Report - drtimsproducts.com/28/restor/index.php?id=9160170867

Report Overview

Submitted URL
drtimsproducts.com/28/restor/index.php?id=9160170867
IP
192.185.115.101
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-11-29 17:17:05
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
102

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.canadapost-postescanada.ca	98149	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	863 B	7.6 kB	23.61.214.200
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
drtimsproducts.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	27 kB	642 kB	192.185.115.101
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	7.6 kB	142.250.74.3
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	142.250.74.131
www.canadapost.ca	97903	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	837 B	597 B	23.61.214.200
siteintercept.qualtrics.com	1163	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	49 kB	104.17.209.240
zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com	212644	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	562 B	779 B	104.17.209.240
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.70.68.230
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.1 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	83 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-29	medium	drtimsproducts.com/28/restor/assets/f.txt	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/uwt.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/614267586032718(1)	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/recaptcha__en.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/insight.min.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/js	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/fbevents.js(1).download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/insight.min.js(1).download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/614267586032718	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/css	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/11-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/3-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/15.e8db891fc03030df5677.chunk.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/js(1)	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/EXaf08311446b84717ae3ad026d3f43bdc-libraryCode_source.min.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/9-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/recaptcha__en.js(1).download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/saved_resource(1)	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/f(1).txt	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/api.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/polyfills-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/f(2).txt	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/main-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/cwc.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/saved_resource(2)	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/CoreModule.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/jquery.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/js(1)	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/9-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/3-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/11-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/15.e8db891fc03030df5677.chunk.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/runtime-es2015.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/f(1).txt	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/f(2).txt	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/saved_resource.html	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/cwc.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/recaptcha__en.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/saved_resource	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/CoreModule.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/saved_resource(2)	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/recaptcha__en.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/recaptcha__en.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/saved_resource(1).html	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/fbevents.js.download	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/anchor.html	Phishing
2022-11-29	medium	drtimsproducts.com/28/restor/assets/foundation.min.js.download	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	drtimsproducts.com/28/restor/index.php?id=9160170867	613 B	2023-03-07	2024-04-24
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:04 Last Seen2024-04-24 19:32:56 Times Seen778 Hash cc297ba2a283a306536c7b47d28e5327 9bc60fc2d3f9eed2d2501080ebbdc726380975c0 3dd4de6bec3e1e7deb446cda4c080d2c9355a6a49b2cac87ad9cd6cf932d4fd2 Loading...

	drtimsproducts.com/28/restor/assets/uwt.js.download	5.2 kB	2023-03-07	2023-12-26
Pretty URL drtimsproducts.com/28/restor/assets/uwt.js.download IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:45 Last Seen2023-12-26 08:25:41 Times Seen50 Hash a4cc3f907681b24a3efd540acd5d2996 b0765e1c6b1c15a83c3f6cd8eae99300940c1519 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	13 kB	2023-03-07	2024-04-19
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:43:09 Last Seen2024-04-19 12:36:08 Times Seen16 Hash cdea492c15a3209fe12bea16843778ab 50274377ac4d58c8833eedb9fb3db9a76ec0bb4b 1081e05017d14b1c8f91269435c5700617d6decd81e195c7bf9912947d0cb404 Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	1.3 kB	2023-03-07	2024-03-17
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:43:09 Last Seen2024-03-17 05:21:11 Times Seen66 Hash d92d948a72a9e9524f4858b0aa627c13 3c3faed7ae8d4acdb0fe5200db647648f0a0fcbc 77a67e427e45eed81fbdad8248cff5f583ad5f77ab2b44e56e00547434010369 Loading...

	zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fdrtimsproducts.com%2F28%2Frestor%2Findex.php%3Fid%3D9160170867&t=1669742217526	7.3 kB	2023-03-08	2023-03-11
Pretty URL zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fdrtimsproducts.com%2F28%2Frestor%2Findex.php%3Fid%3D9160170867&t=1669742217526 IP 104.17.209.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2023-03-11 23:44:37 Times Seen1 Hash ae024eb54038894df13d225a57c5b3a1 8841e41908ac41188cb30ea07b7bd4edbc83d61c e951d306581d3ffb12064c3f4ae3e8f18330b05b2d55fd390821e82be6e85b43 Loading...

	drtimsproducts.com/28/restor/assets/fbevents.js.download	94 kB	2023-03-11	2023-06-12
Pretty URL drtimsproducts.com/28/restor/assets/fbevents.js.download IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:35:10 Last Seen2023-06-12 18:18:52 Times Seen4 Hash 077b8b6e85c9edf74d372d155180e6d3 4a24be343819ad355807adb01579366a1e64b8b9 a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05 Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	80 B	2023-03-10	2023-04-07
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-04-07 07:37:03 Times Seen2 Hash 875000382df696198d8fd013ff31e9fc c1ebf1c0cfbbc06a1b11f4bb671bb7bb7a68e965 a2e0cee85b57b19f2172380dceaf5ef63ffe280c39710b12aa7de9655a141113 Loading...

	drtimsproducts.com/28/restor/assets/anchor.html	32 kB	2023-03-10	2023-04-07
Pretty URL drtimsproducts.com/28/restor/assets/anchor.html IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-04-07 07:37:03 Times Seen2 Hash 70e18a698441d52878625f9596b40997 87ee4aa54b7b3ce61063e5738bad2d3e4836269d e87c29f57c535e7aa338b6e04ec8dc17de5effd509cf0700c6dc138449aaa47c Loading...

	siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital	63 kB	2023-03-08	2023-05-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital IP 104.17.209.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-05-10 22:14:08 Times Seen2 Hash 27441729c7b7c4aad5744a87cf9a9b07 e01e945cd61c0dd22169d9425a5323e792f4da00 8bbd322d5b22764f29e7ff91003f0a7a25af17af76cbee3ff46e95a3d4d80b4f Loading...

	siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital	1.8 kB	2023-03-08	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-03-11 23:44:36 Times Seen1 Hash 47d288910bddf2bf2c544552b10e7ef9 6c8a83bc840d2c2cda2d4bbcb64b50c383fc4059 656b507a55c361579615069ae025d160099bac360642eaba44bd2331f7fad4c3 Loading...

	drtimsproducts.com/28/restor/assets/anchor.html	69 B	2023-03-07	2024-04-27
Pretty URL drtimsproducts.com/28/restor/assets/anchor.html IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-27 00:11:29 Times Seen99633 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web	95 kB	2023-03-10	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web IP 104.17.209.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-03-11 22:56:04 Times Seen1 Hash 150c1c5d6432020083a08bab66d4b4a0 a2adf840d1ecdb53dceeb5e8050a22feb9917820 9c083b70ebbfb41ea0ee7766e9316705cf175c7969b6468a8beeb96480fe7416 Loading...

	siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital	29 kB	2023-03-08	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-03-11 23:44:36 Times Seen1 Hash a4802228fa2ddf3964ab98d0b0b73cbe 05be982516b28adc48c56b3f2bb017a2f7f3f47e 90ca1ec69de35eb28fcd7f3dfe0215a56127cacf6b15b24780bb8b2478578d33 Loading...

	drtimsproducts.com/28/restor/assets/614267586032718	261 kB	2023-03-11	2023-03-11
Pretty URL drtimsproducts.com/28/restor/assets/614267586032718 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:35:10 Last Seen2023-03-11 22:56:04 Times Seen1 Hash a22932af46b8719919245d9b222105c0 ad9742d1f49c902b042d15770706bdcd24bccef9 93c8c2fb4dd5b4c175278296f9434f1909a22dc5308310c45e82d5f791148028 Loading...

	drtimsproducts.com/28/restor/assets/saved_resource(1)	62 kB	2023-03-10	2023-04-07
Pretty URL drtimsproducts.com/28/restor/assets/saved_resource(1) IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-04-07 07:37:04 Times Seen4 Hash 1503436d58511f12d4e5e6b17b142911 b9480331e92c5a9843f84814051b1f1c722d8a82 d06749471cf63a0fdcf4dcf510ff122bb771df974aacf7202f71a1b654067418 Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	1.1 kB	2023-03-10	2023-04-07
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-04-07 07:37:03 Times Seen2 Hash bda3122d6e207ee467501b77e9ca542a 1066f897dd2aaa8dec094de1c4b7c084684219de cd3d3ed6e87512716ea3cd34ec5f0d649be0c8694d57f5e73761c1155e0d0f45 Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	783 B	2023-03-10	2023-04-07
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-04-07 07:37:03 Times Seen2 Hash 42529fd1cfc1246e6888f71cd9a72c37 0ee8a10a60838b678bf13ee6990ff67d893c5922 b6684192388450518156f011c746f29cdef3431c7f39fe5330ff82d7392d9b5f Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	196 B	2023-03-10	2023-04-07
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-04-07 07:37:03 Times Seen2 Hash 2a6010e485b1272aa8e3a8e7f69cb3d7 84f967a859f72f1954f332ec5d0a07cdace31318 e3a1a83757a6054eda607b0da886612c8d019155ca448809495a9ade077e274c Loading...

	siteintercept.qualtrics.com/dxjsmodule/15.e8db891fc03030df5677.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web	1.8 kB	2023-03-10	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/15.e8db891fc03030df5677.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web IP 104.17.209.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-03-11 22:56:04 Times Seen1 Hash baa3c824e926bfbddb2f25b5247f5d08 91fc17e792d3c2da71cd5ddd2ceefe5f2b907f54 750e5e83fe93337bd1532723fe7792118591eb65a209930b908dbc96d7fcd04f Loading...

	siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital	104 kB	2023-03-08	2023-06-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-06-10 10:45:44 Times Seen3 Hash 15b98ecdbcfe4fe64aad53ba268f1545 8fb53b04badce588a9ee890e07929e37d7406291 20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 00:44:53 Times Seen37106571 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	186 B	2023-03-08	2024-04-19
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:08 Times Seen14 Hash 2f8d65a5cacb92b04b0b83655f642740 0646b4b5ef0a0d21602c142445d535a530591b82 fdcc4585c2e48b4ab410ea4bb261c20ff45ff08dbd2e54ca18f269adb394eec9 Loading...

	drtimsproducts.com/28/restor/index.php?id=9160170867	248 B	2023-03-08	2024-04-19
Pretty URL drtimsproducts.com/28/restor/index.php?id=9160170867 IP 192.185.115.101 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:08 Times Seen14 Hash 01dab56786ccdb8da9962ab5eb1cdab2 98c047d81ca6f66794f2930f9c66a5a297fab62d c8d7015beae55339c2da4f90990a6ddbe80efc1e466667e647eb5fb80b03a7bd Loading...

	drtimsproducts.com/28/restor/assets/bframe.html	181 B	2023-03-10	2023-04-07
Pretty URL drtimsproducts.com/28/restor/assets/bframe.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-04-07 07:37:03 Times Seen2 Hash 5119e95de136d4d180e721f5b05357a3 df4624275ba069b59f4511a0028d9ee6abb13026 cfc7a05611dc94c1f4c9c0339a8f0230eb6565bc270e607e92311ce4d1c39ab2 Loading...

	siteintercept.qualtrics.com/dxjsmodule/1.9bf84a1119dc09839d2c.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web	26 kB	2023-03-10	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/1.9bf84a1119dc09839d2c.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web IP 104.17.209.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:19:37 Last Seen2023-03-11 22:56:04 Times Seen1 Hash d7687b6bdc3f2e38a5d2d34e56c85e4d 4e2e838c4050c04d9c2abbb82c3025606c71f81b 429749356b9bdb20679a677f51336f91ae7527e5ea3cedd5982acb2a82ce9421 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 05b8c74cbd96fbf2de4c1a352702fbf4	6 B	2023-03-07	2024-04-27
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-27 00:39:30 Times Seen54721 Hash 05b8c74cbd96fbf2de4c1a352702fbf4 320ad267d8d969f285eda5c184f5455bd29c8c95 44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba Loading...

	#2 Eval - 9266de3a4337f3fb488da43e762a5c9d	42 B	2023-03-07	2023-04-07
Pretty Observations First Seen2023-03-07 16:43:09 Last Seen2023-04-07 07:37:03 Times Seen12 Hash 9266de3a4337f3fb488da43e762a5c9d 53c8e1f93fb0f9c194f63d8c275a3f46b5bce823 ce71e5a42d1474f6f0ff23fd2fb7b3da4de9ba34f5acf44208b5b2d3d4b6e037 Loading...

HTTP Transactions (106)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5774
Expires: Tue, 29 Nov 2022 18:53:09 GMT
Date: Tue, 29 Nov 2022 17:16:55 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3222
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:55 GMT
Last-Modified: Tue, 29 Nov 2022 16:23:13 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11359
Expires: Tue, 29 Nov 2022 20:26:14 GMT
Date: Tue, 29 Nov 2022 17:16:55 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 16:19:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3437
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: QdJ3jX+YRgvHljFCP3zcYUqWI4y/MARSSnGgZZTs3bFxr+PhTsQynlYPwIoxv75ga0HjT2YvTei6phSaqTsW8w==
x-amz-request-id: QPD989E1QZZSZGM3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 16:45:32 GMT
age: 1883
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 17:16:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d0d4c3c6665c485dd9220bad69ead42a
e2175b8ed2d138fcddefbc2c7ac4964a12cbaaf3
01f594ae9507658e9ab6a119ebadc3382125daeba37e199689c382c301c5c2ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01F594AE9507658E9AB6A119EBADC3382125DAEBA37E199689C382C301C5C2BA"
Last-Modified: Tue, 29 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 29 Nov 2022 23:16:55 GMT
Date: Tue, 29 Nov 2022 17:16:55 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 17:11:13 GMT
cache-control: public,max-age=3600
age: 342
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5659
Cache-Control: max-age=149052
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:55 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 10:41:07 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

drtimsproducts.com/28/restor/assets/f.txt

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/f.txt
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/f.txt HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/uwt.js.download

192.185.115.101

200 OK

2.1 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/uwt.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (5160), with no line terminators
Size
2.1 kB (2146 bytes)
Hash
237266f690c2e7813223dff923f35866
5832f8365e94da3682d78c07a1a6d0c77ef2c6bb
fddf9eab4b1b8691f07639498d5d85242d6599b87c3b555400a1f894324b79de

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/uwt.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2146
content-type: application/javascript
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/614267586032718(1)

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/614267586032718(1)
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/614267586032718(1) HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/recaptcha__en.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/recaptcha__en.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/recaptcha__en.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/insight.min.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/insight.min.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/insight.min.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/js

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/js
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/js HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/fbevents.js(1).download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/fbevents.js(1).download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/fbevents.js(1).download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/insight.min.js(1).download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/insight.min.js(1).download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/insight.min.js(1).download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.70.68.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.70.68.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4xI2MDgVuxO1Zbz2csOVyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iv0VbmrFe7oMmgVbzeqPtciLtLo=

drtimsproducts.com/28/restor/assets/614267586032718

192.185.115.101

200 OK

261 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/614267586032718
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (64471)
Size
261 kB (260702 bytes)
Hash
a22932af46b8719919245d9b222105c0
ad9742d1f49c902b042d15770706bdcd24bccef9
93c8c2fb4dd5b4c175278296f9434f1909a22dc5308310c45e82d5f791148028

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/614267586032718 HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:26 GMT
accept-ranges: bytes
content-length: 260702
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/css

192.185.115.101

200 OK

6.0 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/css
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
6.0 kB (6014 bytes)
Hash
cf0139a6997ab9d024d9b630f8d638e2
32277f0dec21e1f34f7c4c5e2257e3cc2f3e1265
d4876c12b071f74470f52c0404d10730ab271ae769c2c407fe131dae8b33e236

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/css HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:26 GMT
accept-ranges: bytes
content-length: 6014
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/styles.css

192.185.115.101

200 OK

8.5 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/styles.css
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (30853)
Size
8.5 kB (8454 bytes)
Hash
865aa8086ebee75c11b88cf5047062b0
93a2f2c84bc936f951d8973e360ca6762bf66100
aef9ef4901829eda8f02d981a59ce12c7c4015bcb1a33e5db63176190ab67d56

HTTP Headers

GET /28/restor/assets/styles.css HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8454
content-type: text/css
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/11-es2015.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/11-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/11-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/3-es2015.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/3-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/3-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/15.e8db891fc03030df5677.chunk.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/15.e8db891fc03030df5677.chunk.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/15.e8db891fc03030df5677.chunk.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/js(1)

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/js(1)
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/js(1) HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/EXaf08311446b84717ae3ad026d3f43bdc-libraryCode_source.min.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/EXaf08311446b84717ae3ad026d3f43bdc-libraryCode_source.min.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/EXaf08311446b84717ae3ad026d3f43bdc-libraryCode_source.min.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/9-es2015.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/9-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/9-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/recaptcha__en.js(1).download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/recaptcha__en.js(1).download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/recaptcha__en.js(1).download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/saved_resource(1)

192.185.115.101

200 OK

62 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/saved_resource(1)
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (61317)
Size
62 kB (61756 bytes)
Hash
1503436d58511f12d4e5e6b17b142911
b9480331e92c5a9843f84814051b1f1c722d8a82
d06749471cf63a0fdcf4dcf510ff122bb771df974aacf7202f71a1b654067418

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/saved_resource(1) HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
content-length: 61756
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

drtimsproducts.com/28/restor/assets/f(1).txt

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/f(1).txt
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/f(1).txt HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/api.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/api.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/api.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/polyfills-es2015.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/polyfills-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/polyfills-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/search.png

192.185.115.101

200 OK

404 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/search.png
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Size
404 B (404 bytes)
Hash
d1eb6170eb368a34153d635b85b2a1d3
0fbbf04b22b7d7cce7afa6b9e1a5aed2f6acd618
2e479d3ef880d293cfbdcd65b2ea24a86b130d05b587ee8b32541889a98b6235

HTTP Headers

GET /28/restor/assets/search.png HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
content-length: 404
content-type: image/png
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/f(2).txt

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/f(2).txt
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/f(2).txt HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/cpc-main-logo.png

192.185.115.101

200 OK

2.5 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/cpc-main-logo.png
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 124 x 30, 8-bit/color RGBA, non-interlaced\012- data
Size
2.5 kB (2493 bytes)
Hash
ebe1af71bf518f30ee6f2de4882909c6
f58cf6f8bac6a2088de864a003ee192c301a8ced
5769708e0ee27bba6fd989d732dd8db4b77e637b49880bfbdcbbae9264898500

HTTP Headers

GET /28/restor/assets/cpc-main-logo.png HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:26 GMT
accept-ranges: bytes
content-length: 2493
content-type: image/png
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/cpc-logo.jpg

192.185.115.101

200 OK

3.9 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/cpc-logo.jpg
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 99x98, components 3\012- data
Size
3.9 kB (3900 bytes)
Hash
e1b24f7698883669968dc29ebdb025d6
054b610039dbb72dede22176683d7d7335a2e0d9
0c7b7bcf0a7e2ba2b201b7952673a9e1aef634440e903fe1829b75424a5b611a

HTTP Headers

GET /28/restor/assets/cpc-logo.jpg HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:26 GMT
accept-ranges: bytes
content-length: 3900
content-type: image/jpeg
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/main-es2015.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/main-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/main-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/cwc.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/cwc.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/cwc.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/saved_resource(2)

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/saved_resource(2)
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/saved_resource(2) HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/CoreModule.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/CoreModule.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/CoreModule.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

drtimsproducts.com/28/restor/assets/jquery.js.download

192.185.115.101

200 OK

52 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/jquery.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (65451)
Size
52 kB (51971 bytes)
Hash
d3c44bc9855b8a8ae10734ca4815e41d
2db32cde4e0cede31fc19422ef6d7751a94850be
d52524c9fc3079943b7627d7f8316bf114a945054e9ac74bc26fae3732e35b53

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/jquery.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:28 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:56 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/js(1)

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/js(1)
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/js(1) HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:56 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/cwc.css

192.185.115.101

200 OK

38 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/cwc.css
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (65536), with no line terminators
Size
38 kB (37555 bytes)
Hash
8eea32edd4cef83f854eafb8e94c55fe
423b5bed898907feb06b1a4aaf65bf94487e599d
0af6aaba2575ebbf089a3ddf21c0f5c0c1af3a0531fdb3a7088111bc51522d08

HTTP Headers

GET /28/restor/assets/cwc.css HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/9-es2015.js.download

192.185.115.101

404 Not Found

5.4 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/9-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (358)
Size
5.4 kB (5365 bytes)
Hash
f1aae2b1590d27e4ba3f566c454e67ca
13ec3176ad3ef938d27c6103612d93217f845e27
18b00cac135d5bbc04617cf6df848f5425b9429dd650387f5254a9864c3e39b6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/9-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:56 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/3-es2015.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/3-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/3-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:56 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/11-es2015.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/11-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/11-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:56 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/15.e8db891fc03030df5677.chunk.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/15.e8db891fc03030df5677.chunk.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/15.e8db891fc03030df5677.chunk.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/1.9bf84a1119dc09839d2c.chunk.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/runtime-es2015.js.download

192.185.115.101

404 Not Found

4.4 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/runtime-es2015.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
data
Size
4.4 kB (4376 bytes)
Hash
a2c1dbb855a04d3410bb1a8f7d1cd5cd
4697369e5c3158381878dbdaaba2c62bba30b462
cb5a7ffe95e91d3f6ad29551d66f49a0628c43310a1ca4bfc6ec30ba8a528107

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/runtime-es2015.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3433
Expires: Tue, 29 Nov 2022 18:14:10 GMT
Date: Tue, 29 Nov 2022 17:16:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3433
Expires: Tue, 29 Nov 2022 18:14:10 GMT
Date: Tue, 29 Nov 2022 17:16:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3433
Expires: Tue, 29 Nov 2022 18:14:10 GMT
Date: Tue, 29 Nov 2022 17:16:57 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9430 bytes)
Hash
1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 69302
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4417 bytes)
Hash
a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:54 GMT
age: 70203
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4916 bytes)
Hash
83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 50326
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9376 bytes)
Hash
cce27a1fe8c0222811a5ce0e7f89e1cb
28c165bac8cf68cd1b0763c311aece00672cb3a5
4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPmz3EVUoAMFWUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 10:09:32 GMT
age: 25645
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10176 bytes)
Hash
03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:49:50 GMT
age: 44827
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9203 bytes)
Hash
5d574c4db20a68295dbd06cb08f5990b
433061bbb226048765a711deca3026ee3e52372f
8cc1a4d18e242f8bfc8ab94637f635b73554b903462c29b06d0ec67872542afb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 8cba52d6-3c1c-495c-bb9d-3ba6f0adc7e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cHcHmGmQoAMF6dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fa6fd-73abfa592ff223061401af9a;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 17:16:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UmhWm03jrsV8dFagrzIA0E-8eL8dykoO5kw3cYOBd172dCGqNdAX-Q==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:49:48 GMT
age: 48429
etag: "433061bbb226048765a711deca3026ee3e52372f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/f(1).txt

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/f(1).txt
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/f(1).txt HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/f(2).txt

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/f(2).txt
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/f(2).txt HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://drtimsproducts.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 510162
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://drtimsproducts.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:54 GMT
expires: Thu, 23 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 510183
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://drtimsproducts.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:56 GMT
expires: Thu, 23 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 510181
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/saved_resource.html

192.185.115.101

200 OK

145 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/saved_resource.html
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
145 B (145 bytes)
Hash
5e610eda263540ba05be0d6b5cf807a2
269663c27bdb68d880847d4f7bd4b62796926c93
682e5b3b42807f8a40d9f12d20c12a824dbf1dfcda7fefab7c81a08a35c9bfca

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/saved_resource.html HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 145
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

drtimsproducts.com/28/restor/assets/cwc.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/cwc.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/cwc.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg

23.61.214.200

301 Moved Permanently

0 B

URL HTTP/1.1
www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
IP
23.61.214.200:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
Date: Tue, 29 Nov 2022 17:16:57 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload

www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg

23.61.214.200

301 Moved Permanently

0 B

URL HTTP/1.1
www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg
IP
23.61.214.200:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cpc/assets/cpc/img/icons/search.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
Date: Tue, 29 Nov 2022 17:16:57 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
34f5e29055227226252a13b736f9eaf0
225fe6e3f9acba621d867e1be3ece705d6427d77
bd3a89d670790e901acfc605f07f3cdc386033b430750795729a8f82db296b0c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3677
Cache-Control: max-age=155746
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:57 GMT
Etag: "6385ed8e-1d7"
Expires: Thu, 01 Dec 2022 12:32:43 GMT
Last-Modified: Tue, 29 Nov 2022 11:31:26 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

drtimsproducts.com/28/restor/assets/recaptcha__en.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/recaptcha__en.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/recaptcha__en.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/assets/anchor.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
34f5e29055227226252a13b736f9eaf0
225fe6e3f9acba621d867e1be3ece705d6427d77
bd3a89d670790e901acfc605f07f3cdc386033b430750795729a8f82db296b0c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3677
Cache-Control: max-age=155746
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 17:16:57 GMT
Etag: "6385ed8e-1d7"
Expires: Thu, 01 Dec 2022 12:32:43 GMT
Last-Modified: Tue, 29 Nov 2022 11:31:26 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

drtimsproducts.com/28/restor/assets/saved_resource

192.185.115.101

200 OK

4.3 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/saved_resource
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
gzip compressed data, from Unix\012- data
Size
4.3 kB (4345 bytes)
Hash
71fc029d149b347d26a51a0b100df524
c491cf1ca8732b92c881f4e4489a989b836c52e9
e70edacd2cea22411e37b5545cd771294bcd2632ce7ccdd14d5e57eddc33afd3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/saved_resource HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
content-length: 61756
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/CoreModule.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/CoreModule.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/CoreModule.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Cookie: IV_JCT=%2Fpfe-pap
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/saved_resource(2)

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/saved_resource(2)
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/saved_resource(2) HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Cookie: IV_JCT=%2Fpfe-pap
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/recaptcha__en.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/recaptcha__en.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/recaptcha__en.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/assets/anchor.html
Cookie: IV_JCT=%2Fpfe-pap
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/recaptcha__en.js.download

192.185.115.101

404 Not Found

4.7 kB

URL HTTP/2
drtimsproducts.com/28/restor/assets/recaptcha__en.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.7 kB (4677 bytes)
Hash
e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/recaptcha__en.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/assets/bframe.html
Cookie: IV_JCT=%2Fpfe-pap
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
last-modified: Fri, 30 Sep 2022 16:17:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 29 Nov 2022 17:16:58 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://drtimsproducts.com
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:48:03 GMT
expires: Fri, 24 Nov 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 415735
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://drtimsproducts.com
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:40:43 GMT
expires: Fri, 24 Nov 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 434175
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/saved_resource(1).html

192.185.115.101

200 OK

145 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/saved_resource(1).html
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
145 B (145 bytes)
Hash
5e610eda263540ba05be0d6b5cf807a2
269663c27bdb68d880847d4f7bd4b62796926c93
682e5b3b42807f8a40d9f12d20c12a824dbf1dfcda7fefab7c81a08a35c9bfca

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/saved_resource(1).html HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/assets/anchor.html
Cookie: IV_JCT=%2Fpfe-pap
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 145
content-type: text/html
date: Tue, 29 Nov 2022 17:16:58 GMT
server: Apache
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.3

200 OK

600 B

URL HTTP/2
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 06:57:23 GMT
expires: Sat, 03 Dec 2022 06:57:23 GMT
cache-control: public, max-age=604800
age: 296375
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.3

200 OK

665 B

URL HTTP/2
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 08:12:18 GMT
expires: Thu, 01 Dec 2022 08:12:18 GMT
cache-control: public, max-age=604800
age: 464680
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.3

200 OK

2.2 kB

URL HTTP/2
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 14:40:09 GMT
expires: Sat, 03 Dec 2022 14:40:09 GMT
cache-control: public, max-age=604800
age: 268609
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.3

200 OK

530 B

URL HTTP/2
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:42:32 GMT
expires: Tue, 06 Dec 2022 15:42:32 GMT
cache-control: public, max-age=604800
age: 5666
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg

23.61.214.200

200 OK

382 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
IP
23.61.214.200:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (724), with no line terminators
Size
382 B (382 bytes)
Hash
b86b3f712d7d1224f22ce80ab788d8bc
1015427d965943c5acfda2a2b96174c96a30e715
827930f77d0aee840f92563e8da302b30e9f0b196f923edd0f6305faf4ae7df0

HTTP Headers

GET /cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drtimsproducts.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a638-2d4"
Last-Modified: Mon, 05 Feb 2018 18:45:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 03 Oct 2022 07:02:38 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 382
Date: Tue, 29 Nov 2022 17:16:58 GMT
Connection: keep-alive
Vary: Accept-Encoding

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg

23.61.214.200

200 OK

218 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
IP
23.61.214.200:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (320), with no line terminators
Size
218 B (218 bytes)
Hash
d3a621feba2c9afadc8e74c4f71021e1
5364a043f80e5dcbc81b81e86d406eedfc1b69a4
9616a4bbe31bf59f3ec6fd4a9f237bfb89d3424a45238b625b7f1620377d5401

HTTP Headers

GET /cpc/assets/cpc/img/icons/search.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drtimsproducts.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a621-140"
Last-Modified: Mon, 05 Feb 2018 18:44:49 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Thu, 15 Sep 2022 16:23:11 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 218
Date: Tue, 29 Nov 2022 17:16:58 GMT
Connection: keep-alive
Vary: Accept-Encoding

siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital

104.17.209.240

200 OK

23 kB

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (62816), with no line terminators
Size
23 kB (23262 bytes)
Hash
cd954b151796a723a6d929660af66822
b7946b5f79c6d2087f06ce735ccb475e7d6a4665
305c93f1d43daa41f4dd5fd341e6353d6815c6fe8da9be6ca817fed4df138655

HTTP Headers

GET /dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 17:16:58 GMT
content-type: application/javascript
cf-ray: 771cfe81d892fab4-OSL
access-control-allow-origin: *
age: 55869
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"f871-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=63601
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/1.9bf84a1119dc09839d2c.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web

104.17.209.240

200 OK

21 kB

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/1.9bf84a1119dc09839d2c.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (26421), with no line terminators
Size
21 kB (21366 bytes)
Hash
7e7f627d4023ff05d822a16918ef72e7
59f35b70bd76b71f4d77f456950ab7ba11cfd8b6
c6416efddc25335231d43c4860d194beed05e2ffe938f99d464a92dad94f876d

HTTP Headers

GET /dxjsmodule/1.9bf84a1119dc09839d2c.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 17:16:58 GMT
content-type: application/javascript
cf-ray: 771cfe7ffea4fab4-OSL
access-control-allow-origin: *
age: 42304
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"6a46-1793dcb28b8"
last-modified: Wed, 05 May 2021 18:29:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=27206
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fdrtimsproducts.com%2F28%2Frestor%2Findex.php%3Fid%3D9160170867&t=1669742217526

104.17.209.240

200 OK

0 B

URL HTTP/2
zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fdrtimsproducts.com%2F28%2Frestor%2Findex.php%3Fid%3D9160170867&t=1669742217526
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fdrtimsproducts.com%2F28%2Frestor%2Findex.php%3Fid%3D9160170867&t=1669742217526 HTTP/1.1
Host: zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 17:16:58 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 771cfe819863fab4-OSL
access-control-allow-origin: *
age: 389583
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-yCXSqeWNF3QQ5gWuVWm89QaDdXQ"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/fbevents.js.download

192.185.115.101

200 OK

0 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/fbevents.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/fbevents.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:28 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web

104.17.209.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 82
Origin: https://drtimsproducts.com
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 29 Nov 2022 17:16:58 GMT
content-type: application/json
cf-ray: 771cfe7dfc27fab4-OSL
access-control-allow-origin: https://drtimsproducts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 7da2406981cb8f5b
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web

104.17.209.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 17:16:58 GMT
content-type: application/javascript
cf-ray: 771cfe7f5db1fab4-OSL
access-control-allow-origin: *
age: 42304
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"177a8-1793dcb28b8"
last-modified: Wed, 05 May 2021 18:29:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=96168
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/styles__ltr.css

192.185.115.101

200 OK

0 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/styles__ltr.css
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /28/restor/assets/styles__ltr.css HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/assets/anchor.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web

104.17.209.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 82
Origin: https://drtimsproducts.com
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 29 Nov 2022 17:16:58 GMT
content-type: application/json
cf-ray: 771cfe7dfc1ffab4-OSL
access-control-allow-origin: https://drtimsproducts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 8788fecdc50d7520
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/15.e8db891fc03030df5677.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web

104.17.209.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/15.e8db891fc03030df5677.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/15.e8db891fc03030df5677.chunk.js?Q_CLIENTVERSION=1.50.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 17:16:58 GMT
content-type: application/javascript
cf-ray: 771cfe7ffe9efab4-OSL
access-control-allow-origin: *
age: 42304
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9ec-1793dcb28b8"
last-modified: Wed, 05 May 2021 18:29:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2540
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/anchor.html

192.185.115.101

200 OK

0 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/anchor.html
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/anchor.html HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
date: Tue, 29 Nov 2022 17:16:57 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/foundation.css

192.185.115.101

200 OK

0 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/foundation.css
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /28/restor/assets/foundation.css HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:28 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/assets/foundation.min.js.download

192.185.115.101

200 OK

0 B

URL HTTP/2
drtimsproducts.com/28/restor/assets/foundation.min.js.download
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /28/restor/assets/foundation.min.js.download HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://drtimsproducts.com/28/restor/index.php?id=9160170867
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 27 Nov 2022 22:03:28 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

drtimsproducts.com/28/restor/index.php?id=9160170867

192.185.115.101

200 OK

0 B

URL HTTP/2
drtimsproducts.com/28/restor/index.php?id=9160170867
IP
192.185.115.101:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /28/restor/index.php?id=9160170867 HTTP/1.1
Host: drtimsproducts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 29 Nov 2022 17:16:55 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations