firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 18 Sep 2022 14:12:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7chCRESav1tIlWoc0TZ2qcZdkj8a-4s-2TyftnSQBqzcbPED51ne8A==
Age: 2497
mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
301 Moved Permanently 162 B URL HTTP/1.1 mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 18 Sep 2022 14:53:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash adb43321efa5cd1662993b701ff25fa4
1299dcea7e9c59d9f22f39d69025484fe71098c1
2c25a6717245be3746f1412af9dd1c351e12dbb93e8e08c3ddcdacf35e419514
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C25A6717245BE3746F1412AF9DD1C351E12DBB93E8E08C3DDCDACF35E419514"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3854
Expires: Sun, 18 Sep 2022 15:58:00 GMT
Date: Sun, 18 Sep 2022 14:53:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 18 Sep 2022 03:30:43 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wIoc7AHzbg4GjcI381TrgJAZ-xZxlZwvjPHnMqD3U_Y9hfUxC9WRbQ==
age: 40983
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d2bc2e54a0d024e9fc5bad7a4f2f4a7e
f9e830b49a6fc5ae82051d1fb48510979ce2ced7
cc8ae425d10d215b2ac385d34e1123c54fe6fa0d6191d12c2ef6758c4dcf68cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CC8AE425D10D215B2AC385D34E1123C54FE6FA0D6191D12C2EF6758C4DCF68CB"
Last-Modified: Sat, 17 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21520
Expires: Sun, 18 Sep 2022 20:52:26 GMT
Date: Sun, 18 Sep 2022 14:53:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 18 Sep 2022 14:03:22 GMT
Expires: Sun, 18 Sep 2022 14:40:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: D6v-SjnMkkNi_fW6M8JXmu0SHL2BIcCrzlgHh6atlvI3_g18KTk1bQ==
Age: 3024
mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
200 OK 2.0 kB URL HTTP/2 mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash fc78d25c75f507e78f86560b6da15806
c2c2fada63f7e60edfdc55733e5242455dfaaa7b
5f5959a7df4fc01d9aa6ea0dfea267cdd967aa07d7bb9ffc97226768d72b6caa
Analyzer Verdict Alert fortinet Phishing
GET /index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:46 GMT
content-type: text/html; charset=UTF-8
content-length: 1997
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; path=/; HttpOnly
csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B; path=/; HttpOnly; SameSite=Lax
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.23, PleskLin
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css?av=6e24ff40
200 OK 5.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css?av=6e24ff40
IP
File type ASCII text, with very long lines (27303)
Hash fb68fcb5e0519fb76559c9ab267f8f3f
b96c07f9ef44dbecb4ec4d1cb4a0b30a210f9825
8d0f29c4b3a8b511e6a46bc29ab3d96566fb244fdca5003156c04ea6b65cdd71
GET /ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css?av=6e24ff40 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 14:53:46 GMT
content-type: text/css; charset=utf-8
content-length: 4972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-6b4a"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8798421
expires: Fri, 08 Sep 2023 14:53:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7bYLBTyzDlO320ReGngFv2WLkrxljMDW%2FRK07G%2B2JxhgekpJgKo6Rx9HSCMCngpImjxvfYwFdtpXKsGm7v0aE1JRxS7eux4E6%2FrXJnXDVJ9s51Br%2FOLGMR4VspFZR0rX050i0B6S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74cae9c0af8f0b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 5fd1174f35b25298fc44a6de1af3f3d6
d45a47995ec34c7df480b3efafb13f55d9df7eb8
f60573eff255ef3d7603ca813f410c30588931b4018ffa0e07fa0bb2653c47af
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3335
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 14:53:46 GMT
Last-Modified: Sun, 18 Sep 2022 13:58:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css?av=6e24ff40
200 OK 6.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css?av=6e24ff40
IP
File type Unicode text, UTF-8 text, with very long lines (50806)
Hash 0db2e85f504f65d4eba65a3a3176b99e
49445ca83b52538d5fb8f4ef3c5ed0bee904dc81
0153ed381a818cbc0ddab7d832c84bc3aae2aed1ccbe9821d625d6637046c953
GET /ajax/libs/ionicons/2.0.1/css/ionicons.min.css?av=6e24ff40 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 14:53:46 GMT
content-type: text/css; charset=utf-8
content-length: 6642
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ea8-c854"
last-modified: Mon, 04 May 2020 16:11:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3365240
expires: Fri, 08 Sep 2023 14:53:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EmBrxAvwOEb9sSuKmEyO607AJ8sfbv0EKQBRA2cXm56HIcAtZonxR32oMVQDsIcHAzUWJ%2B2ZkX8RsniuOLZHwEtwNKM5OKJtkGhJwJzDzFRQ%2BlfKi58nfxTy0R0Ey1x1c4rkFaNv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74cae9c0af910b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b417168037cd02cb414797a2fe8a898f
504f56151849a7bfcd36d7e72b39ead79a69bfe8
39238b70192886874fc0362dbf5e2b017f71760665c5d1025d75e4a304ded1f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 14:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b417168037cd02cb414797a2fe8a898f
504f56151849a7bfcd36d7e72b39ead79a69bfe8
39238b70192886874fc0362dbf5e2b017f71760665c5d1025d75e4a304ded1f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 14:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b417168037cd02cb414797a2fe8a898f
504f56151849a7bfcd36d7e72b39ead79a69bfe8
39238b70192886874fc0362dbf5e2b017f71760665c5d1025d75e4a304ded1f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 14:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b417168037cd02cb414797a2fe8a898f
504f56151849a7bfcd36d7e72b39ead79a69bfe8
39238b70192886874fc0362dbf5e2b017f71760665c5d1025d75e4a304ded1f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 14:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /X7ifAFl/nSoGAdhnZSPPA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0IUUlbfOSmjoLr1IlmDzCbOYov4=
mailer.btobglobalreach.com/frontend/assets/js/app.js?av=6e24ff40
200 OK 286 B URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/js/app.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Hash 701abd554bf0d4d1690ee06164f3c964
c18a3746a26d7454d976dcbe0bedf1910124942f
6a008db0a8c5a3cf349f786df5ff4e96cbdb03378c35cb1700dca333c9b4b4a6
Analyzer Verdict Alert fortinet Phishing
GET /frontend/assets/js/app.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
content-length: 286
x-accel-version: 0.01
last-modified: Tue, 21 Jun 2022 12:35:10 GMT
etag: "1d0-5e1f473863b80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=6e24ff40
200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=6e24ff40
IP
Hash c7c95e4b0096e7c8b43af4a629de2ace
f4d50947bdc54c8ab7fb4009969590d0f812d4e9
65b39b43758d222195653a6ede3fef67abc4e7aac1ae88d959d27b7665aa41eb
GET /css?family=Roboto:300,400,700,900&av=6e24ff40 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 18 Sep 2022 14:53:47 GMT
date: Sun, 18 Sep 2022 14:53:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mailer.btobglobalreach.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Sep 2022 08:31:01 GMT
expires: Wed, 13 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
age: 454966
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab87e1e4dc6abd919cf683dff901fe8
07cfbf03a72cb316844c48669a10484e63b7f887
d68b40168e5c06bd69b83e8529ea0b15996e7124d2c8b3c5b0be81c8946f04c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 14:53:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mailer.btobglobalreach.com/favicon.ico
200 OK 198 B URL HTTP/2 mailer.btobglobalreach.com/favicon.ico
IP
ASN #14061 DIGITALOCEAN-ASN
File type MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Hash ff82d748b4add52e4dd7c8f0b58b89f2
ea69cebf29f461d7831368697f303ea4f0c69a2d
de88c1f678413736e858b27974cd5d2181b3df891b8999dd93835384b0ca2d8f
GET /favicon.ico HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: image/vnd.microsoft.icon
content-length: 198
x-accel-version: 0.01
last-modified: Tue, 21 Jun 2022 12:35:10 GMT
etag: "c6-5e1f473863b80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2403
Expires: Sun, 18 Sep 2022 15:33:51 GMT
Date: Sun, 18 Sep 2022 14:53:48 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2403
Expires: Sun, 18 Sep 2022 15:33:51 GMT
Date: Sun, 18 Sep 2022 14:53:48 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2403
Expires: Sun, 18 Sep 2022 15:33:51 GMT
Date: Sun, 18 Sep 2022 14:53:48 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2403
Expires: Sun, 18 Sep 2022 15:33:51 GMT
Date: Sun, 18 Sep 2022 14:53:48 GMT
Connection: keep-alive
mailer.btobglobalreach.com/frontend/assets/css/style.css?av=6e24ff40
200 OK 8.1 kB URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/css/style.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Hash cbb7dd1dd6a7c5afe7e526e8f3e5052d
4776e5d9734f7d0b193092a26ea8877361554a5c
2a7381192366767c20d5931fd2b1a70a03d157a0340b8c0f76aab18a51d7b5a6
GET /frontend/assets/css/style.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:10 GMT
etag: W/"62b1bafe-3fc6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/app.js?av=6e24ff40
200 OK 11 kB URL HTTP/2 mailer.btobglobalreach.com/assets/js/app.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Hash b62b80d2d827bd2b10d22f1b2e967b37
422aa1dafd326b8b85cffe5963041d70a42ac854
69ae3650b6f5055d9e5edc36c897d3824a9684c33c3b493794c84e5a85fad0f9
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/app.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-aed"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: 2f547c1f-2f5d-4707-8f6c-fe9dfff51383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfS4FI9oAMFScw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145ab-3c967f2653d06c1c079f88c1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Q6pjncaouCXUu0Pz7v6xF_8ClxxVypUSeggW23Z-UTsPamKCTgwjmA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 22:00:17 GMT
age: 60811
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/css/skin-blue.css?av=6e24ff40
200 OK 23 kB URL HTTP/2 mailer.btobglobalreach.com/assets/css/skin-blue.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Hash 045057ca4fb5cfedf901c822c7d61155
1ff7091de1b0e26d08d726158601d78eb16252dd
4b891c524106009e67753cc20431d92e5ee0466f9010d71b99f7979437f7684f
Analyzer Verdict Alert fortinet Phishing
GET /assets/css/skin-blue.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-30536"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery.min.js
200 OK 37 kB URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery.min.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65447)
Hash bbbcebbdb700d729c52af24cf2d49665
a6e2944b2f0f946935d50b9b7a65101d368f402a
36a80d16fc903686a92121e45546d56fb332417c64f1c61860c89450e18d86a8
Analyzer Verdict Alert fortinet Phishing
GET /frontend/assets/cache/698df99a/jquery.min.js HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Mon, 04 Jul 2022 15:59:56 GMT
etag: W/"62c30e7c-15d9d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87c956a4-db39-47fc-87b0-5c576f15441b.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87c956a4-db39-47fc-87b0-5c576f15441b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97d0fb7f2e5c544eb87b803a153d8763
a247157989727bf0d4598679f7f0cc9646299cbd
cfff9f9aaad7b3dc4949c917df6096ee65a3392d8a8dceddf94261af5480ac56
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87c956a4-db39-47fc-87b0-5c576f15441b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: cb45074f-f130-41a6-b253-6bc6654e8ebb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn6KXH3gIAMFwnA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263d75-32ffacde1e1eb46117c61fe9;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:34:45 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P60MPAXw-2lxWTjCtqk9Cd1oga6yuq6lcApDeSIWfIAehDHdXsCFIw==
via: 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 21:52:10 GMT
age: 61298
etag: "a247157989727bf0d4598679f7f0cc9646299cbd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/knockout.min.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/knockout.min.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/knockout.min.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-e9ae"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/css/bootstrap.min.css?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/css/bootstrap.min.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/css/bootstrap.min.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-18679"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/bootstrap.min.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/bootstrap.min.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
GET /assets/js/bootstrap.min.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-71b6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/css/adminlte.css?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/css/adminlte.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
GET /assets/css/adminlte.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-35409"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/cookie.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/cookie.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/cookie.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-134a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/adminlte.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/adminlte.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/adminlte.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-262e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/notify.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/notify.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/notify.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-15d9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery-migrate.min.js
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery-migrate.min.js
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /frontend/assets/cache/698df99a/jquery-migrate.min.js HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/sa039qxgwxc4e/unsubscribe/fn326okkswa0b/vj169eskey9da
Cookie: mwsid=3s5ak2f6ke0rmab9j95h37tt6o; csrf_token=c4af2f8b468448ad63c06b71753a7ca6e8d5068cs%3A88%3A%22RUdNSEM4N1dvSEd5QVlHc2xWOHhVYmNJdzFJNnNYQkj740qr0Br2NU3QKryhlHDJGpOhwvd922LDdSO-ymc4HA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 14:53:47 GMT
content-type: application/javascript
last-modified: Mon, 04 Jul 2022 15:59:56 GMT
etag: W/"62c30e7c-349b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=6e24ff40
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=6e24ff40
IP
GET /css?family=Open+Sans:300,400,700&av=6e24ff40 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 18 Sep 2022 14:53:47 GMT
date: Sun, 18 Sep 2022 14:53:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=6e24ff40
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=6e24ff40
IP
GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=6e24ff40 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 18 Sep 2022 14:53:47 GMT
date: Sun, 18 Sep 2022 14:53:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
147.182.218.11
104.17.24.14
93.184.220.29
23.36.77.32