Report - safe.secretfindertoday.com/campaigns/wy522bqod709d/track-url/yv987rg50ed5f/b087b8f45fb1979cf9cc3582251d52854688cd6e

Report Overview

Submitted URL
safe.secretfindertoday.com/campaigns/wy522bqod709d/track-url/yv987rg50ed5f/b087b8f45fb1979cf9cc3582251d52854688cd6e
IP
65.108.14.84
ASN
#24940 Hetzner Online GmbH
Submitted
2022-11-11 15:23:55
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	1.7 kB	3.5 kB	142.250.74.35
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T14:37:36Z	504 B	46 kB	216.58.207.195
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	47 kB	34.120.237.76
safe.secretfindertoday.com	unknown	2022-06-11T19:12:36Z	2022-12-16T05:06:43Z	446 B	488 B	65.108.14.84
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.7 kB	7.1 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	796 B	2.4 kB	34.102.187.140
mw.nextglare.com	unknown	2022-06-06T00:02:43Z	2023-02-20T03:48:54Z	13 kB	654 kB	65.108.14.84
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	1.7 kB	4.0 kB	142.250.74.10
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	52.43.61.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-11	medium	safe.secretfindertoday.com/campaigns/wy522bqod709d/track-url/yv987rg50ed5f/b087b8f45fb1979cf9cc3582251d52854688cd6e	Phishing
2022-11-11	medium	mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d	Phishing
2022-11-11	medium	mw.nextglare.com/assets/css/bootstrap.min.css?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/assets/css/ionicons/css/ionicons.min.css?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/frontend/assets/css/style.css?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery.min.js	Phishing
2022-11-11	medium	mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery-migrate.min.js	Phishing
2022-11-11	medium	mw.nextglare.com/assets/js/bootstrap.min.js?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/assets/js/notify.js?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/assets/js/app.js?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/frontend/assets/js/app.js?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/assets/js/cookie.js?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/assets/js/knockout.min.js?av=08e9825e	Phishing
2022-11-11	medium	mw.nextglare.com/frontend/assets/files/customer/fb3266tte3c1f/getresponsebanneradd.jpeg	Phishing
2022-11-11	medium	mw.nextglare.com/assets/css/adminlte.css?av=08e9825e	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	mw.nextglare.com/frontend/assets/js/app.js?av=08e9825e	464 B	2023-03-07	2024-04-19
Pretty URL mw.nextglare.com/frontend/assets/js/app.js?av=08e9825e IP 65.108.14.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:51 Last Seen2024-04-19 06:39:29 Times Seen1002 Hash 63407331c21d5d542d65b0db1806572b 5571a79924a1a0d063a01ecdd1e16758c05c4e46 da13c80125e8103e470f9982aabe33d0176ae23e6ff5d74a7909fc13e36d73d8 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 14:21:40 Times Seen36960787 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery-migrate.min.js	14 kB	2023-03-07	2024-04-19
Pretty URL mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery-migrate.min.js IP 65.108.14.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:00 Last Seen2024-04-19 08:47:48 Times Seen1107 Hash a36b8e9cbfb4a675225aa408c4d15c0c fcd46de9c99e71ed586a850d877fd3b01e8269fd 16eb18d9c6303cdd50ac58db5b2b116c5dcc4c43c89424f268f6d13fc599fb19 Loading...

	mw.nextglare.com/assets/js/knockout.min.js?av=08e9825e	60 kB	2023-03-07	2024-04-18
Pretty URL mw.nextglare.com/assets/js/knockout.min.js?av=08e9825e IP 65.108.14.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-18 11:51:25 Times Seen1160 Hash fa8662c7a8415d0355f444eaff534845 b60c2c301c280378b4d51769cb20a46e65989c73 972f13893b7056c0567637a44ea4c994b1b3dd1b20e185ebf3478ae9086d74cb Loading...

	mw.nextglare.com/assets/js/bootstrap.min.js?av=08e9825e	29 kB	2023-03-07	2024-04-19
Pretty URL mw.nextglare.com/assets/js/bootstrap.min.js?av=08e9825e IP 65.108.14.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-19 12:31:42 Times Seen9615 Hash ba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1 Loading...

	mw.nextglare.com/assets/js/notify.js?av=08e9825e	5.6 kB	2023-03-07	2024-04-19
Pretty URL mw.nextglare.com/assets/js/notify.js?av=08e9825e IP 65.108.14.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:51 Last Seen2024-04-19 08:47:47 Times Seen1040 Hash 9a19754fbd746ae6b603286c3a971e55 c45b906ec95326202c2a8e13545b5c17e92bbdc7 d1416dc4293eaae9e4aac8d5267fb0d5dcb35d9dbc44b63278f75750a1f9cc22 Loading...

	mw.nextglare.com/assets/js/cookie.js?av=08e9825e	4.9 kB	2023-03-07	2024-04-19
Pretty URL mw.nextglare.com/assets/js/cookie.js?av=08e9825e IP 65.108.14.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-19 08:47:47 Times Seen1579 Hash 449dd3907404cead5d8ba6203b3550dc c9bb690411c3f46145f8ea137e6783929d8c27aa 3585a42757908ba2ace27f41b01256f6cf4ffb9679f7ac0ff8957817d5ccfde1 Loading...

	mw.nextglare.com/assets/js/app.js?av=08e9825e	2.8 kB	2023-03-07	2024-04-19
Pretty URL mw.nextglare.com/assets/js/app.js?av=08e9825e IP 65.108.14.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:51 Last Seen2024-04-19 08:47:48 Times Seen892 Hash 3ade0b17b1b7c3d1c27aba12ceeda1d3 f8c1fe63c016a077e1545d123eb4db8e8a690c6d cf55d95ad63c72f2eeb219da669cc848cc3022fa4a4798d62ed19ed342460cbe Loading...

HTTP Transactions (51)

URL IP Response Size

safe.secretfindertoday.com/campaigns/wy522bqod709d/track-url/yv987rg50ed5f/b087b8f45fb1979cf9cc3582251d52854688cd6e

65.108.14.84

301 Moved Permanently

0 B

URL HTTP/1.1
safe.secretfindertoday.com/campaigns/wy522bqod709d/track-url/yv987rg50ed5f/b087b8f45fb1979cf9cc3582251d52854688cd6e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /campaigns/wy522bqod709d/track-url/yv987rg50ed5f/b087b8f45fb1979cf9cc3582251d52854688cd6e HTTP/1.1
Host: safe.secretfindertoday.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 11 Nov 2022 15:23:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Fri, 11 Nov 2022 15:23:44 GMT
Location: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11059
Expires: Fri, 11 Nov 2022 18:28:03 GMT
Date: Fri, 11 Nov 2022 15:23:44 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2008
Cache-Control: max-age=157271
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 15:23:44 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 11:04:55 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 11 Nov 2022 14:43:53 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2391
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5076aaa9f4ccd602540286ce0590cb9a
bbf7936a8413a564478971d9e19beb6338cbc869
00e3b967c579b0ccf709b78d497a43d95646b16eb50925fef1e2694c58f290b2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4870
Expires: Fri, 11 Nov 2022 16:44:54 GMT
Date: Fri, 11 Nov 2022 15:23:44 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: rsU0O+9xHWMihL32/PVs6mRpWEOtsCVry9hDKAl2hR4VTbwXEHUyz7qihJnnqvN2wfp2LDWazS0=
x-amz-request-id: 5XM01EANX5KK9842
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 11 Nov 2022 14:49:51 GMT
age: 2033
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 15:23:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8b8c10ed765f0a9fde4a1928228aa25f
ddcb7f420dc4b71e4c076936dd29bcaa88ea18d0
e87e50a04af9cfc41a50c975198b50cb7e09b481bfd33b8ec0a54579716c4dbd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E87E50A04AF9CFC41A50C975198B50CB7E09B481BFD33B8EC0A54579716C4DBD"
Last-Modified: Wed, 09 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21505
Expires: Fri, 11 Nov 2022 21:22:09 GMT
Date: Fri, 11 Nov 2022 15:23:44 GMT
Connection: keep-alive

mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d

65.108.14.84

200 OK

2.4 kB

URL HTTP/1.1
mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Size
2.4 kB (2381 bytes)
Hash
db53a012aaa686336054894447937e41
d797a9aa60ccd6b18b862f73bc29d9f17bddd1e9
8727cbac80fc4775c3cf90aae5b27a7c7df377fb49b0db34b01f37e4d2dba613

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; path=/; HttpOnly
csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B; path=/; HttpOnly; SameSite=Lax
Content-Encoding: gzip

mw.nextglare.com/assets/css/bootstrap.min.css?av=08e9825e

65.108.14.84

200 OK

100 kB

URL HTTP/1.1
mw.nextglare.com/assets/css/bootstrap.min.css?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (65366)
Size
100 kB (99961 bytes)
Hash
8a7442ca6bedd62cec4881040b9a9e83
e2d2b846e9ea72a1985458a3748aab4e01a8fb3a
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/css/bootstrap.min.css?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: text/css
Content-Length: 99961
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

mw.nextglare.com/assets/css/font-awesome/css/font-awesome.min.css?av=08e9825e

65.108.14.84

200 OK

28 kB

URL HTTP/1.1
mw.nextglare.com/assets/css/font-awesome/css/font-awesome.min.css?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (27303)
Size
28 kB (27466 bytes)
Hash
4fbd15cb6047af93373f4f895639c8bf
12d6861075de8e293265ff6ff03b1f3adcb44c76
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

HTTP Headers

GET /assets/css/font-awesome/css/font-awesome.min.css?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: text/css
Content-Length: 27466
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

mw.nextglare.com/assets/css/ionicons/css/ionicons.min.css?av=08e9825e

65.108.14.84

200 OK

51 kB

URL HTTP/1.1
mw.nextglare.com/assets/css/ionicons/css/ionicons.min.css?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (50806)
Size
51 kB (51284 bytes)
Hash
0d6763b67616cb9183f3931313d42971
f0459300e39155df7aa5e94b3bdb8c8594f49a60
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/css/ionicons/css/ionicons.min.css?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: text/css
Content-Length: 51284
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

mw.nextglare.com/frontend/assets/css/style.css?av=08e9825e

65.108.14.84

200 OK

16 kB

URL HTTP/1.1
mw.nextglare.com/frontend/assets/css/style.css?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
16 kB (16326 bytes)
Hash
0704fe77a703921a5520c4ef079b3ac4
c8d27d838b3e0f80232e76ffc0ec2c8af08727ce
6a6249eb2886276d28435052d388fe35557ea936825d1e06629849ec700bfd95

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/css/style.css?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: text/css
Content-Length: 16326
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery.min.js

65.108.14.84

200 OK

90 kB

URL HTTP/1.1
mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery.min.js
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/cache/dc9d67f7/jquery.min.js HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 89501
Connection: keep-alive
Last-Modified: Sat, 24 Sep 2022 06:27:21 GMT
Accept-Ranges: bytes

mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery-migrate.min.js

65.108.14.84

200 OK

14 kB

URL HTTP/1.1
mw.nextglare.com/frontend/assets/cache/dc9d67f7/jquery-migrate.min.js
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (13326)
Size
14 kB (13467 bytes)
Hash
a36b8e9cbfb4a675225aa408c4d15c0c
fcd46de9c99e71ed586a850d877fd3b01e8269fd
16eb18d9c6303cdd50ac58db5b2b116c5dcc4c43c89424f268f6d13fc599fb19

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/cache/dc9d67f7/jquery-migrate.min.js HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 13467
Connection: keep-alive
Last-Modified: Sat, 24 Sep 2022 06:27:21 GMT
Accept-Ranges: bytes

mw.nextglare.com/assets/js/bootstrap.min.js?av=08e9825e

65.108.14.84

200 OK

29 kB

URL HTTP/1.1
mw.nextglare.com/assets/js/bootstrap.min.js?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (28941)
Size
29 kB (29110 bytes)
Hash
ba847811448ef90d98d272aeccef2a95
5814e91bb6276f4de8b7951c965f2f190a03978d
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/bootstrap.min.js?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 29110
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 15:23:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 15:23:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mw.nextglare.com/assets/js/notify.js?av=08e9825e

65.108.14.84

200 OK

5.6 kB

URL HTTP/1.1
mw.nextglare.com/assets/js/notify.js?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text
Size
5.6 kB (5593 bytes)
Hash
9a19754fbd746ae6b603286c3a971e55
c45b906ec95326202c2a8e13545b5c17e92bbdc7
d1416dc4293eaae9e4aac8d5267fb0d5dcb35d9dbc44b63278f75750a1f9cc22

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/notify.js?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 5593
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Accept-Ranges: bytes

mw.nextglare.com/assets/js/adminlte.js?av=08e9825e

65.108.14.84

200 OK

9.8 kB

URL HTTP/1.1
mw.nextglare.com/assets/js/adminlte.js?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (9373)
Size
9.8 kB (9774 bytes)
Hash
add5b3f0900365f3b4240664da17760e
7cbd53bfcf830e7c150d6bb55efcc2832e7543e7
42338bc162a705b04953fc72340216dbefb55cf12ec1a6e7cad04e5e680e26bc

HTTP Headers

GET /assets/js/adminlte.js?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 9774
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 15:23:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Last-Modified, ETag, Alert, Backoff, Content-Type, Retry-After, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 11 Nov 2022 14:44:48 GMT
cache-control: public,max-age=3600
age: 2337
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

mw.nextglare.com/assets/js/app.js?av=08e9825e

65.108.14.84

200 OK

2.8 kB

URL HTTP/1.1
mw.nextglare.com/assets/js/app.js?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
2.8 kB (2797 bytes)
Hash
3ade0b17b1b7c3d1c27aba12ceeda1d3
f8c1fe63c016a077e1545d123eb4db8e8a690c6d
cf55d95ad63c72f2eeb219da669cc848cc3022fa4a4798d62ed19ed342460cbe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/app.js?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 2797
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Accept-Ranges: bytes

mw.nextglare.com/frontend/assets/js/app.js?av=08e9825e

65.108.14.84

200 OK

464 B

URL HTTP/1.1
mw.nextglare.com/frontend/assets/js/app.js?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
464 B (464 bytes)
Hash
63407331c21d5d542d65b0db1806572b
5571a79924a1a0d063a01ecdd1e16758c05c4e46
da13c80125e8103e470f9982aabe33d0176ae23e6ff5d74a7909fc13e36d73d8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/js/app.js?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 464
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Accept-Ranges: bytes

mw.nextglare.com/assets/js/cookie.js?av=08e9825e

65.108.14.84

200 OK

4.9 kB

URL HTTP/1.1
mw.nextglare.com/assets/js/cookie.js?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text
Size
4.9 kB (4938 bytes)
Hash
449dd3907404cead5d8ba6203b3550dc
c9bb690411c3f46145f8ea137e6783929d8c27aa
3585a42757908ba2ace27f41b01256f6cf4ffb9679f7ac0ff8957817d5ccfde1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/cookie.js?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 4938
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Accept-Ranges: bytes

mw.nextglare.com/assets/js/knockout.min.js?av=08e9825e

65.108.14.84

200 OK

60 kB

URL HTTP/1.1
mw.nextglare.com/assets/js/knockout.min.js?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (564)
Size
60 kB (59822 bytes)
Hash
fa8662c7a8415d0355f444eaff534845
b60c2c301c280378b4d51769cb20a46e65989c73
972f13893b7056c0567637a44ea4c994b1b3dd1b20e185ebf3478ae9086d74cb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/knockout.min.js?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: application/javascript
Content-Length: 59822
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4827
Cache-Control: max-age=155014
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 15:23:45 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:27:19 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

mw.nextglare.com/frontend/assets/files/customer/fb3266tte3c1f/getresponsebanneradd.jpeg

65.108.14.84

200 OK

70 kB

URL HTTP/1.1
mw.nextglare.com/frontend/assets/files/customer/fb3266tte3c1f/getresponsebanneradd.jpeg
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 756x756, components 3\012- data
Size
70 kB (70446 bytes)
Hash
d1731d064442bdcc2342b05f5766867d
c1a3c55c92afffd58d1da2a718b78bee07776580
07589fa78698a6589758126725c100d90b9c995574c246c0504bc12b5cf30ed8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/files/customer/fb3266tte3c1f/getresponsebanneradd.jpeg HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: image/jpeg
Content-Length: 70446
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 14:02:28 GMT
Accept-Ranges: bytes

mw.nextglare.com/frontend/assets/files/customer/fb3266tte3c1f/girl-weight-loss.jpg

65.108.14.84

200 OK

165 kB

URL HTTP/1.1
mw.nextglare.com/frontend/assets/files/customer/fb3266tte3c1f/girl-weight-loss.jpg
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 546x529, components 3\012- data
Size
165 kB (165344 bytes)
Hash
a0b1fc4b8badba77eeb01230747922c5
b4a2bf85ba50134ddc658499bf15741e97066e88
f09ad0e5b1422b987d0d4cff535e0621d3155e58275162a2a4231dfe75c31e3c

HTTP Headers

GET /frontend/assets/files/customer/fb3266tte3c1f/girl-weight-loss.jpg HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: image/jpeg
Content-Length: 165344
Connection: keep-alive
Last-Modified: Wed, 22 Jun 2022 14:12:49 GMT
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Montserrat:300,400,700

142.250.74.10

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Montserrat:300,400,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1023 bytes)
Hash
f9e300324a554110bd996103170a7491
2d2db807bdd865f554b5c42df820d361e38760fa
3bb4e4f0d3cc427f42583fd85d064d5011efcb48a91cd31142380c4b112d763b

HTTP Headers

GET /css?family=Montserrat:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 11 Nov 2022 15:23:45 GMT
date: Fri, 11 Nov 2022 15:23:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
50b7ad7d0cb47a73140b0c340b5b72b4
5b7fd8d7d4a5fb963c33d52675ef3be152f4e7e3
494e1c3410c113871960bd9b35b3d89c0d404ecb836c03669a8522d159391cd9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 15:23:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.195

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mw.nextglare.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 05:42:51 GMT
expires: Fri, 10 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 121254
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

mw.nextglare.com/favicon.ico

65.108.14.84

200 OK

198 B

URL HTTP/1.1
mw.nextglare.com/favicon.ico
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Size
198 B (198 bytes)
Hash
ff82d748b4add52e4dd7c8f0b58b89f2
ea69cebf29f461d7831368697f303ea4f0c69a2d
de88c1f678413736e858b27974cd5d2181b3df891b8999dd93835384b0ca2d8f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: image/x-icon
Content-Length: 198
Connection: keep-alive
Last-Modified: Tue, 15 Feb 2022 12:22:41 GMT
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
50b7ad7d0cb47a73140b0c340b5b72b4
5b7fd8d7d4a5fb963c33d52675ef3be152f4e7e3
494e1c3410c113871960bd9b35b3d89c0d404ecb836c03669a8522d159391cd9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 15:23:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.43.61.95

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.61.95:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: f8JT3qdB9HM7WkZVogm3Lg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yFbxQb0iMRosfFOb5UqUi81x/7I=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4749
Expires: Fri, 11 Nov 2022 16:42:55 GMT
Date: Fri, 11 Nov 2022 15:23:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4749
Expires: Fri, 11 Nov 2022 16:42:55 GMT
Date: Fri, 11 Nov 2022 15:23:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4749
Expires: Fri, 11 Nov 2022 16:42:55 GMT
Date: Fri, 11 Nov 2022 15:23:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4749
Expires: Fri, 11 Nov 2022 16:42:55 GMT
Date: Fri, 11 Nov 2022 15:23:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4749
Expires: Fri, 11 Nov 2022 16:42:55 GMT
Date: Fri, 11 Nov 2022 15:23:46 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5583 bytes)
Hash
85c6f450b38f41a2fb924d6d9a9cbff8
691f59b65ca9fde4f59bbf96b37071e07351f190
c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 07:47:38 GMT
age: 27368
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8294 bytes)
Hash
88c9931a009690991e73c5b37a1aa085
815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0
74e70391889e4b46742033b1d5daccfec415ba2ee999e429d1013fd4a1ebc61a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8294
x-amzn-requestid: 233f9724-1c36-426d-8299-1f6577a6e5e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4lmE60IAMF1Lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e23-4b2763b42d8a57044dfa8144;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QaMTrn0ZUptFLGY0x7bytPsJZHnLvdpMnU0XGCBU2pkmiA4MO8DIUw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:46:56 GMT
etag: "815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0"
content-type: image/jpeg
age: 63410
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6517 bytes)
Hash
f29164fb4dd64d9ce60566fbebd40f0a
96de8f2627e1103c5e6beb5d64cdbc09f97fce82
8eba6095edfed1ee1402c050727f81b8a9942625fd1c9cbb3bac4e51ee178577

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6517
x-amzn-requestid: 78eb1490-4afb-497e-9dbd-afd6ddf9cc48
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG23pFPLoAMFxcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d1ca-4c9caca164576bfe07c9c05c;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:00:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zllrXRZmtjHqA98lS_q0Wtx5TeEh2cEy3tr_eGkozM_jWxTIA5d60g==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:48:34 GMT
age: 63312
etag: "96de8f2627e1103c5e6beb5d64cdbc09f97fce82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4536ad7a-f089-491a-b438-6170474413f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6943 bytes)
Hash
29d8f7296af85ca904fdb9aaaabe74b1
b2485d1c75524fe98c9e9aaafc67c5fa1f5680be
f7fd15f4b79a7ded0fdf7eb7690afce4e8b76d8cf846ab13771a1b3bb845e4b1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4536ad7a-f089-491a-b438-6170474413f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6943
x-amzn-requestid: 1966b06b-ed12-4f2a-b665-06c90cd7fe54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG3fWHZxIAMF2Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d2c8-197feadc1f93b08f21b237c0;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:04:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1sV9xUZfKyim8tk6bxqHugzkmqI5wCP3yGEyhFbbIO9Oxhzq7Jnamw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:45:49 GMT
age: 63477
etag: "b2485d1c75524fe98c9e9aaafc67c5fa1f5680be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70e84318-35d1-4f44-a46e-ceb8a5b21585.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.0 kB (3044 bytes)
Hash
3cc2798e5a89c3408b86c70aabd35870
f6ffc2673d21c7899c25196e7429e720533d492c
d48c7b5729758851be0edb887c02678c5738629c8b0ab0c2935422eac3d8a055

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70e84318-35d1-4f44-a46e-ceb8a5b21585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3044
x-amzn-requestid: 6577658b-e221-4e7d-85db-a5139d2fe7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bA1hsGtioAMFoPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6363693d-46815a9916c6743d6bac11bb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 07:09:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0HpsiS79_YRcH_3eXi9YQADl7GdUkoAgOUK08Up75AjCmvXy3nXvzA==
via: 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:45:49 GMT
age: 63477
etag: "f6ffc2673d21c7899c25196e7429e720533d492c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10671 bytes)
Hash
e72f32944d6f03e005f7b6f3e87d8c72
5fe340bf33ac219f6a3d44810f31d0a8796c83a9
bcdcba30210d276996d0fe749bbfc69d666ae11ddfbfdb57307e4bb4d6e43d1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10671
x-amzn-requestid: 1b6053eb-64ac-4c24-a750-c1b8cd69157f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJEh8GxPoAMFhPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366b472-56c6a3bc07ec89ab56d4f3bd;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 19:07:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qJeWGvC4DM_d3k66OHN2V19elou-xoSNkep1BNalBO0NtKyQtAFzNQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 04:30:53 GMT
age: 39173
etag: "5fe340bf33ac219f6a3d44810f31d0a8796c83a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

mw.nextglare.com/assets/css/adminlte.css?av=08e9825e

65.108.14.84

200 OK

0 B

URL HTTP/1.1
mw.nextglare.com/assets/css/adminlte.css?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/css/adminlte.css?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: text/css
Content-Length: 218121
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

mw.nextglare.com/assets/css/skin-blue.css?av=08e9825e

65.108.14.84

200 OK

0 B

URL HTTP/1.1
mw.nextglare.com/assets/css/skin-blue.css?av=08e9825e
IP
65.108.14.84:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/css/skin-blue.css?av=08e9825e HTTP/1.1
Host: mw.nextglare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/lists/ty058xyxoef14/unsubscribe/yv987rg50ed5f/wy522bqod709d
Cookie: mwsid=666db7433c235046a99ea6ec24f2efda; csrf_token=428aaf05daef66a7289d8affe938d07dd7de9f06s%3A88%3A%22THpOSzF5bjhrX0JuODB5akliTjJfdV91QUtsOTdxfnNQiIXeBoUzKpkP8rmNc8eV2duFS3fVRz1dDY2C6VV5uQ%3D%3D%22%3B
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 15:23:45 GMT
Content-Type: text/css
Content-Length: 197942
Connection: keep-alive
Last-Modified: Thu, 28 Jul 2022 00:15:06 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=08e9825e

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=08e9825e
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=08e9825e HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 11 Nov 2022 15:23:45 GMT
date: Fri, 11 Nov 2022 15:23:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=08e9825e

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=08e9825e
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:300,400,700,900&av=08e9825e HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 11 Nov 2022 15:23:45 GMT
date: Fri, 11 Nov 2022 15:23:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=08e9825e

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=08e9825e
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:300,400,700&av=08e9825e HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mw.nextglare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 11 Nov 2022 15:23:45 GMT
date: Fri, 11 Nov 2022 15:23:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (51)

URL HTTP/1.1