firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 11:05:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wzK7YJFm_HszJHe17nlMYl6KGyvKAIzdzxSeQ5Rlqyp6AYuDBZKWzA==
Age: 316
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9738
Expires: Fri, 09 Sep 2022 13:53:20 GMT
Date: Fri, 09 Sep 2022 11:11:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cawF7sxKOIvHFvmLj3tOLu-3uHJTn7hkT4yu1VTbFythxUdxlaXFqw==
age: 26668
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/
104.19.217.48301 Moved Permanently 0 B URL HTTP/1.1 secure-account-mail-login-inbox.bubbleapps.io/
IP 104.19.217.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2022 11:11:02 GMT
Content-Length: 0
Connection: keep-alive
Location: https://secure-account-mail-login-inbox.bubbleapps.io/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 747f7b18f9520b59-OSL
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 11:11:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 10:56:07 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 11:38:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: H3QZNh3t1RQMplSD53WrDddydmxZK8omzzmuuwnwpaoXfpllsaNmRw==
Age: 896
secure-account-mail-login-inbox.bubbleapps.io/package/dynamic_js/d4d67ca54a2b483370b457914e15e7cd5730a7bbbcebaf5a796954e1211b0612/secure-account-mail-login-inbox/live/index/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js
104.19.217.48200 OK 16 kB URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/package/dynamic_js/d4d67ca54a2b483370b457914e15e7cd5730a7bbbcebaf5a796954e1211b0612/secure-account-mail-login-inbox/live/index/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js
IP 104.19.217.48:0
File type Unicode text, UTF-8 text, with very long lines (49778)
Hash e2aca07b2b4dace2fb256b090b3d0ccb
0f517f88d38bfbc0de8e02350aeacd32be8d015a
f69cdde900f54d4a8b87129d4af3d94b7e872bfe41076563c329a6e715351ab0
Analyzer Verdict Alert fortinet Malware
GET /package/dynamic_js/d4d67ca54a2b483370b457914e15e7cd5730a7bbbcebaf5a796954e1211b0612/secure-account-mail-login-inbox/live/index/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:03 GMT
content-type: application/javascript
x-powered-by: Express
cache-control: public, max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-perf: {"total":33.2,"percents":{"top":{"bubble_cpu":29.3,"block":68.6,"capacity_rl":0,"other_pause":0,"pre_fiber":1.4},"sub":{"pp_userdb":3,"pp_wait_userdb":0,"http_request":0,"serverjson":18.2,"appserver_cache_misses_time":0,"redis":70.1,"fiber_queue":9.6,"capacity_wait":3.1}},"counts":{"pp_userdb":1,"http_request":0,"derived_build":0,"derived_cache_attempts":3,"derived_cache_memory_misses":3,"serverjson":11,"appserver_cache_attempts":1,"appserver_mem_cache_hits":0,"appserver_cache_hits":1,"appserver_cache_misses":0,"redis":27,"fiber_queue":26,"blocks":25},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":6458029,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.099 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
cf-cache-status: HIT
age: 90598
server: cloudflare
cf-ray: 747f7b1e2ae5fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0c56e0b2955a5dd7f37ba4bbf5727b4
f435bd1f6fb8ec931f1817fe4b91e6b86a7cb14b
99f7da9dca677db8e9cec5491c0d6d8a86b9c5e907907c2fdd30973c747f4282
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5077
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 11:11:03 GMT
Last-Modified: Fri, 09 Sep 2022 09:46:26 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 11:11:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 11:11:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2
142.250.74.163200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21144, version 1.0\012- data
Hash 2bc7630144496092dc786ce63109e560
723df3658078cfed03c85e47f15fc439eb4331be
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
GET /s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 22:36:53 GMT
expires: Wed, 06 Sep 2023 22:36:53 GMT
cache-control: public, max-age=31536000
age: 218050
last-modified: Tue, 19 Apr 2022 19:43:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 11:11:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 11:11:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 11:11:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2
142.250.74.163200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 20960, version 1.0\012- data
Hash d312d179276a175029c56c50e9bc9d0b
aa9285dd6183c696fc39ec31c221581e2d4959c1
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
GET /s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 00:05:42 GMT
expires: Thu, 07 Sep 2023 00:05:42 GMT
cache-control: public, max-age=31536000
age: 212721
last-modified: Tue, 19 Apr 2022 19:18:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21796, version 1.0\012- data
Hash 8074c760fbdd366fc1c33ce702911abf
b68cdebfb413c4ad60fa131dc29e36da4b3ce45c
2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254
GET /s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 22:37:05 GMT
expires: Wed, 06 Sep 2023 22:37:05 GMT
cache-control: public, max-age=31536000
age: 218038
last-modified: Tue, 19 Apr 2022 19:35:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3q-0s51os.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3q-0s51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 22052, version 1.0\012- data
Hash f27acc0d33d769a3da576516ca236c41
a678c0f6905303906a2537c1ff983258286a9263
1f132510bc7b665bbe5fb9227b0d2daafa5513296a72f88f88d38179eded9277
GET /s/barlow/v12/7cHqv4kjgoGqM7E3q-0s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 22:44:04 GMT
expires: Tue, 05 Sep 2023 22:44:04 GMT
cache-control: public, max-age=31536000
age: 304019
last-modified: Tue, 19 Apr 2022 19:05:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 11:11:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XahDptonFLoGKoy3ajhw+g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gplC/9y3lJsuFmVeBXF5UcZsv9A=
d1muf25xaso8hp.cloudfront.net/https%3A%2F%2Fs3.amazonaws.com%2Fappforest_uf%2Ff1662601467828x959135341878902800%2Findex.png?w=128&h=&auto=compress&dpr=1&fit=max
54.230.245.150200 OK 2.1 kB URL HTTP/2 d1muf25xaso8hp.cloudfront.net/https%3A%2F%2Fs3.amazonaws.com%2Fappforest_uf%2Ff1662601467828x959135341878902800%2Findex.png?w=128&h=&auto=compress&dpr=1&fit=max
IP 54.230.245.150:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash cdb3c3c22f3b5881a092af202ef64363
02308d0f1d2b6a4df06024518f84d86ba64cdd03
8fd6937b9ca879db227c651818fc422b1fbf041f22c98fb13e06b4feb00322f8
GET /https%3A%2F%2Fs3.amazonaws.com%2Fappforest_uf%2Ff1662601467828x959135341878902800%2Findex.png?w=128&h=&auto=compress&dpr=1&fit=max HTTP/1.1
Host: d1muf25xaso8hp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 2130
last-modified: Fri, 09 Sep 2022 01:53:34 GMT
cache-control: public, max-age=86400
server: imgix
x-imgix-id: 1046b9aafcd23a4b45b56f675f58c68dc065e0f6
x-imgix-render-farm: 01.592
date: Fri, 09 Sep 2022 06:43:13 GMT
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10037-SJC, cache-hhn4045-HHN
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6W6sN0jfWn4-pMeXIAHtU1rXnlYSx6gxeyYFmUQtpw7AJJ8xDCpNBw==
age: 33450
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.25.14200 OK 6.2 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (19015)
Hash 7b4114faa411d059a9a5ac4b5b4d9dee
277da4486916fa3a4ab3375f47bc98f58dbf90f6
60b3528de2f7d48cbb335d19dddef756aaacc70f73d4254a2ef17978a14ca0d9
GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 666289
expires: Wed, 30 Aug 2023 11:11:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hp0CHVAFsoTMmoTVe3kGCID6ZYzBLiQh0VoagXZo0Fs8DFWVjAJDbVPcla8oU3j5ieHnhGz8m4tyu1LXPW1pcAJ%2B453hggoL971qbkf77VdVnfDm4zyRhlANjGI4Chd5EHheQWJJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 747f7b245a83b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js
151.101.85.229200 OK 933 B URL HTTP/2 cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (1993)
Hash 2a05da4033d8d9b7de749d0d02f472ab
39b6fb0b84e100c26530f666c0642c42d0cd1465
3cfbc2b52e5e8eaf0b493050fc2515666b8efa035af845c29619c73abd56c304
GET /npm/jquery.session@1.0.0/jquery.session.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.0.0
x-jsd-version-type: version
etag: W/"91d-mUGbC+S4VCL/hIcOVNvYpS3G2rE"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 11:11:04 GMT
age: 291509
x-served-by: cache-fra19169-FRA, cache-bma1672-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 933
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.2.1.slim.min.js
69.16.175.42200 OK 24 kB URL HTTP/2 code.jquery.com/jquery-3.2.1.slim.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32012)
Hash 30f5157a965bc792a83e9bacfe265f03
8330886371fe27f3cbac509e0ac9712207574c66
4d12cab1f84ec2ac780bc8e0d865d9c61025be579c78d6532d76f0574d17fca0
GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:04 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1662721864.dop231.sk1.t,1662721864.cds201.sk1.hn,1662721864.cds235.sk1.c
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash a6f594759932264af2340f9ae19a66a1
224326f4ef83407864e2aeb5ae2bd6088aa3c257
c8f6c4d052dce1c5de84d0ab81d80f4e8e825271a2c1a7bc053ab5b750428a09
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 11:11:04 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "5D3AE70526FD0337861D04BCF32706DE9BF7C6C0"
Expires: Fri, 09 Sep 2022 21:00:00 GMT
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3018
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 747f7b24ba06b50b-OSL
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
142.250.74.74200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32065)
Hash 6d973c8b7e2439d958e09c0a1ab9fe50
05ae0830200c20b9a2dfd5a825adc400481a60fb
f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 21:06:53 GMT
expires: Thu, 07 Sep 2023 21:06:53 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 137051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Barlow:regular%7CBarlow:500%7CBarlow:600%7CBarlow:800
142.250.74.10200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Barlow:regular%7CBarlow:500%7CBarlow:600%7CBarlow:800
IP 142.250.74.10:0
Hash 2589ecc6b02b64799f9a6570e56a7152
282940a36f977e325bfa91674113173fd87df93c
2a07d3b7df6eb3bb5583ca11907166fc0c79f1f06d6937a7ca1562abc5d40cb7
GET /css?family=Barlow:regular%7CBarlow:500%7CBarlow:600%7CBarlow:800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 11:11:03 GMT
date: Fri, 09 Sep 2022 11:11:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cutt.ly/6QdoRKW
104.22.1.232302 Found 861 B IP 104.22.1.232:0
Hash 74f69057c5529fe7e2ab193e8d869ef2
4e347681d7189bad560bb06d3206531641968efa
7c2af339508869edc028e485af9bb732786e6ebd99bb9b4a28fb592cb0894381
Analyzer Verdict Alert fortinet Phishing
GET /6QdoRKW HTTP/1.1
Host: cutt.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: text/html; charset=UTF-8
location: https://cutt.ly/guard/6QdoRKW
set-cookie: PHPSESSID=cdndqahg26k3rhb1ea6lvhrahn; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b2448820b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8683
Expires: Fri, 09 Sep 2022 13:35:48 GMT
Date: Fri, 09 Sep 2022 11:11:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8683
Expires: Fri, 09 Sep 2022 13:35:48 GMT
Date: Fri, 09 Sep 2022 11:11:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5fdeb374d4e3669ce5d9ff2cd22cd19
70ede5692526afd351d134a391383461dafdc64f
10c5d8e41aae1a36525a45375966b5067333f0c7edc176a540fd6527ebe1ad8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4532
x-amzn-requestid: e5694699-7f38-4542-8808-54bda7ee7d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIMmGGUmIAMF2cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63198e26-1aa6788e24fcfdf0008bee21;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 06:39:34 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: smtzoqnzJiET63xsW_r_-eVNsTK01mGqRbvuwekbqjnzS6Sb1fw9HQ==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:54:58 GMT
etag: "70ede5692526afd351d134a391383461dafdc64f"
content-type: image/jpeg
age: 44167
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3f8aeb20a6543be83f3e422796c4dc70
4e4e127039dd8099c63c3bde198118d2874f7342
0f9fdd1b577e4719f88620bb451131bfb120790479b4feccb4222647fb3ea453
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7218
x-amzn-requestid: 4e9672b6-5415-4808-9508-22e8c42de448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_QzHffIAMFYTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6318459e-743b975a2770e2a90c616d87;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:17:50 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: RWXxavA41fuv9fahIKxt-zxwqiRlW7CDdZvbLl-JLTG-TV3xQlEovA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:51 GMT
age: 48314
etag: "4e4e127039dd8099c63c3bde198118d2874f7342"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0078c7a407144a1ede33aef6f734eecf
113393e0dbabb3aff949d19ab6517ba1082b622d
42afcaf15e45dfa9aff14f59f69d60a3de127005e35783d2d35a4cfa652b57b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3125
x-amzn-requestid: 5820e798-6469-40f9-8d70-ee71f1a163b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLM5GGQAoAMF8eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ac1d3-3a0e9db848ea7ab145f1cffa;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 04:32:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eZaKpjBYe3Qn7vs3zF52Cxob-xu3LMFs8esQAu6Lp6bzM0aOEHoXVg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 04:32:54 GMT
etag: "113393e0dbabb3aff949d19ab6517ba1082b622d"
content-type: image/jpeg
age: 23891
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cutt.ly/6QdoajC
104.22.1.232302 Found 7.5 kB IP 104.22.1.232:0
Hash 59945eb74f5413d5f2f84ed11d964fb4
0607d405c8c486e6b40c040dbad615929deb574d
38fa7c52831dddd9acee0ec51047947e888d8d4e1ade4a357a5cc9eac7199d4c
Analyzer Verdict Alert fortinet Phishing
GET /6QdoajC HTTP/1.1
Host: cutt.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: text/html; charset=UTF-8
location: https://cutt.ly/guard/6QdoajC
set-cookie: PHPSESSID=atcus89jg9epv3ficcscn0n9uc; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b2418480b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/img/bg-image.jpg
104.19.217.48404 Not Found 11 kB URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/img/bg-image.jpg
IP 104.19.217.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9c377481c271329055fedc4852985597
ef1cc5bf8225cc714f4337acb41afa0a258f7bd0
d03631c8275f3f09396bd873f8121762f650c60dc17d06bc3b3a41320b93da8f
GET /img/bg-image.jpg HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: text/html
x-powered-by: Express
referrer-policy: origin
x-frame-options: DENY
content-security-policy: frame-ancestors 'none';
cache-control: no-store
x-bubble-perf: {"total":192.5,"percents":{"top":{"bubble_cpu":13.6,"block":70.5,"capacity_rl":0,"other_pause":0,"pre_fiber":15.9},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":32.4,"appserver_cache_misses_time":0,"redis":66.7,"fiber_queue":34.9,"capacity_wait":0}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"derived_cache_attempts":13,"derived_cache_memory_misses":13,"serverjson":22,"appserver_cache_attempts":2,"appserver_mem_cache_hits":0,"appserver_cache_hits":2,"appserver_cache_misses":0,"redis":45,"fiber_queue":38,"blocks":37},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":3919953,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.06 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 747f7b240fbafabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/user/m
104.19.217.48200 OK 4.0 kB URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/user/m
IP 104.19.217.48:0
File type ASCII text, with no line terminators
Hash e2283178e77d5132c7b889a614757ee4
8291b9375be7bef954470b2e1d255b5a05afe3e6
dc822a845ba48ded395dcb01690b7b71a7920e6226b543d8b221b71598bf4c26
Analyzer Verdict Alert fortinet Malware
POST /user/m HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Content-Type: application/json
cache-control: no-cache
X-Bubble-Breaking-Revision: 5
X-Bubble-R: https://secure-account-mail-login-inbox.bubbleapps.io/
X-Bubble-PL: 1662721855682x135
X-Bubble-Fiber-ID: 1662721855693x330898126272938900
X-Bubble-UTM-Data: {}
X-Requested-With: XMLHttpRequest
Content-Length: 533
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: application/json
x-powered-by: Express
cache-control: no-cache
x-bubble-appname: secure-account-mail-login-inbox
x-bubble-request-took: 15
x-bubble-perf: {"total":14.9,"percents":{"top":{"bubble_cpu":24.7,"block":70.5,"capacity_rl":0,"other_pause":0,"pre_fiber":4.9},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":0,"appserver_cache_misses_time":0,"redis":50.2,"fiber_queue":15.6,"capacity_wait":6.9}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"serverjson":0,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":7,"fiber_queue":8,"blocks":7},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":553698,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.009 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b241fcffabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 1e96dfc002d159824bef1500ed429c74
dcee4e728b602ac201e5520f0a8f557d2733e0b4
4903e017d480866eab65b1ce8db22840ca0165fa472312633809f60c4a07c446
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 11:11:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 19:38:40 GMT
Expires: Thu, 15 Sep 2022 19:38:39 GMT
Etag: "dcee4e728b602ac201e5520f0a8f557d2733e0b4"
Cache-Control: max-age=548253,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 747f7b2639feb4fd-OSL
notify.bubble.is/
52.35.44.78101 Switching Protocols 0 B IP 52.35.44.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: notify.bubble.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bkCOXWVuYtngneDdSy4AxA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: 1CJLlIh5rALLqvN2K9rW6a+/TsM=
secure-account-mail-login-inbox.bubbleapps.io/user/apm
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/user/apm
IP 104.19.217.48:0
Analyzer Verdict Alert fortinet Malware
POST /user/apm HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Content-Type: application/json
cache-control: no-cache
X-Bubble-Breaking-Revision: 5
X-Bubble-R: https://secure-account-mail-login-inbox.bubbleapps.io/
X-Bubble-PL: 1662721855682x135
X-Bubble-Fiber-ID: 1662721857607x977452187131859100
X-Bubble-UTM-Data: {}
X-Requested-With: XMLHttpRequest
Content-Length: 1555
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550; __session:0.3337317235159689:=https:
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:06 GMT
content-type: application/json
x-powered-by: Express
cache-control: no-cache
x-bubble-appname: secure-account-mail-login-inbox
x-bubble-request-took: 19
x-bubble-perf: {"total":18.5,"percents":{"top":{"bubble_cpu":16.5,"block":78.8,"capacity_rl":0,"other_pause":0,"pre_fiber":4.3},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":0,"appserver_cache_misses_time":0,"redis":26,"fiber_queue":5.5,"capacity_wait":31.9}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"serverjson":0,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":6,"fiber_queue":7,"blocks":6},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":458562,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.007 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b3009aafabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
cutt.ly/AQdoI4e%22
104.22.1.232404 Not Found 0 B IP 104.22.1.232:0
GET /AQdoI4e%22 HTTP/1.1
Host: cutt.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=mo6lujlgop9lpcj4rdrgi2mo49; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b2438650b51-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/package/static_js/64cda5fa6c8ab9739e6fc4117e82a27e80964c60561cdc56a6b6232f261e7c59/secure-account-mail-login-inbox/live/index/xnull/xfalse/xfalse/xfalse/static.js
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/package/static_js/64cda5fa6c8ab9739e6fc4117e82a27e80964c60561cdc56a6b6232f261e7c59/secure-account-mail-login-inbox/live/index/xnull/xfalse/xfalse/xfalse/static.js
IP 104.19.217.48:0
Analyzer Verdict Alert fortinet Malware
GET /package/static_js/64cda5fa6c8ab9739e6fc4117e82a27e80964c60561cdc56a6b6232f261e7c59/secure-account-mail-login-inbox/live/index/xnull/xfalse/xfalse/xfalse/static.js HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:03 GMT
content-type: application/javascript
x-powered-by: Express
cache-control: public, max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-perf: {"total":38.5,"percents":{"top":{"bubble_cpu":24.2,"block":74.9,"capacity_rl":0,"other_pause":0,"pre_fiber":1},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":22.3,"appserver_cache_misses_time":0,"redis":79.3,"fiber_queue":8.3,"capacity_wait":2.9}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"derived_cache_attempts":8,"derived_cache_memory_misses":8,"serverjson":13,"appserver_cache_attempts":2,"appserver_mem_cache_hits":0,"appserver_cache_hits":2,"appserver_cache_misses":0,"redis":28,"fiber_queue":27,"blocks":26},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":1400262,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.022 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
cf-cache-status: HIT
age: 90597
server: cloudflare
cf-ray: 747f7b1e2ae4fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/user/hi
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/user/hi
IP 104.19.217.48:0
Analyzer Verdict Alert fortinet Malware
POST /user/hi HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Content-Type: application/json
cache-control: no-cache
X-Bubble-Breaking-Revision: 5
X-Bubble-R: https://secure-account-mail-login-inbox.bubbleapps.io/
X-Bubble-PL: 1662721855682x135
X-Bubble-Epoch-ID: 1662721855622x353710180604750900
X-Bubble-Epoch-Name: Epoch: Runmode page fully loaded
X-Bubble-Fiber-ID: 1662721855682x310982621953184060
X-Bubble-UTM-Data: {}
X-Requested-With: XMLHttpRequest
Content-Length: 2
Origin: https://secure-account-mail-login-inbox.bubbleapps.io
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: application/json
x-powered-by: Express
set-cookie: secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550; path=/; secure
cache-control: no-cache
x-bubble-appname: secure-account-mail-login-inbox
x-bubble-request-took: 15
x-bubble-perf: {"total":14.7,"percents":{"top":{"bubble_cpu":26.2,"block":69.6,"capacity_rl":0,"other_pause":0,"pre_fiber":3.7},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":31.3,"appserver_cache_misses_time":0,"redis":49.6,"fiber_queue":15.7,"capacity_wait":6.2}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"serverjson":2,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":9,"fiber_queue":10,"blocks":9},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":576929,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.009 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b240fc0fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/
IP 104.19.217.48:0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:03 GMT
content-type: text/html
x-powered-by: Express
referrer-policy: origin
x-frame-options: DENY
content-security-policy: frame-ancestors 'none';
cache-control: no-store
x-bubble-perf: {"total":77.4,"percents":{"top":{"bubble_cpu":44,"block":55.5,"capacity_rl":0,"other_pause":0,"pre_fiber":0.4},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":32.6,"appserver_cache_misses_time":0,"redis":61.8,"fiber_queue":5.4,"capacity_wait":1.1}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"derived_cache_attempts":14,"derived_cache_memory_misses":14,"serverjson":29,"appserver_cache_attempts":2,"appserver_mem_cache_hits":0,"appserver_cache_hits":2,"appserver_cache_misses":0,"redis":56,"fiber_queue":51,"blocks":50},"misc":{"userdb_results":1,"userdb_data":206,"spent_time":5106923,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.079 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
vary: Accept-Encoding
set-cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; path=/; expires=Mon, 12 Sep 2022 11:11:03 GMT; secure; httponly
secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; path=/; expires=Mon, 12 Sep 2022 11:11:03 GMT; secure; httponly
secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550; path=/; secure
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b1b7ff7fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 601, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 2021-04-23 06:38:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 13251c3df5248784fca36d69c81e4532
cdn-cache: HIT
cf-cache-status: HIT
age: 10832168
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 747f7b23fa95b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 5765712
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 747f7b240aa5b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cutt.ly/guard/8QdoznG
104.22.1.232410 Gone 0 B IP 104.22.1.232:0
Analyzer Verdict Alert fortinet Phishing
GET /guard/8QdoznG HTTP/1.1
Host: cutt.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 410 Gone
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=h96jgt0ekt4c59ffr5tgbc8tkb; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b2498e80b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cutt.ly/guard/6QdoajC
104.22.1.232410 Gone 0 B IP 104.22.1.232:0
Analyzer Verdict Alert fortinet Phishing
GET /guard/6QdoajC HTTP/1.1
Host: cutt.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 410 Gone
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=1am1ep3g7oqbcu9qbfbutmdog5; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b24a8f90b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/package/run_css/844951fcfabba403f8bbe22878196de006f3362de64edf96ed6b74e8d637e819/secure-account-mail-login-inbox/live/index/xfalse/xfalse/run.css
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/package/run_css/844951fcfabba403f8bbe22878196de006f3362de64edf96ed6b74e8d637e819/secure-account-mail-login-inbox/live/index/xfalse/xfalse/run.css
IP 104.19.217.48:0
GET /package/run_css/844951fcfabba403f8bbe22878196de006f3362de64edf96ed6b74e8d637e819/secure-account-mail-login-inbox/live/index/xfalse/xfalse/run.css HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:03 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=52829
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-capacity-limit: 0 ms slower
x-bubble-capacity-used: 0.018 unit-seconds used
x-bubble-perf: {"total":23.6,"percents":{"top":{"bubble_cpu":32.3,"block":62.4,"capacity_rl":0,"other_pause":0,"pre_fiber":2},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":21.8,"appserver_cache_misses_time":0,"redis":76,"fiber_queue":10,"capacity_wait":3.1}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"derived_cache_attempts":2,"derived_cache_memory_misses":2,"serverjson":11,"appserver_cache_attempts":1,"appserver_mem_cache_hits":0,"appserver_cache_hits":1,"appserver_cache_misses":0,"redis":20,"fiber_queue":17,"blocks":16},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":1142285,"derived_build_time_spent":0}}
x-powered-by: Express
cf-cache-status: HIT
age: 103672
server: cloudflare
cf-ray: 747f7b1e2ae1fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/api/1.1/init/data?location=https%3A%2F%2Fsecure-account-mail-login-inbox.bubbleapps.io%2F
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/api/1.1/init/data?location=https%3A%2F%2Fsecure-account-mail-login-inbox.bubbleapps.io%2F
IP 104.19.217.48:0
Analyzer Verdict Alert fortinet Malware
GET /api/1.1/init/data?location=https%3A%2F%2Fsecure-account-mail-login-inbox.bubbleapps.io%2F HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:03 GMT
x-powered-by: Express
x-bubble-perf: {"total":18.2,"percents":{"top":{"bubble_cpu":30.2,"block":63,"capacity_rl":0,"other_pause":0,"pre_fiber":2.9},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":14.2,"appserver_cache_misses_time":0,"redis":46.4,"fiber_queue":13.2,"capacity_wait":5.2}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"derived_cache_attempts":1,"derived_cache_memory_misses":1,"serverjson":2,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":11,"fiber_queue":12,"blocks":11},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":825697,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.013 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 747f7b1e5b12fabc-OSL
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/package/run_js/e33e9c373bbfcc906d65694bc4a639f146c9e66d8274596e7d32057394ef675d/xfalse/x17/run.js
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/package/run_js/e33e9c373bbfcc906d65694bc4a639f146c9e66d8274596e7d32057394ef675d/xfalse/x17/run.js
IP 104.19.217.48:0
Analyzer Verdict Alert fortinet Malware
GET /package/run_js/e33e9c373bbfcc906d65694bc4a639f146c9e66d8274596e7d32057394ef675d/xfalse/x17/run.js HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:03 GMT
content-type: application/javascript
x-powered-by: Express
cache-control: public, max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-perf: {"total":28.6,"percents":{"top":{"bubble_cpu":20,"block":76,"capacity_rl":0,"other_pause":0,"pre_fiber":1.8},"sub":{"pp_userdb":3.5,"pp_wait_userdb":0,"http_request":0,"serverjson":8.3,"appserver_cache_misses_time":0,"redis":43.5,"fiber_queue":10.6,"capacity_wait":14.1}},"counts":{"pp_userdb":1,"http_request":0,"derived_build":0,"derived_cache_attempts":1,"derived_cache_memory_misses":1,"serverjson":2,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":16,"fiber_queue":18,"blocks":17},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":5857036,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.09 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
cf-cache-status: MISS
server: cloudflare
cf-ray: 747f7b1e2ae3fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:04 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 08/04/2021 00:04:37
cdn-edgestorageid: 601
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-proxyver: 1.0
cdn-status: 200
cdn-requestid: 1a094ec5f566140ad8ed25d8ea736316
cdn-cache: HIT
cf-cache-status: HIT
age: 5765611
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 747f7b240ab4b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure-account-mail-login-inbox.bubbleapps.io/package/early_js/c5bcb2b703c12cc31e5a643f3beafacd0fd83738d617fb5a9a2b524326bd2d5b/xfalse/early.js
104.19.217.48200 OK 0 B URL HTTP/2 secure-account-mail-login-inbox.bubbleapps.io/package/early_js/c5bcb2b703c12cc31e5a643f3beafacd0fd83738d617fb5a9a2b524326bd2d5b/xfalse/early.js
IP 104.19.217.48:0
Analyzer Verdict Alert fortinet Malware
GET /package/early_js/c5bcb2b703c12cc31e5a643f3beafacd0fd83738d617fb5a9a2b524326bd2d5b/xfalse/early.js HTTP/1.1
Host: secure-account-mail-login-inbox.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure-account-mail-login-inbox.bubbleapps.io/
Connection: keep-alive
Cookie: secure-account-mail-login-inbox_live_u2main=1662721863097x826013054350101000; secure-account-mail-login-inbox_live_u2main.sig=1cXfErfIicgMZeFbdc0JQDiuFpo; secure-account-mail-login-inbox_u1main=1662721863083x508280461806527550
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 11:11:03 GMT
content-type: application/javascript
x-powered-by: Express
cache-control: public, max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-perf: {"total":16.3,"percents":{"top":{"bubble_cpu":23.1,"block":70.1,"capacity_rl":0,"other_pause":0,"pre_fiber":2.6},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":0,"appserver_cache_misses_time":0,"redis":39.1,"fiber_queue":12.1,"capacity_wait":18}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"serverjson":0,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":7,"fiber_queue":10,"blocks":9},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":565259,"derived_build_time_spent":0}}
x-bubble-capacity-used: 0.009 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
cf-cache-status: HIT
age: 90597
server: cloudflare
cf-ray: 747f7b1e2adbfabc-OSL
content-encoding: br
X-Firefox-Spdy: h2