mailer.btobglobalreach.com/index.php/campaigns/np7000zxkxf3d/track-url/sf234yf8xt0a6/9403e92bfa13ea9d1a0ef90ed32aa878591705fb
301 Moved Permanently 162 B URL HTTP/1.1 mailer.btobglobalreach.com/index.php/campaigns/np7000zxkxf3d/track-url/sf234yf8xt0a6/9403e92bfa13ea9d1a0ef90ed32aa878591705fb
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /index.php/campaigns/np7000zxkxf3d/track-url/sf234yf8xt0a6/9403e92bfa13ea9d1a0ef90ed32aa878591705fb HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 19 Sep 2022 15:50:07 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://mailer.btobglobalreach.com/index.php/campaigns/np7000zxkxf3d/track-url/sf234yf8xt0a6/9403e92bfa13ea9d1a0ef90ed32aa878591705fb
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash adb43321efa5cd1662993b701ff25fa4
1299dcea7e9c59d9f22f39d69025484fe71098c1
2c25a6717245be3746f1412af9dd1c351e12dbb93e8e08c3ddcdacf35e419514
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C25A6717245BE3746F1412AF9DD1C351E12DBB93E8E08C3DDCDACF35E419514"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2556
Expires: Mon, 19 Sep 2022 16:32:44 GMT
Date: Mon, 19 Sep 2022 15:50:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 15:05:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BvqX87lkwf81eyfIO1l09w1Ly4S-kEGQTwMkbX9eh1nBNfyD8sNnYw==
Age: 2676
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pT7SNoPRL93xXS6cI9zyCctceR2J21n2qkrOXoyz27xNAh9ebFNYzQ==
age: 40495
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0a301db914341b2d9b08e5f671147719
667f2e095ac6d8201fef924f5a5bf7c5ee9b613b
20c2c84327d8390f48fc87a200fdb6015974e323b84e8970519e5a7cbc095a42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20C2C84327D8390F48FC87A200FDB6015974E323B84E8970519E5A7CBC095A42"
Last-Modified: Sun, 18 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20226
Expires: Mon, 19 Sep 2022 21:27:14 GMT
Date: Mon, 19 Sep 2022 15:50:08 GMT
Connection: keep-alive
mailer.btobglobalreach.com/index.php/campaigns/np7000zxkxf3d/track-url/sf234yf8xt0a6/9403e92bfa13ea9d1a0ef90ed32aa878591705fb
301 Moved Permanently 0 B URL HTTP/2 mailer.btobglobalreach.com/index.php/campaigns/np7000zxkxf3d/track-url/sf234yf8xt0a6/9403e92bfa13ea9d1a0ef90ed32aa878591705fb
IP
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /index.php/campaigns/np7000zxkxf3d/track-url/sf234yf8xt0a6/9403e92bfa13ea9d1a0ef90ed32aa878591705fb HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 19 Sep 2022 15:50:08 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-xss-protection: 1; mode=block
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Mon, 19 Sep 2022 15:50:08 GMT
location: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
x-powered-by: PHP/8.0.23, PleskLin
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 19 Sep 2022 15:03:22 GMT
Expires: Mon, 19 Sep 2022 15:04:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6Ew7abHQFOgvm99W_0oZOfSfPR3Ct67s4jSUTZQoRbEsswIF9Ms-xg==
Age: 2806
mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
200 OK 2.0 kB URL HTTP/2 mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 66d4c01388c510df9cfee1e235149b0e
a1ca006c107f9888c41762f97aa34111ab62308c
fd838423259179f1670442e07c8e210cc8dde4b2843a8d88e7f6a4f7eeab78eb
Analyzer Verdict Alert fortinet Phishing
GET /index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:08 GMT
content-type: text/html; charset=UTF-8
content-length: 1997
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; path=/; HttpOnly
csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B; path=/; HttpOnly; SameSite=Lax
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.23, PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 5c817aa82ca8ed4a4257fd1e1628b423
7905c62b6bbc582860c07b75eddae371a4b8d02b
dce1783ecfe50c83d30878b48d60e1cf3fe42a3fa4090fb5d318194de73e53d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5944
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 15:50:08 GMT
Last-Modified: Mon, 19 Sep 2022 14:11:04 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css?av=6e24ff40
200 OK 5.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css?av=6e24ff40
IP
File type ASCII text, with very long lines (27303)
Hash fb68fcb5e0519fb76559c9ab267f8f3f
b96c07f9ef44dbecb4ec4d1cb4a0b30a210f9825
8d0f29c4b3a8b511e6a46bc29ab3d96566fb244fdca5003156c04ea6b65cdd71
GET /ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css?av=6e24ff40 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 15:50:08 GMT
content-type: text/css; charset=utf-8
content-length: 4972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-6b4a"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8888203
expires: Sat, 09 Sep 2023 15:50:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qf1HSK%2BB6SpOnD%2FasbRb8LV%2B9amkjQP0oqooJDp7FqaEMsw3y6%2F3uUpNKvx1p%2BolWJSJMNqaHomxcKjc6Vg3c%2BPnLoGlqB75chCeF3dCGPz25Oz8KuQvK8p1I30rLb3Jd%2Bx4HaZ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74d379b1ab2efac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css?av=6e24ff40
200 OK 6.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css?av=6e24ff40
IP
File type Unicode text, UTF-8 text, with very long lines (50806)
Hash 0db2e85f504f65d4eba65a3a3176b99e
49445ca83b52538d5fb8f4ef3c5ed0bee904dc81
0153ed381a818cbc0ddab7d832c84bc3aae2aed1ccbe9821d625d6637046c953
GET /ajax/libs/ionicons/2.0.1/css/ionicons.min.css?av=6e24ff40 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 15:50:08 GMT
content-type: text/css; charset=utf-8
content-length: 6642
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ea8-c854"
last-modified: Mon, 04 May 2020 16:11:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3455022
expires: Sat, 09 Sep 2023 15:50:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vr%2BJEZRkBVFLpTD%2BnMaQkTA97iYMyy%2BlQqTzFBw29fzPTHrTzRx8mn1JhWXU7TTDh61Nfedlgn6AaiznYjj8PuH6Lnt8Ts8kUpvmKoIKqwGrCCfEji4TW3HflZPISKnKeLclX6%2F5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74d379b1db48fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 15:50:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 15:50:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 15:50:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=6e24ff40
200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=6e24ff40
IP
Hash 37e62ab7acc3432351d64134ab865472
203b38a6d5efaa99aa200b5f163108af4671277b
e0bb2b9dcbb3a8e2ee22c4562de3795dbb2c33df2f30660fb969d56ea3d11590
GET /css?family=Roboto:300,400,700,900&av=6e24ff40 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Sep 2022 15:50:08 GMT
date: Mon, 19 Sep 2022 15:50:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: H7K4MCon+MJzR+gvQ+XvhQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: G4xtcqhhN3Kz5XDQEsVH4aLbKG4=
mailer.btobglobalreach.com/frontend/assets/js/app.js?av=6e24ff40
200 OK 286 B URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/js/app.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Hash 701abd554bf0d4d1690ee06164f3c964
c18a3746a26d7454d976dcbe0bedf1910124942f
6a008db0a8c5a3cf349f786df5ff4e96cbdb03378c35cb1700dca333c9b4b4a6
Analyzer Verdict Alert fortinet Phishing
GET /frontend/assets/js/app.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
content-length: 286
x-accel-version: 0.01
last-modified: Tue, 21 Jun 2022 12:35:10 GMT
etag: "1d0-5e1f473863b80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/cookie.js?av=6e24ff40
200 OK 1.8 kB URL HTTP/2 mailer.btobglobalreach.com/assets/js/cookie.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Hash 59cd502a17a099def67e4be34f10251b
4abd5340d0ac178fa357a048d22b7a6893120f9c
15101d2db75d3e63f69bfbf3c98c404fa3f1060088a21eef072b88f1d0466021
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/cookie.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-134a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/css/bootstrap.min.css?av=6e24ff40
200 OK 61 kB URL HTTP/2 mailer.btobglobalreach.com/assets/css/bootstrap.min.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65366)
Hash 8912737f3dae3f641e9650de09bdbe33
edb59909141269c31bad79a94e6b3b4174cc919e
4768b233165364cec63a849298ac6f30d55bbd7589226d0176dab396ae6ade5c
Analyzer Verdict Alert fortinet Phishing
GET /assets/css/bootstrap.min.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-18679"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 15:50:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mailer.btobglobalreach.com/favicon.ico
200 OK 198 B URL HTTP/2 mailer.btobglobalreach.com/favicon.ico
IP
ASN #14061 DIGITALOCEAN-ASN
File type MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Hash ff82d748b4add52e4dd7c8f0b58b89f2
ea69cebf29f461d7831368697f303ea4f0c69a2d
de88c1f678413736e858b27974cd5d2181b3df891b8999dd93835384b0ca2d8f
GET /favicon.ico HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: image/vnd.microsoft.icon
content-length: 198
x-accel-version: 0.01
last-modified: Tue, 21 Jun 2022 12:35:10 GMT
etag: "c6-5e1f473863b80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3501
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 15:50:10 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3501
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 15:50:10 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3501
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 15:50:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3d8aaa4-a2c1-416d-a396-a4c00758ba53.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3d8aaa4-a2c1-416d-a396-a4c00758ba53.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash febaa50825802847e9cbc0479e7121ba
36355214d6f866681edc3eacd5f1af87b16bdcc2
7a808fbeb6ce87490299fb3d5de52ec450c9161d9098254f1b54a0d4a97b645c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3d8aaa4-a2c1-416d-a396-a4c00758ba53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9426
x-amzn-requestid: 6569d647-e17c-4456-8d54-b093e1cc1d7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yl9trEPNoAMFteg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63257657-7bba0e970a8114a11fd6bf32;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 07:25:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sO0jibO4hXSxONHRYPgA2WA9U9GBFbVhCGy9F3RwrJqZoAzU90Tpsg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 06:24:34 GMT
age: 33936
etag: "36355214d6f866681edc3eacd5f1af87b16bdcc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da8b8819fc21dcfb224ce0e7ecdc6772
e460ad4376cd118a6fe8b6b050af9398117d9531
9d0cf5fe17040e6c494d1596c24f01501babff37c95caa47d048b5e1aefa7697
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9901
x-amzn-requestid: e1792a3b-1893-48a6-8d01-463050259dc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YiGMYE3IoAMFgvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6323ea4f-42ab13411e65943538101b11;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 03:15:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XmcyJv7bahHB4wMjFmgvh2fEkJJYLPhRrISZ_DczSErdEQjXIxWUvg==
via: 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 03:54:31 GMT
age: 42939
etag: "e460ad4376cd118a6fe8b6b050af9398117d9531"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 10:33:00 GMT
age: 19030
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: 2f547c1f-2f5d-4707-8f6c-fe9dfff51383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfS4FI9oAMFScw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145ab-3c967f2653d06c1c079f88c1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xG9XQItrQEJXCW9JRcI6aDELQKCTOlnwq1Xg5_vQcqCPNtHGWkScFw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 22:00:17 GMT
age: 64193
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4098577adb98eae5ba4a8b5e143df71
b0ad467f2837d103f8a96fb732bd34176c4c7110
83aa54020ffc684690dfb58d78608411de38ab02fee50808a8243c6b388e77c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5064
x-amzn-requestid: 985dbd5b-3e8a-4e22-a974-1effa6c99112
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOS8FyBoAMFrCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632790df-201df5494f1513b91eefe9d5;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GIhj3a2-SwYu2w4mLx7JiIJzFfV82-Et89ORRsx5fsGOx9nttPlCxA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:57:13 GMT
etag: "b0ad467f2837d103f8a96fb732bd34176c4c7110"
content-type: image/jpeg
age: 64377
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1105b56cf779b6df1cbd081bbd0cda50
58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c
10c1f0433baf51e06565ff905688075aaba8fec0a8b3f9cef34168e297f94c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5866
x-amzn-requestid: 3a7db39d-cd4f-486f-954b-39fc7464706c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrNeAE67IAMFSoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63278f8c-66a419ac7fbd977f5f41061b;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TdVz72qdwMdsuW1WsOq1qEZk2vmbXJlbppLTTsZ9PlrmN7GEph0dyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:39 GMT
etag: "58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c"
content-type: image/jpeg
age: 64591
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery.min.js
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery.min.js
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /frontend/assets/cache/698df99a/jquery.min.js HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:08 GMT
content-type: application/javascript
last-modified: Mon, 04 Jul 2022 15:59:56 GMT
etag: W/"62c30e7c-15d9d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=6e24ff40
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=6e24ff40
IP
GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=6e24ff40 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Sep 2022 15:50:08 GMT
date: Mon, 19 Sep 2022 15:50:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/notify.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/notify.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/notify.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-15d9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery-migrate.min.js
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/cache/698df99a/jquery-migrate.min.js
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /frontend/assets/cache/698df99a/jquery-migrate.min.js HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
last-modified: Mon, 04 Jul 2022 15:59:56 GMT
etag: W/"62c30e7c-349b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/app.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/app.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/app.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-aed"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/css/adminlte.css?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/css/adminlte.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
GET /assets/css/adminlte.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-35409"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/css/skin-blue.css?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/css/skin-blue.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/css/skin-blue.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-30536"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=6e24ff40
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=6e24ff40
IP
GET /css?family=Open+Sans:300,400,700&av=6e24ff40 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Sep 2022 15:50:08 GMT
date: Mon, 19 Sep 2022 15:50:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/adminlte.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/adminlte.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/adminlte.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-262e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/frontend/assets/css/style.css?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/frontend/assets/css/style.css?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
GET /frontend/assets/css/style.css?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2022 12:35:10 GMT
etag: W/"62b1bafe-3fc6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/knockout.min.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/knockout.min.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/knockout.min.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-e9ae"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mailer.btobglobalreach.com/assets/js/bootstrap.min.js?av=6e24ff40
200 OK 0 B URL HTTP/2 mailer.btobglobalreach.com/assets/js/bootstrap.min.js?av=6e24ff40
IP
ASN #14061 DIGITALOCEAN-ASN
GET /assets/js/bootstrap.min.js?av=6e24ff40 HTTP/1.1
Host: mailer.btobglobalreach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailer.btobglobalreach.com/index.php/lists/dq486t83fn0da/unsubscribe/sf234yf8xt0a6/np7000zxkxf3d
Cookie: mwsid=ebbdqa0bs2c05d852sg249lntf; csrf_token=58856a9e75484189578f798092a799e5fa87aaf9s%3A88%3A%22UEdyWEd-bFZPbmxMS3RuTm1IMGM0cGhFTF9ZTlNqRjibkkAPG39Ab1LDkDQIm62V8Gf45P221ek4YlW3JsZrJA%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 15:50:09 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 12:35:08 GMT
etag: W/"62b1bafc-71b6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
147.182.218.11
93.184.220.29
23.36.76.226
104.17.24.14