| jbglobaltrading.vip/office0365 |  154.216.20.243 | 301 Moved Permanently | 317 B |
URL User Request GET HTTP/2jbglobaltrading.vip/office0365 IP154.216.20.243:443
CertificateIssuerLet's Encrypt Subjectjbglobaltrading.vip Fingerprint08:FF:D0:39:A0:26:5B:A5:EE:F6:4F:96:F5:A7:98:84:46:7B:1C:27 ValidityMon, 18 Nov 2024 09:06:10 GMT - Sun, 16 Feb 2025 09:06:09 GMT
File typeHTML document, ASCII text Hash6a472c36d03b923441b1560783d897d5 248cf5a5af8d5d78fb635f425b4f18ee96441604 d49806dfc90493c994329ca03d470aa366e08183a140f32b72c00de26212167b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft | | OpenPhish | phishing | Outlook | | Quad9 DNS | malicious | Sinkholed |
GET /office0365 HTTP/1.1
Host: jbglobaltrading.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 11 Dec 2024 14:25:49 GMT
content-type: text/html; charset=iso-8859-1
content-length: 317
location: https://jbglobaltrading.vip/office0365/
x-powered-by: PleskLin
X-Firefox-Spdy: h2
|
|
| jbglobaltrading.vip/office0365/ | 154.216.20.243 | 200 OK | 5.9 kB |
URL User Request GET HTTP/2jbglobaltrading.vip/office0365/ IP154.216.20.243:443
CertificateIssuerLet's Encrypt Subjectjbglobaltrading.vip Fingerprint08:FF:D0:39:A0:26:5B:A5:EE:F6:4F:96:F5:A7:98:84:46:7B:1C:27 ValidityMon, 18 Nov 2024 09:06:10 GMT - Sun, 16 Feb 2025 09:06:09 GMT
File typeHTML document, ASCII text, with very long lines (639), with CRLF line terminators Hash607cd80502faddcb8d1460f771e3d259 ca6c03b85c01925d1a8d17bc893f7dc5ef12086b dee6f7002d5db17f407bbb3535814af93dcec3507b1ff18496e05b7d1fafdbfa
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft | | Quad9 DNS | malicious | Sinkholed |
GET /office0365/ HTTP/1.1
Host: jbglobaltrading.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Dec 2024 14:25:49 GMT
content-type: text/html; charset=UTF-8
content-length: 5855
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=r9uve57o12utchvs57utgl1vni; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.3.14, PleskLin
X-Firefox-Spdy: h2
|
|
| jbglobaltrading.vip/office0365/Sign%20in%20to%20your%20Microsoft%20account_files/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg | 154.216.20.243 | 200 OK | 3.7 kB |
URL GET HTTP/2jbglobaltrading.vip/office0365/Sign%20in%20to%20your%20Microsoft%20account_files/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg IP154.216.20.243:443
Requested byhttps://jbglobaltrading.vip/office0365/ CertificateIssuerLet's Encrypt Subjectjbglobaltrading.vip Fingerprint08:FF:D0:39:A0:26:5B:A5:EE:F6:4F:96:F5:A7:98:84:46:7B:1C:27 ValidityMon, 18 Nov 2024 09:06:10 GMT - Sun, 16 Feb 2025 09:06:09 GMT
File typeSVG Scalable Vector Graphics image Hashee5c8d9fb6248c938fd0dc19370e90bd d01a22720918b781338b5bbf9202b241a5f99ee4 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft | | Quad9 DNS | malicious | Sinkholed |
GET /office0365/Sign%20in%20to%20your%20Microsoft%20account_files/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: jbglobaltrading.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbglobaltrading.vip/office0365/
Cookie: PHPSESSID=r9uve57o12utchvs57utgl1vni
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Dec 2024 14:25:49 GMT
content-type: image/svg+xml
content-length: 3651
last-modified: Wed, 27 Jan 2021 10:00:06 GMT
etag: "601139a6-e43"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| jbglobaltrading.vip/office0365/Sign%20in%20to%20your%20Microsoft%20account_files/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg | 154.216.20.243 | 200 OK | 1.6 kB |
URL GET HTTP/2jbglobaltrading.vip/office0365/Sign%20in%20to%20your%20Microsoft%20account_files/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg IP154.216.20.243:443
Requested byhttps://jbglobaltrading.vip/office0365/ CertificateIssuerLet's Encrypt Subjectjbglobaltrading.vip Fingerprint08:FF:D0:39:A0:26:5B:A5:EE:F6:4F:96:F5:A7:98:84:46:7B:1C:27 ValidityMon, 18 Nov 2024 09:06:10 GMT - Sun, 16 Feb 2025 09:06:09 GMT
File typeSVG Scalable Vector Graphics image Hashbcb4d1dc4eae64f0b2b2538209d8435a 4f10568bc1b70bc98d5297b85812c33b3e636766 a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft | | Quad9 DNS | malicious | Sinkholed |
GET /office0365/Sign%20in%20to%20your%20Microsoft%20account_files/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg HTTP/1.1
Host: jbglobaltrading.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbglobaltrading.vip/office0365/
Cookie: PHPSESSID=r9uve57o12utchvs57utgl1vni
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Dec 2024 14:25:49 GMT
content-type: image/svg+xml
content-length: 1555
last-modified: Wed, 27 Jan 2021 13:31:06 GMT
etag: "60116b1a-613"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| jbglobaltrading.vip/office0365/Sign%20in%20to%20your%20Microsoft%20account_files/Converged_v21033_pX57w6YnWiqTo95swppIBg2.css | 154.216.20.243 | 200 OK | 34 kB |
URL GET HTTP/2jbglobaltrading.vip/office0365/Sign%20in%20to%20your%20Microsoft%20account_files/Converged_v21033_pX57w6YnWiqTo95swppIBg2.css IP154.216.20.243:443
Requested byhttps://jbglobaltrading.vip/office0365/ CertificateIssuerLet's Encrypt Subjectjbglobaltrading.vip Fingerprint08:FF:D0:39:A0:26:5B:A5:EE:F6:4F:96:F5:A7:98:84:46:7B:1C:27 ValidityMon, 18 Nov 2024 09:06:10 GMT - Sun, 16 Feb 2025 09:06:09 GMT
File typeASCII text, with very long lines (61112) Hasha57e7bc3a6275a2a93a3de6cc29a4806 96fe6358fe1e8eb5b18609a45c3bd88824c61929 2541943a2b850bc674351e8cc4617892f884a26d6813e57e449c3607300b0108
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft | | Quad9 DNS | malicious | Sinkholed |
GET /office0365/Sign%20in%20to%20your%20Microsoft%20account_files/Converged_v21033_pX57w6YnWiqTo95swppIBg2.css HTTP/1.1
Host: jbglobaltrading.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbglobaltrading.vip/office0365/
Cookie: PHPSESSID=r9uve57o12utchvs57utgl1vni
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Dec 2024 14:25:49 GMT
content-type: text/css
last-modified: Wed, 27 Jan 2021 10:00:06 GMT
etag: W/"601139a6-1a3e8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
|
|
| logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg |  13.107.246.53 | 200 OK | 673 B |
URL GET HTTP/2logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jbglobaltrading.vip/office0365/ CertificateIssuerMicrosoft Corporation Subjectidentitycdn.msauth.net FingerprintC5:77:83:C0:DA:CC:0A:65:53:3D:B9:0B:BD:5E:F5:9F:27:FD:EA:91 ValidityMon, 25 Nov 2024 05:55:47 GMT - Sat, 24 May 2025 05:55:47 GMT
File typeSVG Scalable Vector Graphics image Hashbc3d32a696895f78c19df6c717586a5d 9191cb156a30a3ed79c44c0a16c95159e8ff689d 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbglobaltrading.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 11 Dec 2024 14:25:49 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 12 Feb 2020 22:01:56 GMT
etag: 0x8D7B0072D292595
x-ms-request-id: d8ed8109-b01e-006d-3fb0-4948b0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241211T142549Z-r169f6b8fc847qn2hC1SVG8e480000001dt0000000002waz
x-fd-int-roxy-purgeid: 79218156
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| logincdn.msauth.net/16.000.28910.1/images/favicon.ico | 13.107.246.53 | 200 OK | 17 kB |
URL GET HTTP/2logincdn.msauth.net/16.000.28910.1/images/favicon.ico IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jbglobaltrading.vip/office0365/ CertificateIssuerMicrosoft Corporation Subjectidentitycdn.msauth.net FingerprintC5:77:83:C0:DA:CC:0A:65:53:3D:B9:0B:BD:5E:F5:9F:27:FD:EA:91 ValidityMon, 25 Nov 2024 05:55:47 GMT - Sat, 24 May 2025 05:55:47 GMT
File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors Hash12e3dac858061d088023b2bd48e2fa96 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /16.000.28910.1/images/favicon.ico HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbglobaltrading.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 11 Dec 2024 14:25:49 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jan 2021 23:08:30 GMT
etag: 0x8D8BC05F8BF3D60
x-ms-request-id: 68d82df8-801e-0075-7723-4ba87a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241211T142549Z-r169f6b8fc847qn2hC1SVG8e480000001dt0000000002way
x-fd-int-roxy-purgeid: 79218156
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|