/Msteve@bankpak.com
IP 104.21.37.66:443
Certificate IssuerGoogle Trust Services LLC
Subjectfobidaa.ru
FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2
ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8176), with no line terminators
Hash 124e526efed00e50e2146ef3669abe7f
6dca4f360b5be19bdf13889ec60b8794489e7c72
abc85908c67da86a0f696bdf70f61e6d96cb3d6d8de6ced8dbc066123e148e8f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
fortinet Phishing
GET /Msteve@bankpak.com HTTP/1.1
Host: 9gski.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Sat, 27 May 2023 03:30:56 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYKSKNdtkEHEIdf0bhua2wahA07qX%2Fd7Y1pHHL1O3vKMr6bq%2FnfJ1SVm2j%2FoSwEmceR1BTDeF46TvkfGS02xUSBekuLJzeMcpZxIKIoUbxxgqvKTi9INxqnPsez%2FLIysOWyL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cdb2e9ee9f20b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
9gski.fobidaa.ru/favicon.ico
104.21.37.66403 Forbidden 7.1 kB URL GET HTTP/3 9gski.fobidaa.ru/favicon.ico
IP 104.21.37.66:443
Requested by https://9gski.fobidaa.ru/Msteve@bankpak.com
Certificate IssuerGoogle Trust Services LLC
Subjectfobidaa.ru
FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2
ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7225), with no line terminators
Hash 5adbd05b001a68f1cbfd549c294074d0
53e4da061b8814035dd139e39654fee0477b84a7
6740b7f5a5729ac187f23c3d627b4ded4e5c12148240e7cf842478cc4a830450
GET /favicon.ico HTTP/1.1
Host: 9gski.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9gski.fobidaa.ru/Msteve@bankpak.com?__cf_chl_rt_tk=3VYWLrTk2Bl766lxs8UZ0B9Yco.dEvkC.3h7r2gIvNI-1685158256-0-gaNycGzNDTs
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Sat, 27 May 2023 03:30:56 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4o1lenqDfdbQpkdsGwf04L81ej1%2Fnfu8RlxzlWa60rSbyskNtcbwmmv%2BxHJv2cmQ2rDUIwLuVKl8G1ieurrShCtFv8YiDfMYI7TV%2FnrZfkiSqAV%2FPkYgpnaE9LHndOwjU6Kt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cdb2e9fcbd4b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1422931171:1685156901:DW7NZnTiVm_mxjFUeOz9XGF_rP8qishdBm5fNjosaTc/7cdb2ea10eb5b509/52394a71bed7cc9
104.18.6.185200 OK 100 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1422931171:1685156901:DW7NZnTiVm_mxjFUeOz9XGF_rP8qishdBm5fNjosaTc/7cdb2ea10eb5b509/52394a71bed7cc9
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1fc09a3a88fad6cd5f9fbbe63ec9e711
ddcd6bf70aa62335a818ba128a9dbe2e29932149
5fe47983b2d686d8849a7b8bc9769139b07bb7fb0b5b4eff8860fa77487c77d1
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1422931171:1685156901:DW7NZnTiVm_mxjFUeOz9XGF_rP8qishdBm5fNjosaTc/7cdb2ea10eb5b509/52394a71bed7cc9 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 52394a71bed7cc9
Content-Length: 2714
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:57 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: IbD0LiLOllhJ9jAQGApC9iIPKdld4nPueplzXmMOgcpLGsQ/32loQy1nWAqb8OkFgitLPryvLWk16K39sNv4Ig6RCf2lxQ2tALuMjhIdSjcxh9nrVDVqidGfAiWMko1E64eGGU/SgZiSKORoRTbQwqviBzrSmmS0Pn/OITTcwX8ZFxrM38vqMCPgoKhz1zQf9wXJyYwoqvSFtiMyXRd/I1XKEQGBzsxb2gpSK/waKlNdrdDnS1pYY6tzUPEfSOW/skDvVYGruWlMud8FSNT7tMccGrSLv2rF0XCJ/4fRFc1ZR6nwunAHCpdnOFPo5rRGSiUID3ShXzHWWy0Kdvv/Zra2a/CIEjX2vLmrzPmusR0aozUXdefj800fwNMoRFIi6gyFsWsqtd8yFBGWzyXtdw==$2qv5Bhh+7PgMs1j9Hs6IRA==
server: cloudflare
cf-ray: 7cdb2ea2af74b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cdb2ea10eb5b509/1685158257076/dSO-Ptf2yu_azpM
104.18.6.185200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cdb2ea10eb5b509/1685158257076/dSO-Ptf2yu_azpM
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type PNG image data, 52 x 7, 8-bit/color RGB, non-interlaced\012- data
Hash b13adedefa273c38c5360d64c81a483a
a022811ca61741170d157c7b953dee0ec9ad5822
dd462f6caed1deca5fc805afed26dce226cefca0574832abefc04b2cdd497742
GET /cdn-cgi/challenge-platform/h/b/img/7cdb2ea10eb5b509/1685158257076/dSO-Ptf2yu_azpM HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:57 GMT
content-type: image/png
server: cloudflare
cf-ray: 7cdb2ea63933b509-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1422931171:1685156901:DW7NZnTiVm_mxjFUeOz9XGF_rP8qishdBm5fNjosaTc/7cdb2ea10eb5b509/52394a71bed7cc9
104.18.6.185200 OK 13 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1422931171:1685156901:DW7NZnTiVm_mxjFUeOz9XGF_rP8qishdBm5fNjosaTc/7cdb2ea10eb5b509/52394a71bed7cc9
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (13276), with no line terminators
Hash 24d5d5bfc7982f5a4283a10c894a6da8
6218c6fa0557560d22d3a7de2b112a9c469d8f8c
cfbc75a86a00068f0529b3e9b68057b49b7f4d5e832dbfbec65eacf5bfe9b2c5
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1422931171:1685156901:DW7NZnTiVm_mxjFUeOz9XGF_rP8qishdBm5fNjosaTc/7cdb2ea10eb5b509/52394a71bed7cc9 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 52394a71bed7cc9
Content-Length: 18739
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:57 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: JfHGlRqXZzca3Xerj87yxKo5/9SxaE0OxenhGQueFt6xDBP//Dp09IyW445fpl1J$NqKXHE7Jj5/MgD/+s2WeFg==
server: cloudflare
cf-ray: 7cdb2ea7ba1bb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
9gski.fobidaa.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cdb2e9ee9f20b39
104.21.37.66200 OK 153 kB URL GET HTTP/3 9gski.fobidaa.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cdb2e9ee9f20b39
IP 104.21.37.66:443
Requested by https://9gski.fobidaa.ru/Msteve@bankpak.com
Certificate IssuerGoogle Trust Services LLC
Subjectfobidaa.ru
FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2
ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 153 kB (152852 bytes)
Hash 67b4c6a9913aabafb30b8c8c30ec4680
1299d334e7fa11632b14169a22cd04e926448fbf
a71283f914979691f6e7f2c2987f00ac93f1ed86691986bc2e4e9a1376b46ecf
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cdb2e9ee9f20b39 HTTP/1.1
Host: 9gski.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9gski.fobidaa.ru/Msteve@bankpak.com?__cf_chl_rt_tk=3VYWLrTk2Bl766lxs8UZ0B9Yco.dEvkC.3h7r2gIvNI-1685158256-0-gaNycGzNDTs
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1le1i%2BGexk%2B4xoYAELhoN4xbvPK%2FA30P6viOaDjP%2BS8g%2Fo1qNuG9ENOZdMMlRPMWyo4sTBqshgbcG5Q6n0PM70wsaEu%2BrtXR60Cu8wSBCNI4iBVHhZL2yJ7aAUd%2BiKoP5NH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cdb2e9fbbcbb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
9gski.fobidaa.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1265422438:1685156893:6vZXB0LpS22lb-K9bhaLWKHoEkq0fuUoxcIj-rilqfc/7cdb2e9ee9f20b39/13329964d4dece9
104.21.37.66200 OK 7.4 kB URL POST HTTP/3 9gski.fobidaa.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1265422438:1685156893:6vZXB0LpS22lb-K9bhaLWKHoEkq0fuUoxcIj-rilqfc/7cdb2e9ee9f20b39/13329964d4dece9
IP 104.21.37.66:443
Requested by https://9gski.fobidaa.ru/Msteve@bankpak.com
Certificate IssuerGoogle Trust Services LLC
Subjectfobidaa.ru
FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2
ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT
File type ASCII text, with very long lines (7388), with no line terminators
Hash cdeaa124777c200dc9ac76048fb13a67
6bcf7d9b9ce1357bcd0e828f1e5ede488afa5b75
4f1637770ac46c54feb89cf8f58507b1fc4ca2cbf53011c8a5eded71e2c5e7bc
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1265422438:1685156893:6vZXB0LpS22lb-K9bhaLWKHoEkq0fuUoxcIj-rilqfc/7cdb2e9ee9f20b39/13329964d4dece9 HTTP/1.1
Host: 9gski.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9gski.fobidaa.ru/Msteve@bankpak.com
Content-type: application/x-www-form-urlencoded
CF-Challenge: 13329964d4dece9
Content-Length: 1746
Origin: https://9gski.fobidaa.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:56 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: Al2Y6Dz/nyB9q4Qf2o1OHhBsWcz+e9ovtAat5gYgnB/mbg3JyruJBKygEU9f/zNa$Z48X0PAkNQNwhkAsJI/D3w==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IY3el0nY7t60rDp86bIEZWg2CNf2eBnul%2BkkBjgxX%2Fm1Eza%2F4lsMiWG%2FDEt8eY8txN9%2BRpc0i8NHGG15tzKjHHfYeEm0fIAxd1wZqg%2BecNA8KP8CNOOJzdGHRCeOBr7zv6IW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cdb2ea0cc4bb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
104.18.6.185200 OK 24 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP 104.18.6.185:443
Requested by https://9gski.fobidaa.ru/Msteve@bankpak.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)
Hash ef3e30fd49a63726f582626e131d972d
d8bebaf1b484002774c427e7b4bdb73f4ac4debe
01c952e98132f539e8998cc765fbe1bcefea319fcae130a34ada878fff5b4f0a
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 03:30:56 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7cdb2ea10eb5b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185200 OK 16 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:443
Requested by https://9gski.fobidaa.ru/Msteve@bankpak.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (15748)
Hash 2a1262ba5cd32899831d483322a28dd7
3805876db8773ed5820043e1f39b0b6c049f61b2
2e1e45b1d429b2d703676139932fe97b7ffc7986e6d0221653a7404e4c3032f0
GET /turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9gski.fobidaa.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 27 May 2023 03:30:56 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cdb2ea02defb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7cdb2ea10eb5b509/1685158257077/1796260874d83441ae82cd04e58aebb2e2a5c345462ee43c068e444d60bba5c7/RPEkN8gLf5cYIW-
104.18.6.185401 Unauthorized 1 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7cdb2ea10eb5b509/1685158257077/1796260874d83441ae82cd04e58aebb2e2a5c345462ee43c068e444d60bba5c7/RPEkN8gLf5cYIW-
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/7cdb2ea10eb5b509/1685158257077/1796260874d83441ae82cd04e58aebb2e2a5c345462ee43c068e444d60bba5c7/RPEkN8gLf5cYIW- HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/23iot/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Sat, 27 May 2023 03:30:57 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gF5YmCHTYNEGugs0E5YrrsuKlw0VGLuQ8Bo5ETWC7pccAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArTdvs2-VOeG1gRYSu6le9W8rphJ9hC05duH2SoyJxZcID7eB4pDegSJtNqv3OQbpK4Q95bHTqsH89BCAXLJI-Vt7ySrpRthX6rEPu-Vj7WesutfG-4HKj1HyDTGqAY6a7ewvPAO1MgMa2r1_gzOPEXZzJhEKT6UdIT2kff2r_Ykjw0jlNmXk5cDvIskrZ85GVfUW-rn9g1PLXw9OFhNDD6DD2EiFfNdypws_NYvMuOAHcmAxJlEJcf3CR8kfcZax5XW2G8thhT80V0huiKzfxYVtQL5b4HVbTcNvo9O7UCIklef8agJz95n7nyDUn68MLaxbYGJ0kAASzeN5eEb55QIDAQAB, max-age=20
server: cloudflare
cf-ray: 7cdb2ea65943b509-OSL
alt-svc: h3=":443"; ma=86400