r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11560
Expires: Sat, 03 Sep 2022 21:40:40 GMT
Date: Sat, 03 Sep 2022 18:28:00 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 17:43:07 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sdYCa1imt6zkF9qIiNkmhaUFsxt99v2dzBzNBW3skYM2x3xXVJPTVg==
Age: 2693
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iboQoDzfwFqxUXWnvjNJgkT0cXtaJ60avP_OGAnE2WQzrLBGiJ3A2Q==
age: 61963
X-Firefox-Spdy: h2
bmhelp.us/Bin/ScreenConnect.Client.application?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw+EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
209.145.54.183302 Redirect 639 B URL HTTP/1.1 bmhelp.us/Bin/ScreenConnect.Client.application?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw+EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
IP 209.145.54.183:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (596)
Hash 1676ea06ae920df811ad7f3f3fda4179
7aa447fb5ddfc56ef7f04c525ad21fc1e08dca8b
b175f6630f0504c1edf477630b19cd41e7880692e7162ca82db261910168a821
GET /Bin/ScreenConnect.Client.application?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw+EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r= HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: https://bmhelp.us?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Server: Microsoft-IIS/10.0
Date: Sat, 03 Sep 2022 18:28:00 GMT
Content-Length: 639
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 18:28:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 03 Sep 2022 17:38:16 GMT
Expires: Sat, 03 Sep 2022 17:39:36 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ODfUfbq-FqqWUTdtHn_XrVAjUkfhcfZ0voOqYiXsad0CZ9ssgxJHxA==
Age: 2984
bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
209.145.54.183200 OK 7.0 kB URL HTTP/2 bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
IP 209.145.54.183:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (524), with CRLF line terminators
Hash 3b52c567939f33fcf07503966e7145bc
3aada67cb85e079204ac0fd9a559d00d83d4f69f
bbc6e25528d96a656d7ab4fb7d48b9bb9371fc0fe6b08d3512388eafa23a166e
GET /?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r= HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
cache-control: private
content-length: 6964
content-type: text/html; charset=utf-8
content-encoding: gzip
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
p3p: CP="NON CUR OUR STP STA PRE"
date: Sat, 03 Sep 2022 18:28:00 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5778
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 18:28:01 GMT
Last-Modified: Sat, 03 Sep 2022 16:51:43 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.17.198101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.17.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +Y2QPlUXikFIgxlSKpviXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: crY5ppnalf1/sHgjgcpmEh/tIe8=
bmhelp.us/Script.ashx?__Cache=f772824c-fd70-49a4-932e-749fb8fa95f1
209.145.54.183200 OK 94 kB URL HTTP/2 bmhelp.us/Script.ashx?__Cache=f772824c-fd70-49a4-932e-749fb8fa95f1
IP 209.145.54.183:0
File type ASCII text, with very long lines (34153), with CRLF line terminators
Hash 9181744ed5aa0559ee8e2a935f0e2aff
2a997b6a592c788ebb8877eaf897804dc9789502
c2f1cfdbb4fd55394eab0e4f3e4ba61f1b3960c3c0c5f72641162bb610e2eaaa
Analyzer Verdict Alert fortinet Phishing
GET /Script.ashx?__Cache=f772824c-fd70-49a4-932e-749fb8fa95f1 HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31021739
content-length: 93624
content-type: text/javascript; charset=utf-8
content-encoding: gzip
expires: Mon, 28 Aug 2023 19:37:00 GMT
vary: Accept-Encoding, Accept-Language, Host, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
date: Sat, 03 Sep 2022 18:28:00 GMT
X-Firefox-Spdy: h2
bmhelp.us/App_Themes/SolidWithBlue/Default.css?__Cache=a1307a85-2347-4b9e-a103-ebd13cee994e
209.145.54.183200 OK 107 kB URL HTTP/2 bmhelp.us/App_Themes/SolidWithBlue/Default.css?__Cache=a1307a85-2347-4b9e-a103-ebd13cee994e
IP 209.145.54.183:0
File type ASCII text, with very long lines (27376), with CRLF line terminators
Size 107 kB (106707 bytes)
Hash 157ea6aa41c79756b38a1beb7b6d67ab
2cbfcc14ce7ebe926d91ab52ff26029312cd580b
5f14a1ad6dc7e59478f78999915ab8b853b0b2e170042bec3814ec4bac547e6a
Analyzer Verdict Alert fortinet Phishing
GET /App_Themes/SolidWithBlue/Default.css?__Cache=a1307a85-2347-4b9e-a103-ebd13cee994e HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31021593
content-length: 106707
content-type: text/css; charset=utf-8
content-encoding: gzip
expires: Mon, 28 Aug 2023 19:34:35 GMT
vary: Accept-Encoding
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
date: Sat, 03 Sep 2022 18:28:00 GMT
X-Firefox-Spdy: h2
bmhelp.us/Images/Extras.svg
209.145.54.183200 OK 322 B URL HTTP/2 bmhelp.us/Images/Extras.svg
IP 209.145.54.183:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (322), with no line terminators
Hash 813c72f0a4741978669871e3800d5279
ae5e036f992577f8afca3d99a352f44a217c2c2a
8fce4aad3b04f9b76a08bad9b2459e355bbf16a470486d689fa801b9a30e3061
Analyzer Verdict Alert fortinet Phishing
GET /Images/Extras.svg HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public
content-length: 322
content-type: image/svg+xml
expires: Sat, 03 Sep 2022 22:17:05 GMT
last-modified: Thu, 10 Mar 2022 23:28:04 GMT
accept-ranges: bytes
etag: "1D834D67D769A00"
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
date: Sat, 03 Sep 2022 18:28:01 GMT
X-Firefox-Spdy: h2
bmhelp.us/Images/WaffleIcon.svg
209.145.54.183200 OK 821 B URL HTTP/2 bmhelp.us/Images/WaffleIcon.svg
IP 209.145.54.183:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (821), with no line terminators
Hash 2599340bf60ee89b13e6b91beefe1199
4e0babcd7fdcabc1759ed0f130e06972340c5127
5bf4f707f250958980d313203989f1fca55b9446f34d667e7256f853d52e494d
Analyzer Verdict Alert fortinet Phishing
GET /Images/WaffleIcon.svg HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public
content-length: 821
content-type: image/svg+xml
expires: Sat, 03 Sep 2022 22:17:06 GMT
last-modified: Thu, 10 Mar 2022 23:28:04 GMT
accept-ranges: bytes
etag: "1D834D67D769A00"
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
date: Sat, 03 Sep 2022 18:28:01 GMT
X-Firefox-Spdy: h2
bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
209.145.54.183200 OK 105 B URL HTTP/2 bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
IP 209.145.54.183:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 69e3f01bdc4d4dea329da0314b5fcfbf
3ec4cb3de3c64ec81042e739b666b35cb73c1d0e
e15206ccc3589cc3c73b1194c95ec6a687771f3456d0d8ef1400bcd139161229
Analyzer Verdict Alert fortinet Phishing
POST /Services/PageService.ashx/GetGuestSessionInfo HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Anti-Forgery-Token: ciMSmNysvr9mdFN3XK+8eM9MiPP7RvISgfRbnPEtr/wBAACV7WEnS7UtQg==
X-Unauthorized-Status-Code: 403
Content-Length: 9
Origin: https://bmhelp.us
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 105
content-type: application/json; charset=utf-8
expires: -1
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
access-control-allow-origin: https://bmhelp.us
access-control-allow-credentials: true
date: Sat, 03 Sep 2022 18:28:01 GMT
X-Firefox-Spdy: h2
bmhelp.us/Images/ActivityIndicator.gif
209.145.54.183200 OK 28 kB URL HTTP/2 bmhelp.us/Images/ActivityIndicator.gif
IP 209.145.54.183:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash c63792b958d231654ab54542fea871db
c21cfffa5cbd2a7c94076324fe28c4596df92e0c
9d070c98f02f1d6287952256b47f7cd72eda89bda25ef99782325214a042f01a
GET /Images/ActivityIndicator.gif HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bmhelp.us/App_Themes/SolidWithBlue/Default.css?__Cache=a1307a85-2347-4b9e-a103-ebd13cee994e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public
content-length: 27503
content-type: image/gif
expires: Sat, 03 Sep 2022 20:10:55 GMT
last-modified: Thu, 10 Mar 2022 23:28:04 GMT
accept-ranges: bytes
etag: "1D834D67D769A00"
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
date: Sat, 03 Sep 2022 18:28:01 GMT
X-Firefox-Spdy: h2
bmhelp.us/FavIcon.axd?__Cache=09c267f4-9967-4353-962a-687d31461216
209.145.54.183200 OK 38 B URL HTTP/2 bmhelp.us/FavIcon.axd?__Cache=09c267f4-9967-4353-962a-687d31461216
IP 209.145.54.183:0
Hash a3ddc69ead48d5e01cf0141dd3e20abe
9a7a966e9735e9611fadbb9f7b14355769143663
2206a9c2bb7c1863d52caacd4d3926b48a9f21127901747953d05b1c447b24ae
Analyzer Verdict Alert fortinet Phishing
GET /FavIcon.axd?__Cache=09c267f4-9967-4353-962a-687d31461216 HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31021594
content-length: 38
content-type: image/vnd.microsoft.icon
expires: Mon, 28 Aug 2023 19:34:36 GMT
vary: Accept-Encoding
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
date: Sat, 03 Sep 2022 18:28:01 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16942
Expires: Sat, 03 Sep 2022 23:10:24 GMT
Date: Sat, 03 Sep 2022 18:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16942
Expires: Sat, 03 Sep 2022 23:10:24 GMT
Date: Sat, 03 Sep 2022 18:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16942
Expires: Sat, 03 Sep 2022 23:10:24 GMT
Date: Sat, 03 Sep 2022 18:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16942
Expires: Sat, 03 Sep 2022 23:10:24 GMT
Date: Sat, 03 Sep 2022 18:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16942
Expires: Sat, 03 Sep 2022 23:10:24 GMT
Date: Sat, 03 Sep 2022 18:28:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V6_bFwCNNOb2sZgOQJ8NekZD0pbYwclTg17YlQjCIdKFKGuzfDR0nQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:42:03 GMT
age: 53159
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:54 GMT
age: 74288
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: alcmiW5Cb3Z96RJNXfz4F54HNERbyV71Q8hqVuNEOTUc48kItzlfHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:53 GMT
age: 74289
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7975
x-amzn-requestid: 5ed9a360-5a7f-427a-a750-bd8f25214909
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwpOBEpjIAMFzXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63102259-4b9d2f6e61cc186f78718168;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:09:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BU7CFrnTBhvyqoRVp1t-e_ZErBnJA9l4qGkmxOQd10W48IzyIFGFZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:46:11 GMT
age: 52911
etag: "950611314b81428b3d80ff8659272cc800cf48b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:37:26 GMT
age: 75036
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d78cbff83c152b84864606781a29563d
8bdbc6e135be6e582d0e23754399422e3792777b
3c385de9ade05e1652ccc386e73aaccc4c223a07b81af4c5fdf3f73a166909f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14061
x-amzn-requestid: db7b338c-4fb1-46c0-827a-87e43ceacb90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjB_aFGyoAMFbeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ab062-060509a31e21bd514f736d49;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 00:01:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p_pP4bQ_t2iBcAl5CetPTBaNmV8E_Br_0Mn5qIlGeC8JCmILxA_l6A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 10:54:15 GMT
age: 27227
etag: "8bdbc6e135be6e582d0e23754399422e3792777b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
209.145.54.183200 OK 105 B URL HTTP/2 bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
IP 209.145.54.183:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3138dbdab16c1c82cc95de54ef461bcf
320763e51d62866cf9c7c4d31b1be73074ee24a3
b38eb04d10dc52a496ac3b8416e741b2c74c5fa33e53b66a2f45bbaac88b1499
Analyzer Verdict Alert fortinet Phishing
POST /Services/PageService.ashx/GetGuestSessionInfo HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Anti-Forgery-Token: ciMSmNysvr9mdFN3XK+8eM9MiPP7RvISgfRbnPEtr/wBAACV7WEnS7UtQg==
X-Unauthorized-Status-Code: 403
Content-Length: 17
Origin: https://bmhelp.us
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 105
content-type: application/json; charset=utf-8
expires: -1
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
access-control-allow-origin: https://bmhelp.us
access-control-allow-credentials: true
date: Sat, 03 Sep 2022 18:28:02 GMT
X-Firefox-Spdy: h2
bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
209.145.54.183200 OK 105 B URL HTTP/2 bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
IP 209.145.54.183:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 2b5b1b76f919fbad2f8444947b3b3d09
04d973310243988249b200455503d147cd45e5ef
cd1e13159996a2b8ad59c5103930d099d3b7ba1ef43c807fd6a7bba465ec58f4
Analyzer Verdict Alert fortinet Phishing
POST /Services/PageService.ashx/GetGuestSessionInfo HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Anti-Forgery-Token: ciMSmNysvr9mdFN3XK+8eM9MiPP7RvISgfRbnPEtr/wBAACV7WEnS7UtQg==
X-Unauthorized-Status-Code: 403
Content-Length: 17
Origin: https://bmhelp.us
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 105
content-type: application/json; charset=utf-8
expires: -1
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
access-control-allow-origin: https://bmhelp.us
access-control-allow-credentials: true
date: Sat, 03 Sep 2022 18:28:04 GMT
X-Firefox-Spdy: h2
bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
209.145.54.183200 OK 105 B URL HTTP/2 bmhelp.us/Services/PageService.ashx/GetGuestSessionInfo
IP 209.145.54.183:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ee3833d0695c508feb1dc7141f7536a8
132e33804d150562c6900ceb35935b7b002bec75
2d0828098e9e053f4f2e9ca885589043d1c644940fd7b47c8e9864098325b790
Analyzer Verdict Alert fortinet Phishing
POST /Services/PageService.ashx/GetGuestSessionInfo HTTP/1.1
Host: bmhelp.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Anti-Forgery-Token: ciMSmNysvr9mdFN3XK+8eM9MiPP7RvISgfRbnPEtr/wBAACV7WEnS7UtQg==
X-Unauthorized-Status-Code: 403
Content-Length: 17
Origin: https://bmhelp.us
Connection: keep-alive
Referer: https://bmhelp.us/?h=bmhelp.us&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQDFIYFw%20EW3NFzxIYD/RwtGClTA0Q8c9gxyG1xMArnelgZP5ifHErSPI66odOh2GLIDsvRruPQmwmS2r9ZUmoho00bAc5DK+hN2st/Fv0t4d+NprSWAy04i08HuwVk5KUVjQW2iOKna0PXFR3gXWjlxjf1UDXQs3/8xjZp5WDPDKxtAxagFktuUpNNK+JbhMCwvAosdf3KCjJzHDxZoz4bYOFEytju1YV7MsW9OWK2yKNHAzrfELacFjTvLdpqbFYQ9JPXFzhY/imfkFy+hVG/M1sBVRwFYWEJ8KF6TNYN+qUUT80h+cK5oaR/SxoxBmcgoZme7wfLemoUEt1vMBAWr&s=157586e7-213c-4a9a-99c3-b649342bc01a&i=Untitled%20Session&e=Support&y=Guest&r=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 105
content-type: application/json; charset=utf-8
expires: -1
server: ScreenConnect/22.3.7487.8130-854526139 Microsoft-HTTPAPI/2.0
access-control-allow-origin: https://bmhelp.us
access-control-allow-credentials: true
date: Sat, 03 Sep 2022 18:28:05 GMT
X-Firefox-Spdy: h2