r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 048cda18c6dbe7c4e4b106f5e1104b0a
1bd6f3367ccf446263b00ad8c1ece15a4164730b
66a680d9b8e454db94e14d2c4a466891e538b2d83ccee0dc65be62163992b4e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66A680D9B8E454DB94E14D2C4A466891E538B2D83CCEE0DC65BE62163992B4E0"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12787
Expires: Wed, 21 Dec 2022 09:16:16 GMT
Date: Wed, 21 Dec 2022 05:43:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b8fbcd7ca1a893d05677318a8a198e7a
0851654c21f6e3741887e7deab8098c1dc56f33c
edbade5913ace2fcbb932922e9af69acb2e8759474a2eeaec216307247fea361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDBADE5913ACE2FCBB932922E9AF69ACB2E8759474A2EEAEC216307247FEA361"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2532
Expires: Wed, 21 Dec 2022 06:25:21 GMT
Date: Wed, 21 Dec 2022 05:43:09 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 21 Dec 2022 04:45:54 GMT
content-type: application/json
age: 3435
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f4b32de26d9af2cba6afcdcf716d3fb8
644ead4436a8f2fc1f0dd25e4484b64f6ed63347
525123034cb53d750d5ebd487015911452d2cd3c34301e6628f2f52f3f0bfc88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "525123034CB53D750D5EBD487015911452D2CD3C34301E6628F2F52F3F0BFC88"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12095
Expires: Wed, 21 Dec 2022 09:04:44 GMT
Date: Wed, 21 Dec 2022 05:43:09 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 92hcPLm+jWlSca4FTjTRLhOYhATBQmraCfKig0x0m+RuEUK6GC3+/7Sqpss8GFAu1KSZY7Dt38vK5RkD6UPLtA==
x-amz-request-id: 8WHPNV3QQ61NQKGT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 21 Dec 2022 04:55:15 GMT
age: 2874
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
mail.envipetro.co.za/verify/huntington/activefjj/processing.html
192.185.146.233200 OK 38 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/processing.html
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3686)
Hash 084745df989b3bac64fae175debf2034
b47eebbc858ea71e91791c65d798fdeb3f072234
5b71f579930c3a8e11449f8ef8c637d7e8b7359a948026dd816add801b84480e
NIDS Severity Alert suricata medium ET PHISHING Possible Phish - Saved Website Comment Observed
GET /verify/huntington/activefjj/processing.html HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: nginx/1.23.2
Content-Type: text/html
Last-Modified: Thu, 31 Oct 2019 23:51:56 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: true
X-Proxy-Cache: HIT
Transfer-Encoding: chunked
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 05:43:09 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mail.envipetro.co.za/verify/huntington/activefjj/forg/jquery-3.4.1.min.js.download
192.185.146.233200 OK 39 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/jquery-3.4.1.min.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65451)
Hash efac5ec08a294b9719fa79a8452f93a2
58475b2c269b29313c16c3ee9a9e8a9bc6e80097
1d2a26f8aaf3ff0298a942711bf9b01dc2aef45e955031ec7935ca76549afc83
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/jquery-3.4.1.min.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
mail.envipetro.co.za/verify/huntington/activefjj/forg/chat-fab.js.download
192.185.146.233200 OK 7.7 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/chat-fab.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (19644)
Hash bf5689b8923263fd6b033aac877b032e
3df75cc33f1d65035b5374aaad24d45df06bb681
ed45217eccd6d351121aaa63d36d315c6b9626caea11725fabe4b2b2a5acd0ad
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/chat-fab.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 31 Oct 2019 09:12:40 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7650
Content-Type: application/javascript
mail.envipetro.co.za/verify/huntington/activefjj/forg/sp.pl.download
192.185.146.233500 Internal Server Error 6.3 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/sp.pl.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (481)
Hash eb151dd392a0644484b23d739bf1e6ed
3e4d4e7509a02e37f7f6442be91782e604a56414
1adede4a6b8bc662edc345dfadc65304f346ab71db94b67d83e02356afe1973e
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/sp.pl.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 500 Internal Server Error
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 6308
Last-Modified: Sat, 01 Oct 2022 13:15:55 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
mail.envipetro.co.za/verify/huntington/activefjj/forg/site-survey.js.download
192.185.146.233200 OK 3.3 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/site-survey.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (7496), with CRLF line terminators
Hash e7f68cf9f1b2c80ee3b115f4f267b25e
d8c2d8ac99ff59d4ed6acae7e9b810d1c92038b3
376b8a7535f91db0deacd7e8acd5e8964f216e3f7ed27fbc714346973eb83fe5
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/site-survey.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3288
Content-Type: application/javascript
mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
192.185.146.233200 OK 91 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash 363e73191610a49c0fa15748b7665616
9ab38a079b4afba921921c86861bebe5d4055a48
a0526232002065bf600a3d5704e1b105f4ab42f7a2b7308d1ae1c8536d3c8625
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/toolkit.min.css HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 31 Oct 2019 09:12:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/css
mail.envipetro.co.za/verify/huntington/activefjj/forg/sp.pl(1).download
192.185.146.233200 OK 0 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/sp.pl(1).download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/sp.pl(1).download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: nginx/1.23.2
Content-Length: 0
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 21 Dec 2022 05:33:24 GMT
age: 585
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
mail.envipetro.co.za/verify/huntington/activefjj/forg/lockup.svg
192.185.146.233200 OK 3.9 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/lockup.svg
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3937), with CRLF line terminators
Hash 760da63259e763df170dc8720b8d8a41
efd755d6b9efdb7ce688a77f4d68dee3498162eb
9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/lockup.svg HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:40 GMT
Accept-Ranges: bytes
Content-Length: 3942
Content-Type: image/svg+xml
mail.envipetro.co.za/verify/huntington/activefjj/forg/0
192.185.146.233200 OK 0 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/0
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/0 HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: nginx/1.23.2
Content-Length: 0
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
mail.envipetro.co.za/verify/huntington/activefjj/forg/Bootstrap.js.download
192.185.146.233200 OK 42 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/Bootstrap.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (579)
Hash 4028bf36a3e6bc2548e65adc7b666efa
62a6e951388e842f2f2169dec2250f3847aca705
b6af671b2b4d1baa7620bd98b77fd8a5677c373859b8c9e535c74c19fff638ce
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/Bootstrap.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 31 Oct 2019 09:12:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
mail.envipetro.co.za/verify/huntington/activefjj/forg/oo_icon_retina_black.gif
192.185.146.233200 OK 3.3 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/oo_icon_retina_black.gif
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 18 x 18\012- data
Hash a12e06853203ca600c1be91018b8b676
c8e2c4e88d37cb79ea9ddc3ed78186b409333912
62e5b1bb4bc6496956b943374fca10b7fee4af4dc15450b7772469f38b2e06b9
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/oo_icon_retina_black.gif HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:40 GMT
Accept-Ranges: bytes
Content-Length: 3334
Content-Type: image/gif
mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Medium.woff2
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Medium.woff2
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.js.download
192.185.146.233200 OK 164 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 164 kB (164048 bytes)
Hash 56df9e15520787cb9011b7ad87d79563
8fb9f9db5dae30a9d4b2f2e9d137cd77ff789a8b
98bf98a53efa961f149278db5a2840b2bce30ede31484db1ff56ecfa8eef2e1f
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/toolkit.min.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:09 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 31 Oct 2019 09:12:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-700.woff2
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-700.woff2
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/muli-v11-latin-700.woff2 HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
mail.envipetro.co.za/verify/huntington/activefjj/forg/0(1)
192.185.146.233200 OK 0 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/0(1)
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/0(1) HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Length: 0
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a250ed505d8c0d5830cf5b6119d4e383
96552671acb11523ff277ec050768abb0eb25ab0
629f2b06fb50ff08303bc208da1c991b13b4a54287a74796f3f12adf790264e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3435
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:10 GMT
Last-Modified: Wed, 21 Dec 2022 04:45:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a250ed505d8c0d5830cf5b6119d4e383
96552671acb11523ff277ec050768abb0eb25ab0
629f2b06fb50ff08303bc208da1c991b13b4a54287a74796f3f12adf790264e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3293
Cache-Control: max-age=160276
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:10 GMT
Etag: "63a25f25-1d7"
Expires: Fri, 23 Dec 2022 02:14:26 GMT
Last-Modified: Wed, 21 Dec 2022 01:19:33 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a250ed505d8c0d5830cf5b6119d4e383
96552671acb11523ff277ec050768abb0eb25ab0
629f2b06fb50ff08303bc208da1c991b13b4a54287a74796f3f12adf790264e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5508
Cache-Control: max-age=162491
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:10 GMT
Etag: "63a25f25-1d7"
Expires: Fri, 23 Dec 2022 02:51:21 GMT
Last-Modified: Wed, 21 Dec 2022 01:19:33 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a250ed505d8c0d5830cf5b6119d4e383
96552671acb11523ff277ec050768abb0eb25ab0
629f2b06fb50ff08303bc208da1c991b13b4a54287a74796f3f12adf790264e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 865
Cache-Control: max-age=157848
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:10 GMT
Etag: "63a25f25-1d7"
Expires: Fri, 23 Dec 2022 01:33:58 GMT
Last-Modified: Wed, 21 Dec 2022 01:19:33 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
mail.envipetro.co.za/verify/huntington/activefjj/forg/sp.pl.download
192.185.146.233500 Internal Server Error 6.3 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/sp.pl.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (481)
Hash eb151dd392a0644484b23d739bf1e6ed
3e4d4e7509a02e37f7f6442be91782e604a56414
1adede4a6b8bc662edc345dfadc65304f346ab71db94b67d83e02356afe1973e
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/sp.pl.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 500 Internal Server Error
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 6308
Last-Modified: Sat, 01 Oct 2022 13:15:55 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
mail.envipetro.co.za/verify/huntington/activefjj/loading.gif
192.185.146.233200 OK 126 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/loading.gif
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 340 x 340\012- data
Size 126 kB (126069 bytes)
Hash 465f55188a4c0f479cfbad002c8b58c3
6bbce57136615ea6e5f956e6dd9145343b18e3e6
f5a419c0a6d36e8f7776dddf084522cbb8522ab3c2bd901f0da92f3e35e75af8
GET /verify/huntington/activefjj/loading.gif HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 23:44:58 GMT
Accept-Ranges: bytes
Content-Length: 126069
Content-Type: image/gif
mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-300.woff2
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-300.woff2
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/muli-v11-latin-300.woff2 HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Medium.woff2
104.84.152.56200 OK 20 kB URL HTTP/2 www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Medium.woff2
IP 104.84.152.56:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 19976, version 1.131\012- data
Hash 3a077fd2bd5357dd3e08636baa59af5b
266784e6eb28365e3779a398e462193572b0278a
04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d
GET /Presentation/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-length: 19976
content-type: application/font-woff2
etag: "0f59ebaf2e3d81:0:dtagent10243220606153550xoQJ"
last-modified: Wed, 19 Oct 2022 19:41:05 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1316178220", dtTao;desc="1"
x-ua-compatible: IE=edge
cache-control: public, max-age=478862
expires: Mon, 26 Dec 2022 18:44:12 GMT
date: Wed, 21 Dec 2022 05:43:10 GMT
X-Firefox-Spdy: h2
www.huntington.com/Presentation/fonts/HuntingtonApexWeb-MediumCaps.woff2
104.84.152.56200 OK 19 kB URL HTTP/2 www.huntington.com/Presentation/fonts/HuntingtonApexWeb-MediumCaps.woff2
IP 104.84.152.56:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data
Hash 6bcfcbed1f0aa26a245423d2e4bcde4f
d17df2ba457e3009ee38db903b88671885c3984e
9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22
GET /Presentation/fonts/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-length: 18636
content-type: application/font-woff2
etag: "0f59ebaf2e3d81:0:dtagent10243220606153550xoQJ"
last-modified: Wed, 19 Oct 2022 19:41:05 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-591602681"
x-ua-compatible: IE=edge
cache-control: public, max-age=437454
expires: Mon, 26 Dec 2022 07:14:04 GMT
date: Wed, 21 Dec 2022 05:43:10 GMT
X-Firefox-Spdy: h2
www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Book.woff2
104.84.152.56200 OK 21 kB URL HTTP/2 www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Book.woff2
IP 104.84.152.56:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data
Hash a075767d12a8cc86d52367ef3aacec11
9aef8898e7a319ee5cbe08c5b0cec63512561d7d
e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555
GET /Presentation/fonts/HuntingtonApexWeb-Book.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-length: 20592
content-type: application/font-woff2
etag: "09cbc8223f9d81:0:dtagent10249220905100923HoHr"
last-modified: Tue, 15 Nov 2022 18:53:11 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="-397965887", dtTao;desc="1"
x-ua-compatible: IE=edge
cache-control: public, max-age=847132
expires: Sat, 31 Dec 2022 01:02:02 GMT
date: Wed, 21 Dec 2022 05:43:10 GMT
X-Firefox-Spdy: h2
www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Bold.woff2
104.84.152.56200 OK 20 kB URL HTTP/2 www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Bold.woff2
IP 104.84.152.56:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data
Hash ee5e65624970575e475f375b29b0b22b
6e622749b6f7092e825eb7ed90b74c3d70fa43b9
deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215
GET /Presentation/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-length: 19712
content-type: application/font-woff2
etag: "09cbc8223f9d81:0:dtagent10249220905100923HoHr"
last-modified: Tue, 15 Nov 2022 18:53:11 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
server-timing: dtSInfo;desc="0", dtRpid;desc="1293310310", dtTao;desc="1"
x-ua-compatible: IE=edge
cache-control: public, max-age=2147510
expires: Sun, 15 Jan 2023 02:15:00 GMT
date: Wed, 21 Dec 2022 05:43:10 GMT
X-Firefox-Spdy: h2
mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Bold.woff2
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Bold.woff2
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Medium.woff
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Medium.woff
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/HuntingtonApexWeb-Medium.woff HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
mail.envipetro.co.za/verify/huntington/activefjj/forg/EHL_Black_HouseOnly.svg
192.185.146.233200 OK 707 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/EHL_Black_HouseOnly.svg
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 422002ff598ec781dc753d0627bec1ee
d440d6acb305d644a4ba824a28c97f04511aac95
4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/EHL_Black_HouseOnly.svg HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Accept-Ranges: bytes
Content-Length: 707
Content-Type: image/svg+xml
mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-700.woff
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-700.woff
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/muli-v11-latin-700.woff HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
mail.envipetro.co.za/verify/huntington/activefjj/forg/logo-honeycomb.svg
192.185.146.233200 OK 844 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/logo-honeycomb.svg
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with no line terminators
Hash d7ce1f5e222e75801ed22741962ac64b
3cf38997840e2047e145a747cbb220cee28adaab
83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/logo-honeycomb.svg HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Accept-Ranges: bytes
Content-Length: 844
Content-Type: image/svg+xml
mail.envipetro.co.za/verify/huntington/activefjj/forg/nuanceChat.html
192.185.146.233200 OK 637 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/nuanceChat.html
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (432)
Hash e3d3a570a6e7476ff2a5c1b92bf148fc
05388fb247c7e1dda7bcc0bf795d5f47d57e227a
ef43c8adc400f18d7a9c01ae2122f74a9d2ad203cd0bb37d7e6f7960cc9c2932
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/nuanceChat.html HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 637
Last-Modified: Thu, 31 Oct 2019 09:12:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi.html
192.185.146.233200 OK 475 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi.html
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (313)
Hash 20284bb64eaf3570d981ac82c780dd64
f65747e9e2b5f125a16fd563bcab0ef87e63524a
feb28fb750c69a04c87a4697b96d9bbb8d0d657df140cf153173249f9776df2c
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/activityi.html HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 475
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-300.woff
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/muli-v11-latin-300.woff
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/muli-v11-latin-300.woff HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
push.services.mozilla.com/
52.43.253.52101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.253.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gFQ5w7z7WzhNe4FFDkaENg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8nEi5fJX3kMEIALUDkXetlQBB2E=
mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Bold.woff
192.185.146.233404 Not Found 12 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/fonts/HuntingtonApexWeb-Bold.woff
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/fonts/HuntingtonApexWeb-Bold.woff HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/toolkit.min.css
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Content-Type: text/html
mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi(1).html
192.185.146.233200 OK 468 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi(1).html
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (306)
Hash ade204a9145cc594265253afe7cb905f
bc8e25b59afb25c3bc56fb5d98e111270c5b4389
26d0393246eed0d1ede4731580a1320f41d0b976e5de3d763f4be7794039f149
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/activityi(1).html HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 468
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi(2).html
192.185.146.233200 OK 371 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi(2).html
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 17129e91277986629517a89ca301dbfc
b13a862d16e8f29c449b5b227efe2cb7f62fb68a
b2cf6a8a642dbe371ec7fd0f466ca20ce44fee242c33d274abff80c99b3fe24c
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/activityi(2).html HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 371
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=5.776189300785576&ClientID=1035&PageID=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html
34.242.179.188200 OK 244 B URL HTTP/1.1 ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=5.776189300785576&ClientID=1035&PageID=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html
IP 34.242.179.188:0
File type ASCII text, with very long lines (318)
Hash 4ea6f9f38bf40b02e75a2e2b1a819427
ae2d87956051f01d886baac804136183c6eb5a41
b42b7f893c1db930dbefd5de30af32c355ac5c1a18b42a520f132401cbb02963
GET /huntington/com/serverComponent.php?r=5.776189300785576&ClientID=1035&PageID=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 21 Dec 2022 05:43:09 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 d8e6d5a84eb26ff3b7d1801d7337b390.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB56-P1
X-Amz-Cf-Id: l_n28Ygs61xk2UKTxKGWDkmKWcQUEQMLzXfnVOX-PIV2yfDyIjx67Q==
Content-Encoding: gzip
mail.envipetro.co.za/verify/huntington/activefjj/:abstract.simplenet.com/point.gif
192.185.146.233404 Not Found 4.7 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/:abstract.simplenet.com/point.gif
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/:abstract.simplenet.com/point.gif HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Content-Type: text/html
mail.envipetro.co.za/verify/huntington/activefjj/abstract.simplenet.com/point2.html
192.185.146.233404 Not Found 4.7 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/abstract.simplenet.com/point2.html
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/abstract.simplenet.com/point2.html HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/processing.html
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 4677
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
mail.envipetro.co.za/verify/huntington/activefjj/forg/inqChatLaunch10006663.js.download
192.185.146.233200 OK 8.5 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/inqChatLaunch10006663.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (999)
Hash 2a8e8b3225dbfdcd6e4519082aa6fabd
46c9f0adc30a07c9725927ca75388dcfb714bb7e
b510bb32faa550cf92859dfdfeefac44f3a79bde95a78efe3d6764207b68e3d9
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/inqChatLaunch10006663.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/nuanceChat.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8485
Content-Type: application/javascript
mail.envipetro.co.za/verify/huntington/activefjj/forg/site_10006663_default.js.download
192.185.146.233200 OK 14 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/site_10006663_default.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (21865)
Hash d76b27abe4da5f9e8cc1db8a3a95b067
fee40136b8b716be0047509389a4b771586a27e1
75ca6b1e250760d5278c049b88e3958831f38876eda8e1968b4c8d75c1e6ce40
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/site_10006663_default.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/nuanceChat.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13524
Content-Type: application/javascript
ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774
34.242.179.188200 OK 37 kB URL HTTP/1.1 ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774
IP 34.242.179.188:0
File type ASCII text, with very long lines (557)
Hash 0de5f6cceb14db8cc7bf86ec19b57f9a
a8ee6ce86c42294fdfb2b902035c1d34ad527248
3f15b0d63296133b3341d2790bceaf92de56964dc4300f6e4119754de7b71d8f
GET /huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774 HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 25 Oct 2022 01:03:34 GMT
ETag: W/"5828bc2a2ceaa2961527eedaf4167b77"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: _Eu9yh546j8gLFYRdH7PZW2b19GSVtw7
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e20527248be1eebaced63108ab7e73d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB56-P1
X-Amz-Cf-Id: nHrqRPMkSK86_J0beFDSV0g-1NGPLRhH9abtZylJpF3nAi2gjESd3A==
Age: 591604
www.huntington.com/Presentation/images/favicon-16x16.png
104.84.152.56200 OK 322 B URL HTTP/2 www.huntington.com/Presentation/images/favicon-16x16.png
IP 104.84.152.56:0
ASN #20940 Akamai International B.V.
File type RIFF (little-endian) data, Web/P image\012- data
Hash 55f45d358206ca31c4759defeea3be62
04c605b51629b94085bc2bd054b4e6c6989b2ffb
1c8581c1cc0ae1972eaf6022b377d3cb4c343f9c14d441376b1c546996685f51
GET /Presentation/images/favicon-16x16.png HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "0d42de2dc28d81:0"
last-modified: Wed, 08 Jun 2022 21:36:06 GMT
server: Akamai Image Manager
content-length: 322
content-type: image/webp
cache-control: private, no-transform, max-age=61146
expires: Wed, 21 Dec 2022 22:42:16 GMT
date: Wed, 21 Dec 2022 05:43:10 GMT
X-Firefox-Spdy: h2
mail.envipetro.co.za/verify/huntington/activefjj/forg/dc_pre=CLTq_MC0x-UCFa2pUQodVuwC7w
192.185.146.233200 OK 42 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/dc_pre=CLTq_MC0x-UCFa2pUQodVuwC7w
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/dc_pre=CLTq_MC0x-UCFa2pUQodVuwC7w HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Length: 42
Last-Modified: Thu, 31 Oct 2019 09:12:34 GMT
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=DC-10701487
142.250.74.40302 Found 252 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=DC-10701487
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c911c6f4161cf68ee27d02ec0f268ff8
0bd040c44c96dd6b1b89613ffc4e48a0152eec95
c9fc67737c8a2913e73cf8ab458fbb11b1d39ea3302992eb0da094fe74954164
GET /gtag/js?id=DC-10701487 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=DC-10701487
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 252
X-XSS-Protection: 0
ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fforg%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException
34.242.179.188204 No Content 0 B URL HTTP/1.1 ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fforg%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException
IP 34.242.179.188:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fforg%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 2900c8bea7962de658e6de19988c7118.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB56-P1
X-Amz-Cf-Id: 7d-TH5LgASDa_Np3auxt8T4BXk6hD6VDgOSDPqOQW9EsD0bllbJAkQ==
Age: 7569
mail.envipetro.co.za/verify/huntington/activefjj/forg/dc_pre=CJae2MC0x-UCFUXk5god2JgMuw
192.185.146.233200 OK 42 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/dc_pre=CJae2MC0x-UCFUXk5god2JgMuw
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/dc_pre=CJae2MC0x-UCFUXk5god2JgMuw HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi(1).html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Length: 42
Last-Modified: Thu, 31 Oct 2019 09:12:34 GMT
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
mail.envipetro.co.za/verify/huntington/activefjj/forg/dc_pre=CKyG_cC0x-UCFVTk5godLMAPeQ
192.185.146.233200 OK 42 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/dc_pre=CKyG_cC0x-UCFVTk5godLMAPeQ
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/dc_pre=CKyG_cC0x-UCFVTk5godLMAPeQ HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/activityi(2).html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Length: 42
Last-Modified: Thu, 31 Oct 2019 09:12:34 GMT
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
mail.envipetro.co.za/verify/huntington/activefjj/forg/9aa6326d0a213349d14536877709ce
192.185.146.233200 OK 63 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/9aa6326d0a213349d14536877709ce
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (62628), with no line terminators
Hash 81549b1f4f13ae790dd0fea0ec8c2686
ddbec0647d2496fd9476f2b86a60db8c99908b20
4993ce32b74b1f0d13a926f3f0a79dc7d1bf714ce38130b05068582f96e46899
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/9aa6326d0a213349d14536877709ce HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/nuanceChat.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: nginx/1.23.2
Content-Length: 62628
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=DC-10701487
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-10701487
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash 8c7550675d1b31e3b192892c8e54ee0c
269fc2e9cdd67b987e290fbde517c869c385462c
c310a2d2a8d9f9713e52a3774370e8c4c85ee8af4bdde34876d8b8e6dbfbc92f
GET /gtag/js?id=DC-10701487 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.envipetro.co.za/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 21 Dec 2022 05:43:10 GMT
expires: Wed, 21 Dec 2022 05:43:10 GMT
cache-control: private, max-age=900
last-modified: Wed, 21 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash df9ee05cc140f619a69b770c388c33df
c07e052104e98a1176dd6512fc01b6075b4865a5
2d628f50fb563fcb6c30ad985277f59e0bdf4f240ecedfb3b1e5aa70aeae17d4
GET /gtag/js?id=AW-849073348&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 70c1096689fc71f2152ebe6c5c26cd78
06096e48d46a7e2cae7bc7a369ab729910f4473d
84dcca42231d9c3689703524bf60a2cca448645ee6559dbe43c9c0498efc391b
GET /gtag/js?id=AW-391028924&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 9a5925fe9faff42cc8390efdc5e2eff8
39ca642317be780d118d5ff62197921098af3e08
7e8b8a5e18a9d993d5b47ac50b123a45aba9d25df045d0b833dc7e552eb7079f
GET /gtag/js?id=AW-786635084&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 211253e14e3774c27f057fd79c6f3297
117ffcb6132283d4854b262e6d7bf74dc93333a9
1f8edff0043067941ef114cc6d71502f1bfb8dd829a3a61723d6fffc484cd577
GET /gtag/js?id=AW-849063932&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
cdn.clinch.co/a_js/client_pixels/clq/script.min.js
95.101.10.121200 OK 4.6 kB URL HTTP/1.1 cdn.clinch.co/a_js/client_pixels/clq/script.min.js
IP 95.101.10.121:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (14797), with no line terminators
Hash 87474300d7f17748e3ed24b42d4bee2b
9d2c3a1f2b9cffdcb309ea2a2b13bed7b693042c
0388ad3b8fc80cfb336b71fabe7c01a2a8d8ff699fb448f4105a7d9ff5f680ef
GET /a_js/client_pixels/clq/script.min.js HTTP/1.1
Host: cdn.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: GOUPBDUqUrWxvP4/HKrzDYlrArfvlOmQz/pa4jdSpy+ixsYiakPlmO04sxkhp2bewI29qI1gmfQ=
x-amz-request-id: C4V9F73KCAC1YNPX
Last-Modified: Tue, 11 Jan 2022 12:52:46 GMT
ETag: "666e09028e21421106f9ecd0ceb1ddac"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=25765851
Expires: Sun, 15 Oct 2023 10:54:01 GMT
Date: Wed, 21 Dec 2022 05:43:10 GMT
Content-Length: 4567
Connection: keep-alive
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,HEAD,OPTIONS
Access-Control-Allow-Origin: *
mail.envipetro.co.za/verify/huntington/activefjj/forg/tcFramework.min.js.download
192.185.146.233200 OK 175 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/tcFramework.min.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3096)
Size 175 kB (174681 bytes)
Hash c07430b0653d2aabb82ae7204b80b23e
f708cae78c7201839f334773087461e4ef3326b9
c2e21ee5ea5519788382bc1840f298f947acc0f1ce0f9029d8c97264da31834a
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/tcFramework.min.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/nuanceChat.html
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:10 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bb120a816fcf4f6afe7a3aeab18e7bbd
1f15e81595a0b524a2401d5566beaa0b8d4f61e6
cca2f14595c5ba6446c4e522883036fa07e31599909870ad42bc678587b1a91d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2918
Cache-Control: max-age=111233
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Etag: "63a1a10a-1d7"
Expires: Thu, 22 Dec 2022 12:37:04 GMT
Last-Modified: Tue, 20 Dec 2022 11:48:26 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 8b26cd4609e2025e51e90573a0fbd6f7
efc2006ae5297ad5ae5e064188b9fba73f6b868f
e288b6a1e220f5fb781cfbb0b739b36c6acfdceccff8f0278fc151c241b0b50b
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy-report-only: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: FyOvF+Srt+T448m6HPYrhKvOs+Nsm12mqb34dHUpLLJ/xbiidDBY8TjEoLOTlrM8PZwyY8FHIduUyot0/dqAYw==
priority: u=3,i
content-length: 27298
x-fb-trip-id: 2074150462
date: Wed, 21 Dec 2022 05:43:11 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1671601408576&cv=11&fst=1671601408576&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.98200 OK 956 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/391028924/?random=1671601408576&cv=11&fst=1671601408576&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2117), with no line terminators
Hash 757d8be854c49f33de5171470d19519c
746c3a05318ed56571ff847ae445c48404c0dd2a
4c7a0bd21ce620a142d55b978ef73e5a6f72922cdfde8e11b3000a0280579928
GET /pagead/viewthroughconversion/391028924/?random=1671601408576&cv=11&fst=1671601408576&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 956
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 21-Dec-2022 05:58:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bb120a816fcf4f6afe7a3aeab18e7bbd
1f15e81595a0b524a2401d5566beaa0b8d4f61e6
cca2f14595c5ba6446c4e522883036fa07e31599909870ad42bc678587b1a91d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4207
Cache-Control: max-age=112522
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Etag: "63a1a10a-1d7"
Expires: Thu, 22 Dec 2022 12:58:33 GMT
Last-Modified: Tue, 20 Dec 2022 11:48:26 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1671601408531&cv=11&fst=1671601408531&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.98200 OK 955 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/849073348/?random=1671601408531&cv=11&fst=1671601408531&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2117), with no line terminators
Hash 70f0170848eb4b318629d1297b7d1362
bfceaaacbb0abe0e64b30e59b75c1bd804c166f1
c7be9739cdb16e3dcf81500a26bec66a556f06d1c5044f6d0242b047fb4a6f4c
GET /pagead/viewthroughconversion/849073348/?random=1671601408531&cv=11&fst=1671601408531&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 955
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 21-Dec-2022 05:58:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1671601408549&cv=11&fst=1671601408549&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.98200 OK 956 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/786635084/?random=1671601408549&cv=11&fst=1671601408549&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2117), with no line terminators
Hash 185c1c07671d50e7ebaa02f127d38fab
34b0552e64e30cd081ea45eb461cbba4b907bdc3
59e9beae70f276f438526f0220cc340447697876d86039ce911d0d18a0e5383c
GET /pagead/viewthroughconversion/786635084/?random=1671601408549&cv=11&fst=1671601408549&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 956
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 21-Dec-2022 05:58:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1671601408594&cv=11&fst=1671601408594&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.98200 OK 957 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/849063932/?random=1671601408594&cv=11&fst=1671601408594&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2117), with no line terminators
Hash dd5e45913e3664abab72e09befe06434
c7ed048602f38c4face00077e4921f06c6848341
84fc4d0301ee269783fecd8af014661d57844914d1758095cb31209833332709
GET /pagead/viewthroughconversion/849063932/?random=1671601408594&cv=11&fst=1671601408594&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&auid=1981803669.1671601408&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 957
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 21-Dec-2022 05:58:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/signals/config/5140493269326436?v=2.9.90&r=stable
31.13.72.12200 OK 86 kB URL HTTP/2 connect.facebook.net/signals/config/5140493269326436?v=2.9.90&r=stable
IP 31.13.72.12:0
File type ASCII text, with very long lines (64471)
Hash b5e0e5b989c59c402bf382c16d016dab
c2de33c684f36f71ce376a951292bc68f682f7f0
e5566e85de21cd0e67d3141ca630af22bbe6f408cec9f316a39dc70180a5f6ad
GET /signals/config/5140493269326436?v=2.9.90&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 6fobaPSwFKLnCp53QMXjtLzK2T0HCBoVRz9yUNPU9UeVesIi/wDV0gNC0oCWaqPJMhRGlyE9TKBMH5JjHLjUDg==
priority: u=3,i
content-length: 86074
x-fb-trip-id: 2074150462
date: Wed, 21 Dec 2022 05:43:11 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8332beb6c78411d1a00505e36f5a13df
d9793605d82cc92419d2ba9140e1b8b2905da31b
665b79a0c3e5812e9921688d82b229c49fe77f8372562fe015f12f6f56b67ee9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "665B79A0C3E5812E9921688D82B229C49FE77F8372562FE015F12F6F56B67EE9"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 21 Dec 2022 11:43:11 GMT
Date: Wed, 21 Dec 2022 05:43:11 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 44d1b97ebc6772b76319806ff504cf27
e7e520951d9f34cfc991932a62b0bd8cf390b1f7
b30398f6056dcc04122b413d78c632ea15df7cff07471850a1603a121efba20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 0b3a38d8057f8c59aa4db5a405d1004c
3c25e79903c1854f482800c6649da26764730a90
910fbf0b154d2cb38f02f87065f7e94f0aa98a11ffd1c87b04eecf80975d4a51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 0b3a38d8057f8c59aa4db5a405d1004c
3c25e79903c1854f482800c6649da26764730a90
910fbf0b154d2cb38f02f87065f7e94f0aa98a11ffd1c87b04eecf80975d4a51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/849073348/?random=1671601408531&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3809616006&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849073348/?random=1671601408531&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3809616006&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1671601408531&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3809616006&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/786635084/?random=1671601408549&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1135153147&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/786635084/?random=1671601408549&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1135153147&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1671601408549&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1135153147&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&rl=&if=false&ts=1671601408791&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1671601408790.1575728417&it=1671601408676&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=853220eb-4a3d-4d1f-8d07-719bcaec51e1&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=5140493269326436&ev=PageView&dl=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&rl=&if=false&ts=1671601408791&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1671601408790.1575728417&it=1671601408676&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=853220eb-4a3d-4d1f-8d07-719bcaec51e1&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=5140493269326436&ev=PageView&dl=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&rl=&if=false&ts=1671601408791&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmensighten&ec=0&o=29&fbp=fb.2.1671601408790.1575728417&it=1671601408676&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=853220eb-4a3d-4d1f-8d07-719bcaec51e1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 21 Dec 2022 05:43:11 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 44d1b97ebc6772b76319806ff504cf27
e7e520951d9f34cfc991932a62b0bd8cf390b1f7
b30398f6056dcc04122b413d78c632ea15df7cff07471850a1603a121efba20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/391028924/?random=1671601408576&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2730044907&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/391028924/?random=1671601408576&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2730044907&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1671601408576&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2730044907&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/786635084/?random=1671601408549&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1135153147&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/786635084/?random=1671601408549&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1135153147&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1671601408549&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1135153147&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/849063932/?random=1671601408594&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1772114727&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849063932/?random=1671601408594&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1772114727&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1671601408594&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1772114727&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/849073348/?random=1671601408531&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3809616006&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849073348/?random=1671601408531&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3809616006&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1671601408531&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3809616006&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 0b3a38d8057f8c59aa4db5a405d1004c
3c25e79903c1854f482800c6649da26764730a90
910fbf0b154d2cb38f02f87065f7e94f0aa98a11ffd1c87b04eecf80975d4a51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/849063932/?random=1671601408594&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1772114727&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849063932/?random=1671601408594&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1772114727&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1671601408594&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1772114727&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 44d1b97ebc6772b76319806ff504cf27
e7e520951d9f34cfc991932a62b0bd8cf390b1f7
b30398f6056dcc04122b413d78c632ea15df7cff07471850a1603a121efba20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8332beb6c78411d1a00505e36f5a13df
d9793605d82cc92419d2ba9140e1b8b2905da31b
665b79a0c3e5812e9921688d82b229c49fe77f8372562fe015f12f6f56b67ee9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "665B79A0C3E5812E9921688D82B229C49FE77F8372562FE015F12F6F56B67EE9"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21541
Expires: Wed, 21 Dec 2022 11:42:12 GMT
Date: Wed, 21 Dec 2022 05:43:11 GMT
Connection: keep-alive
www.google.com/pagead/1p-user-list/391028924/?random=1671601408576&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2730044907&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/391028924/?random=1671601408576&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2730044907&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1671601408576&cv=11&fst=1671598800000&bg=ffffff&guid=ON&async=1>m=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&tiba=Online%20Banking%2C%20Insurance%2C%20Investing%2C%20Loans%20%26%20Credit%20Cards%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2730044907&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 05:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 97216d9347c0d3c1bab297df919688d5
61eca83749fd58d5ce753bf65419435d522c2ce5
7277b81f23f6516aa706c00202e0705421837431095d5b1f7fb0f283ab5736ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mail.envipetro.co.za/resources/9aa6326d0a213349d14536877709ce
192.185.146.233200 OK 4.7 kB URL HTTP/2 mail.envipetro.co.za/resources/9aa6326d0a213349d14536877709ce
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
POST /resources/9aa6326d0a213349d14536877709ce HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 869
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 05:43:11 GMT
server: Apache
content-type: text/html
content-length: 4677
last-modified: Sat, 01 Oct 2022 13:16:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.html
192.185.146.233200 OK 614 B URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.html
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (572)
Hash f55378c87e0092d3258f720ff87ccaf9
b7c241737a812a96561ffced58a9e7e76663a006
6293a9065aab02790379ff45bc1ffe1aef82d9aaeed76461940ca6c1c52577cd
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/postToServer.min.html HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/nuanceChat.html
Cookie: _gcl_au=1.1.1981803669.1671601408
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:11 GMT
Server: nginx/1.23.2
Content-Type: text/html
Content-Length: 614
Last-Modified: Thu, 31 Oct 2019 09:12:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: false
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 4.7 kB URL HTTP/1.1 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (13063)
Hash bf269a225d9de1d11c6e2747d12ffbfb
f3edd2899cced3e0ae6107c6837e954d8b4f1d86
38bcbdd59ce5cac7da632ad8788f5c520aa88d30a53af4cedeb9a989af4d0986
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
HTTP/1.1 200 OK
Last-Modified: Thu, 15 Dec 2022 18:31:06 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript;charset=utf-8
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86300
Date: Wed, 21 Dec 2022 05:43:11 GMT
Content-Length: 4654
Connection: keep-alive
X-CDN: AKAM
mail.envipetro.co.za/resources/9aa6326d0a213349d14536877709ce
192.185.146.233200 OK 4.7 kB URL HTTP/2 mail.envipetro.co.za/resources/9aa6326d0a213349d14536877709ce
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
POST /resources/9aa6326d0a213349d14536877709ce HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 931
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 05:43:11 GMT
server: Apache
content-type: text/html
content-length: 4677
last-modified: Sat, 01 Oct 2022 13:16:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.js.download
192.185.146.233200 OK 7.6 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.js.download
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Java source, ASCII text, with very long lines (859)
Hash a37e1a7452a0bb64dddff33c9b7a850c
5efb170ddb995643479c09bf3b06f1c7f253b7ee
c75a0b8cc8d182ecfd3efa8cd5b167e1bf33e2a3b68d151a99e6e3cc228e92ec
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/postToServer.min.js.download HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.html
Cookie: _gcl_au=1.1.1981803669.1671601408; _fbp=fb.2.1671601408790.1575728417
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 05:43:11 GMT
Server: Apache
Last-Modified: Thu, 31 Oct 2019 09:12:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7629
Content-Type: application/javascript
mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.js
192.185.146.233404 Not Found 4.7 kB URL HTTP/1.1 mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.js
IP 192.185.146.233:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /verify/huntington/activefjj/forg/postToServer.min.js HTTP/1.1
Host: mail.envipetro.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/verify/huntington/activefjj/forg/postToServer.min.html
Cookie: _gcl_au=1.1.1981803669.1671601408; _fbp=fb.2.1671601408790.1575728417
HTTP/1.1 404 Not Found
Date: Wed, 21 Dec 2022 05:43:11 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 13:16:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Content-Type: text/html
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4055
Expires: Wed, 21 Dec 2022 06:50:46 GMT
Date: Wed, 21 Dec 2022 05:43:11 GMT
Connection: keep-alive
huntingtonbank.inq.com/chatskins/launch/inqChatLaunch10006663.js
52.189.67.17200 OK 2.5 kB URL HTTP/2 huntingtonbank.inq.com/chatskins/launch/inqChatLaunch10006663.js
IP 52.189.67.17:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash e08e6c686af54f690a54b32c9daca1f4
d4feafc33fdf3e032eeccfdb12ebbbf8953c6921
842421d97ea686b5f49249dfd18f84ec93f7810970194c5f2e6e29a090ab1e87
GET /chatskins/launch/inqChatLaunch10006663.js HTTP/1.1
Host: huntingtonbank.inq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 05:43:11 GMT
content-type: application/javascript
strict-transport-security: max-age=31536000;includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
accept-ranges: bytes
etag: W/"5098-1671085566555"
last-modified: Thu, 15 Dec 2022 06:26:06 GMT
cache-control: no-cache
vary: accept-encoding
content-encoding: gzip
server: Nuance Server
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4055
Expires: Wed, 21 Dec 2022 06:50:46 GMT
Date: Wed, 21 Dec 2022 05:43:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4055
Expires: Wed, 21 Dec 2022 06:50:46 GMT
Date: Wed, 21 Dec 2022 05:43:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ee781b4dac0e5f31cad54166a2bf7ae
a5357119d272bbe12c5b04ce485adde44baab79e
888def1ab766561e373c83c6e9479a0ac0a8644f92bcf02ebf4cd110d0f53579
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6809
x-amzn-requestid: 392b7c42-81b7-4ab8-84bc-e2bc48eb6c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dX5RAE19oAMFVKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639fd59f-78738e5d7cec75db6ccc5507;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 03:08:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: khJQIYa8pgVvRmBe4gdU5a8InsztW9pdj0wBDk7Ih-W4wJjNJm-GTg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 23:25:25 GMT
age: 22666
etag: "a5357119d272bbe12c5b04ce485adde44baab79e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fa8a62f-ea22-4322-aa22-949d8110171e.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fa8a62f-ea22-4322-aa22-949d8110171e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da9b0930ee2249c6e7e1f83890414427
f064f1c66751a7fd57cc2e5bd4de7f0056280201
51f358162f132a7df1894f1f55e14a49facda33efa4339310cc4be2c30fb3bec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fa8a62f-ea22-4322-aa22-949d8110171e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7928
x-amzn-requestid: 7ac71ec7-3ebb-4564-909f-5cd431e52cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dBW08HOJoAMFr5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6396d1b9-3ccebae6692c2e0878bb0368;Sampled=0
x-amzn-remapped-date: Mon, 12 Dec 2022 07:01:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EUZ2sQCyn9plyTLHdd3W3rL561sn2K02u__wR8B3e_uXnn4bu61ZVg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 04:50:59 GMT
age: 3132
etag: "f064f1c66751a7fd57cc2e5bd4de7f0056280201"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F743a20e0-8fa8-4f0d-a2d1-8daba4b14e8c.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F743a20e0-8fa8-4f0d-a2d1-8daba4b14e8c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d38ef34d93be3d43e11e9d64a419a1be
1e5712d83360b5c2073d422ba21160b86b3f55d7
a8017c2122c268d971420a7b79baec22ed16eb5f429829e3b126c581ae4916f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F743a20e0-8fa8-4f0d-a2d1-8daba4b14e8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3778
x-amzn-requestid: 40c9f289-af55-4826-a8de-8a725fa7a8ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_BF0koAMFwpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-6b08a4826a0c265076fe1a1d;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: daOK81EYDnOGiyxGp_bXM6elZq5Tk8_tP9bxxDW3p-ch2w6vF2aAxw==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:54:28 GMT
age: 28123
etag: "1e5712d83360b5c2073d422ba21160b86b3f55d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4aa7e9e3fe28e9c401786f7415171f7
8482a47175ff105957d640269bc14ee1fbc97448
2215ff2537f927e2baf4f713fc947afefc83b416719113ce516aa00f2a4e0708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 4fb9a698-c429-49e1-a2c5-b9388f03b044
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: daGQIEuSoAMFnBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0b733-53b8088f0d8863f813b9967e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 19:10:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: MiX_AJgXGldkYjkeHO1OUPzraljox6v7B1M54cJPBdmfUZ7QETowOw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:55:36 GMT
age: 28055
etag: "8482a47175ff105957d640269bc14ee1fbc97448"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa7b189-c1d5-4440-b415-f3188b6a0f14.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa7b189-c1d5-4440-b415-f3188b6a0f14.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe10e1948eda329f8af1bb3549282c3d
68bc80d4e1cf43094452a666950d44788c6e561b
af172978ad005988e99eba1625443b87a287ae5bf371c1637c2fbc926adefa83
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa7b189-c1d5-4440-b415-f3188b6a0f14.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15929
x-amzn-requestid: 5464c25f-83e6-446d-8809-47f2b016432c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dKcIqG95oAMFvqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639a73d0-2d68c5222d56e6ce6fc14b56;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 01:09:36 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: RBW6zF1yDdhEe4venG9tUgHAQx7KObjYI5wFN3mNCVyo4Lw02wEPuw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e11ee4e3208082d534c251b36bbee268.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 23:54:53 GMT
age: 20898
etag: "68bc80d4e1cf43094452a666950d44788c6e561b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe13fbed7-47cd-444b-bdd5-a6ea6c1102ad.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe13fbed7-47cd-444b-bdd5-a6ea6c1102ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da0372fd2038366c47d4eaff7e31c329
48a7cd1908c184cbecbb67fd3ec5e5a9208dadf0
f0e09b0931450057e6b5f7fdd6d73de0702b170497d7075464edc168ea74a4a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe13fbed7-47cd-444b-bdd5-a6ea6c1102ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11295
x-amzn-requestid: 6823faac-46cb-4212-a728-aed7b997f246
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dX5RdE1dIAMFVtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639fd5a2-59711c5a6982c90f570c2d7d;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 03:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XGQzOuP7MH_7Aw50JqT_CkFnnooFfvm55rNQWsCKE7X9ZHN5eeiCMQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 04:45:01 GMT
age: 3490
etag: "48a7cd1908c184cbecbb67fd3ec5e5a9208dadf0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1671601408955&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1671601408955&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1671601408955&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1671601408955%26url%3Dhttp%253A%252F%252Fmail.envipetro.co.za%252Fverify%252Fhuntington%252Factivefjj%252Fprocessing.html%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQKhY8y8r9WmOwAAAYUzNQe8Z3He_2wXwiOUK_ji-2SsgCU0FfW35K8qhANw2xmbZxA6E5QX6ZwjSg; Max-Age=2592000; Expires=Fri, 20 Jan 2023 05:43:11 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJ-zd-eQP6ATQAAAYUzNQe88mJC-oFwwF72_OkuSL0KMKmsw-aXuhY522hsbeT1eKEtgAZqGFsoboqG6rjcRw; Max-Age=2592000; Expires=Fri, 20 Jan 2023 05:43:11 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&54e4bd4a-f6f1-4fb8-8a9e-273aaf2e1ce2"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 21-Dec-2023 05:43:11 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2460:u=1:x=1:i=1671601391:t=1671687791:v=2:sig=AQEvCtbTW0tfakcQw3Guph1PHBpI6O7d"; Expires=Thu, 22 Dec 2022 05:43:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXwUAcmD8f0xXC9d8eENg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 94017A9ACF80412FBBDC872B70640583 Ref B: OSL30EDGE0307 Ref C: 2022-12-21T05:43:11Z
date: Wed, 21 Dec 2022 05:43:10 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/291554/domain/mail.envipetro.co.za/token
54.230.111.112200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/291554/domain/mail.envipetro.co.za/token
IP 54.230.111.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
OPTIONS /partner/291554/domain/mail.envipetro.co.za/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://mail.envipetro.co.za/
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Tue, 20 Dec 2022 20:35:36 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eiRHxAIt3ozaQr9KKwW9JJ3cr5o6m-lLJNYu8GP5PsqTFEdckhzYLw==
age: 32855
X-Firefox-Spdy: h2
s.yimg.com/wi/config/10030245.json
87.248.119.251200 OK 22 B URL HTTP/2 s.yimg.com/wi/config/10030245.json
IP 87.248.119.251:0
ASN #203220 Yahoo! UK Services Limited
File type JSON data\012- , ASCII text, with no line terminators
Hash 14293ad9ad0ffaf9f7a3acf1b0793b66
718dea6b65b9516e5e33fac53451056397deb255
73a1b438b0221511fb3dde18e019f5ab045811b2248d25d424e40980c683a9dc
GET /wi/config/10030245.json HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: Q2BBM4AZBX8RCMKR
x-amz-id-2: L4aXUV91qDNLhgUpW5b3RBVA7XsVAnvgnFVk9p5yx9R09L+iua0uFMAcsxbJqtXJHinBbNcpGP9KlFRPXuHNKg==
content-type: application/json
date: Wed, 21 Dec 2022 05:43:11 GMT
server: ATS
referrer-policy: no-referrer-when-downgrade
cache-control: public,max-age=3600
age: 0
content-encoding: gzip
content-length: 22
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 38fa92bdf98fc456409896c6c302f69f
8c945178c08b7917a499ff7a64cc2d4560142073
a85f335d892bb8e74a6556cc459d3419d11b9c2b6b7631baa2e0c938457e7b5a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=164185
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 05:43:11 GMT
Etag: "63a27b48-1d7"
Expires: Fri, 23 Dec 2022 03:19:36 GMT
Last-Modified: Wed, 21 Dec 2022 03:19:36 GMT
Server: nginx
Content-Length: 471
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1671601408955&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1671601408955&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1671601408955&url=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.envipetro.co.za/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&2589f4d3-dfad-4417-850b-38f01c1e4f69"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 21-Dec-2023 05:43:12 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2460:u=1:x=1:i=1671601392:t=1671687792:v=2:sig=AQFhTdpdqCxLQuA6KeTZygZ66lCWupnx"; Expires=Thu, 22 Dec 2022 05:43:12 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXwUAcu7mlkRQaa2+ZhWg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: E8979E0D3A7F461FBCE9A9523B83EB53 Ref B: OSL30EDGE0307 Ref C: 2022-12-21T05:43:12Z
date: Wed, 21 Dec 2022 05:43:11 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/291554/domain/mail.envipetro.co.za/token
54.230.111.112200 OK 105 B URL HTTP/2 cdn.linkedin.oribi.io/partner/291554/domain/mail.envipetro.co.za/token
IP 54.230.111.112:0
Hash 7296b6c8f8108cecc713e0df1dcacadd
32afc82c706cd81618cc4837bde4650a40b86a5a
50160213cd439a5c99951618e61da3e37ce8074486b55dc1c0e8d968bbb3ea45
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
GET /partner/291554/domain/mail.envipetro.co.za/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://mail.envipetro.co.za
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Wed, 21 Dec 2022 04:52:18 GMT
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: J8cOT_Tu0kI5t9zh5ICTeTyjWLyjwZfqO-SLFqTNa4Yy41fiIzsxfw==
age: 3053
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603
52.4.158.229301 Moved Permanently 134 B URL HTTP/1.1 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603
IP 52.4.158.229:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Wed, 21 Dec 2022 05:43:14 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://trk.clinch.co:443/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603
52.4.158.229302 Found 0 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603
IP 52.4.158.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.envipetro.co.za/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 21 Dec 2022 05:43:15 GMT
content-length: 0
location: https://trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603&try2=true
server: clinch
set-cookie: clinch-sid=8f5fa531-a83f-424f-9aaf-c6d26a537c71; expires=Sat, 21 Dec 2024 05:43:15 GMT; domain=clinch.co; path=/; secure; samesite=none
X-Firefox-Spdy: h2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603&try2=true
52.4.158.229200 OK 79 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603&try2=true
IP 52.4.158.229:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 70c92fdbfdaad0989a68617939cf615c
4cc7e0778377d6e89b665e1741c798b9df21693a
3a2f25076dd3c45cd69196f5c15d3ae2678b208bc5f8ac053d54d4a1fb792006
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fmail.envipetro.co.za%2Fverify%2Fhuntington%2Factivefjj%2Fprocessing.html&version=3.4&a=1671601411603&try2=true HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.envipetro.co.za/
Connection: keep-alive
Cookie: clinch-sid=8f5fa531-a83f-424f-9aaf-c6d26a537c71
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 05:43:15 GMT
content-type: text/html
content-length: 79
server: clinch
cache-control: no-store
x-robots-tag: none
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 9f039d080abef5cb35003ed8d2de44fe
6c8a49bbdbaa3968b041ecedb0883afa8e42ff89
76e1e41ee5640c671ebacc0884366f30ccb6989d1784f7834a7cee531d4c8ec5
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 21 Dec 2022 05:43:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 21 Dec 2022 00:00:11 GMT
Expires: Thu, 22 Dec 2022 00:00:11 GMT
ETag: "6c8a49bbdbaa3968b041ecedb0883afa8e42ff89"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
media-lax1.inq.com/media/launch/tcFramework.min.js?codeVersion=1572503455894
35.186.193.174200 OK 0 B URL HTTP/2 media-lax1.inq.com/media/launch/tcFramework.min.js?codeVersion=1572503455894
IP 35.186.193.174:0
GET /media/launch/tcFramework.min.js?codeVersion=1572503455894 HTTP/1.1
Host: media-lax1.inq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 05:43:11 GMT
content-type: application/javascript
last-modified: Tue, 26 Oct 2021 00:24:18 GMT
vary: Accept-Encoding
etag: W/"61774ab2-f2eab"
expires: Wed, 21 Dec 2022 06:43:11 GMT
cache-control: max-age=3600, public
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
s.yimg.com/wi/ytc.js
87.248.119.251200 OK 0 B IP 87.248.119.251:0
ASN #203220 Yahoo! UK Services Limited
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vv0Et3EGGUcJ6hCm6yfCKav3zInRccENBV68mJDTcRj+z6OMfI6p+gH+fKuLOj8Mln7yX1VDC4w=
x-amz-request-id: BR1NC2TTA2E40854
date: Wed, 21 Dec 2022 05:41:05 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 127
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
media-us1.digital.nuance.com/media/launch/chatLoader.min.js?codeVersion=1671085554674
13.107.213.53200 OK 0 B URL HTTP/2 media-us1.digital.nuance.com/media/launch/chatLoader.min.js?codeVersion=1671085554674
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
GET /media/launch/chatLoader.min.js?codeVersion=1671085554674 HTTP/1.1
Host: media-us1.digital.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.envipetro.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=3600
content-type: application/javascript
content-encoding: gzip
last-modified: Fri, 09 Dec 2022 01:07:42 GMT
accept-ranges: bytes
etag: W/"22376-1670548062000"
vary: accept-encoding
server: Nuance Server
x-cache: TCP_HIT
strict-transport-security: max-age=31536000;includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-azure-ref-originshield: 0kZyiYwAAAACK46KYN14wR46EVAP8S6zHQU1TMDRFREdFMTkwOQBjYjRkNDNkNS0zNDI3LTQyZTMtYTYwZi1mMzBiYWVmMmZlM2M=
x-azure-ref: 08JyiYwAAAAAywo1YE0I/T6kHAYeumTffU1ZHMjBFREdFMDYxOABjYjRkNDNkNS0zNDI3LTQyZTMtYTYwZi1mMzBiYWVmMmZlM2M=
date: Wed, 21 Dec 2022 05:43:12 GMT
X-Firefox-Spdy: h2