login.bleucrm.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.ajbef.net/btrtbt.html
Effective URL:
https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
Submission: On August 22 via api (August 22nd 2023, 2:41:41 pm UTC) from US — Scanned from FR

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is login.bleucrm.com.
TLS certificate: Issued by E1 on July 18th 2023. Valid for: 3 months.

This is the only time login.bleucrm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BT (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1	109.234.162.130 109.234.162.130	50474 (O2SWITCH) (O2SWITCH)
18	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	3

1 109.234.162.130 (Sainte-Geneviève-des-Bois, France)

ASN50474 (O2SWITCH, FR)
PTR: 109-234-162-130.reverse.odns.fr

www.ajbef.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

login.bleucrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	bleucrm.com login.bleucrm.com	222 KB
1	ajbef.net www.ajbef.net	238 B
19	2

	Domain	Requested by
18	login.bleucrm.com	login.bleucrm.com
1	www.ajbef.net
19	2

This site contains no links.

Subject Issuer	Validity	Valid
ajbef.net R3	`2023-08-18` - `2023-11-16`	3 months	crt.sh
bleucrm.com E1	`2023-07-18` - `2023-10-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
Frame ID: E2E140AEECCA6AE0F9FD2CC67302F9EE
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login Page

Page URL History Show full URLs

https://www.ajbef.net/btrtbt.html Page URL
https://login.bleucrm.com/btinternet2/nxx/ Page URL
https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOm... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

264 kB
Transfer

590 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.ajbef.net/btrtbt.html Page URL
https://login.bleucrm.com/btinternet2/nxx/ Page URL
https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 btrtbt.html Show response
www.ajbef.net/ 106 B
238 B 222ms
33ms Document
text/html 109.234.162.130
O2SWITCH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ajbef.net/btrtbt.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 109.234.162.130 Sainte-Geneviève-des-Bois, France, ASN50474 (O2SWITCH, FR),
Reverse DNS: 109-234-162-130.reverse.odns.fr
Software: o2switch-PowerBoost-v3 /
Resource Hash: fe496c7e3bf12df3c91e59fe0c367cf2c27ef3b9d3bd0025730789f95f4a1460

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
content-length: 106
content-type: text/html
date: Tue, 22 Aug 2023 14:41:35 GMT
last-modified: Tue, 22 Aug 2023 13:46:26 GMT
server: o2switch-PowerBoost-v3

GET
H2 200 / Show response
login.bleucrm.com/btinternet2/nxx/ 135 B
782 B 593ms
515ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1087b7574ea7cdf83a44267599f5151be755c68b45119f0106ed441c6d3c9f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ajbef.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7fabe0b12acf3cff-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 22 Aug 2023 14:41:37 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNeYzE74uoGusrjt%2BdvzvyOTwJAa3McTodYcvLi8uoSLcxN2sXO6snbQn3ufCSrX1YFe3gr2jIHzSLHWPsfjW8%2BgwgYdgmgBuxnARDibsgSPkxL3EcyzFCmN5UE23DWc%2F4DIwuAt5AX6hgvLHBelSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubdomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 Primary Request lognfrward.php Show response
login.bleucrm.com/btinternet2/nxx/ 18 KB
5 KB 610ms
609ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64ad63da56637f4e952fc2d1ef0140a0050e85b4b32602a2016e94713fd09e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.bleucrm.com/btinternet2/nxx/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7fabe0b4ad9a3cff-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 22 Aug 2023 14:41:38 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bc0n%2FvfHrh7DUPwmDsTkXnynfLN46YWw4A9fTP1XocCk2nUMGLrijL7pO9FgLxh7FX4Oj7aN%2FdeiEBdqT2f0PoKDAxK93juBA7f%2FL5bH9y3HYZwFl2DsK60M2XJhF%2BX9b4ddxNSX%2BjGfZjg4W0uvvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubdomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 override.css
login.bleucrm.com/btinternet2/nxx/west/in/ 6 KB
3 KB 29ms
28ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/override.css

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c1882f7997fa8bf6263bab77bd1728793115367d85c12d5bca6ae2a26849f67

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: W/"64e4af48-18db"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kdVyZCFzbprwhdRXMFdo9s7n5FdetNySTrco26BgnhHqHDFFki9rvaPt34W7U0%2FGs2RyhYdjP%2BGCL56OJjuyakBFQZaBEX7%2FHbNNsGZ2Rux56fEKKUpndK5c0iov%2BeRng%2BZJWGLPqJKukgos7hqz1w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7fabe0b89fab22ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 common-reset.css
login.bleucrm.com/btinternet2/nxx/west/in/ 64 KB
35 KB 31ms
30ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/common-reset.css

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b294fc801bbb5d0701baa9d993026b56b3104f29c9a9fb28708d769c9e7ae1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: W/"64e4af48-1012f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dn7Tm8PZQq0h8ccnRq6%2BgxLYklEBIlsc5oZh8a5Y2ZYo%2Bi4rILTfP%2Fo6s0f9rHaf2X80U0OBUoiD4VXKblwrb1S5zyxQcqZWdfmKSHlTyllOFfQMPzSElI8sIMnbtIU9uAMkKY10OJkbifc0fvlM1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7fabe0b89fad22ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 common.css
login.bleucrm.com/btinternet2/nxx/west/in/ 179 KB
34 KB 67ms
66ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/common.css

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e34830f7aea8479d5e9d353ba27f32e249b01d562bf617051ff7a3e968c24ca7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: W/"64e4af48-2ca51"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MsmM2G6rBhhxu063bf2RsOEMAY6LpEx64dyDBMXIynpHOJG4p%2BTCmYVk7DF%2Fj9tYq3T9jlNSw%2BPK3Q01OP6JOexxAMmRMKertocAKgiqVuYvuXCiP1oMuSIcqSBab8IHQCxVDoVJt92DFmMMJBpZg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7fabe0b89fae22ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bts-common.css
login.bleucrm.com/btinternet2/nxx/west/in/ 88 KB
12 KB 69ms
67ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/bts-common.css

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dca0cc5454f25ae7dbc17261f1ea34785ec26bab59bc79a04c9e17596d26d771

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: W/"64e4af48-1610f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhvlrA6P%2FNAThMSCL08z0W2ZmW%2F3CnkWTQ4DkT72eNj4UnlNH0qU2x0vdgLsAWkDR2jf0SFqky7QEyr20ykn1xmf3KhHoExSrUkzATJAf2NnEaiGZe%2FZScOSEeH1jPPNpRVbrwOH4enM8ZySo%2FBSFw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7fabe0b89fb122ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 responsive-footer.css
login.bleucrm.com/btinternet2/nxx/west/in/ 8 KB
2 KB 29ms
28ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/responsive-footer.css

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

075395b59521271a9edee1ed8c731c41eb9a1a2ded816f8a4de87a759a8dc813

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: W/"64e4af48-1e7a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CUkbO0WzVyjJPmunOHlo8etLFH%2Fskg2%2FI1HmHd9F8WERFRDa55%2Bql0z6rNEOnYwtuG75QTCbmddqX9sYIygB3PtThO48lyryXblsSHGk2LVbI%2BmIcV3PbPe%2BZb%2BSjkzgV%2BIg0LvlWcE1PwMKu02gDw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7fabe0b89fb522ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cookies.css
login.bleucrm.com/btinternet2/nxx/west/in/ 99 KB
40 KB 86ms
84ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/cookies.css

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

32ea58d9cd77632cb82a83afb29aa53c9aaabe82cc16f42623385c2a6048014e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: W/"64e4af48-18b32"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hq%2FQIlfPzjiGsXvGESNFEEaKPbRMpo6v8DiqWEE4TFW5%2BG91IWuq0e6bVAu3D5eqrF%2BLfBB7sgtLssxW49J4Ar5zXu9l59ooJcoyKlSckqqGP%2FcvWDxWMHJ7EcjHscv%2B8%2FyGw%2FDaSyOD%2BWVrCCiq9w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7fabe0b89fb722ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bt-login-logo-136423637730102601-171211194315.png
login.bleucrm.com/btinternet2/nxx/west/in/ 4 KB
4 KB 78ms
77ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/bt-login-logo-136423637730102601-171211194315.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beb93ab36466dd7d5c025abd825efdf485f511ceb10ea13fd89d8293fd33dd7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400
content-length: 3940
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: "64e4af48-f64"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMjxwOPcXzlE5y8tDRONftU4m1%2BYpoVOo3UqIfAHcnMuMODeJVMp5X1RpUtEH21V2c8yp8sd4a71Cfvu2Y2uuj8IrnrgTH0NXsaLNwlIjmk0a%2FksohT8CNuVCf5CxN3U7CrRFRJqQUqlCPpD5U0V6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b8afc222ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 BT_mark_4col_rev_105x50.png
login.bleucrm.com/btinternet2/nxx/west/in/ 4 KB
4 KB 78ms
78ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/in/BT_mark_4col_rev_105x50.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be6f4025d24e0622e1defef4a43ce3c952e335762a80934efc30eee146235d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/lognfrward.php?redirectURL=personal-Confirm&process_ID=brnOmWCMhdAKotJTDKBsrMsPDkHn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400
content-length: 4025
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: "64e4af48-fb9"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c35YPQR4DaqPJOeCV4eGzv6SLMDi6zMHsDVQadw7ILKkvEPjx9ZL0ewL9svB59y5xDeQbzdVD47BgfWSKVKn2L6NqHY%2FkIc3v7mpoocrPrtQhJQKt8Td88EwWCZRJdU%2B6l3RQDdBLBUH%2B9Yok5wfDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b8afc422ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bg_graybutton.png
login.bleucrm.com/btinternet2/nxx/west/deep/ 1 KB
2 KB 27ms
26ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/bg_graybutton.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64bedd57e310d3b3fe9958f126eb0f9f41dda092421a363b26ea4bb49c648a90

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
alt-svc: h3=":443"; ma=86400
content-length: 1051
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:18 GMT
server: cloudflare
etag: "64e4af46-41b"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRoKNlxG0wZzpLwOZ4lxL6dkjc4%2BzZX%2FqAAlXPQgXpToA9ceDYKwe2ptZi6hg0FKUP2nqMinDCrJxoinYWmpfVnlbYKBZbdY5rV24D3K8aV%2FG4nvKqrNZa%2BQoS%2BHRkVUsX7YuV47OwZcYfCOby5I%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b9386c22ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 42 KB
42 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b08992554ee957c4fa7e6f2a2a743bf222c14e3b641dbd36cb7a8998741a55d

Request headers

Referer
Origin: https://login.bleucrm.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type: font/truetype;charset=utf-8

GET
H3 200 logintextboxbg.png
login.bleucrm.com/btinternet2/nxx/west/deep/ 966 B
1 KB 27ms
26ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/logintextboxbg.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
alt-svc: h3=":443"; ma=86400
content-length: 966
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: "64e4af48-3c6"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rSjWVGPQIbrX6BoaM4t6HtmjHG%2F6pA8MawWQJ00EAlDyYxlsJV%2BtbCeDETG8FOShs0Tls2WR0KzZg6i6HDa%2BmKN6B5WSXOgrj4pJW9UCoU35aIG1%2Bsxu9%2FIBveA4VHVoSyZwT8Nz3VvClMS3wastQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b9588722ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 icons-sprite-8bit.png
login.bleucrm.com/btinternet2/nxx/west/deep/ 5 KB
6 KB 28ms
27ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/icons-sprite-8bit.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c15da6e07c5e0c79941d5f3e5e5839e1b1d87d3f03badceb337e88bbe78609f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
alt-svc: h3=":443"; ma=86400
content-length: 5100
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: "64e4af48-13ec"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=993jDzLzC7PsQE3EgccaAgaVNSf3dERUB90pTYD6RqJpdHtIFrc91%2FX9Cw77YqqJXVHqq%2FIzO1Xcffgm3coNrgS6AyRJFCkSI7%2FlMlbMiu6CHr7VIc%2FlYbhAD8hrmVU5fbHV9akHmSv0bKBYuTLJbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b9588a22ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 LoginButtonBg.png
login.bleucrm.com/btinternet2/nxx/west/deep/ 211 B
754 B 28ms
28ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/LoginButtonBg.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7583bdd341399e600785dab65ac725a95dced3b0054ed8ca9b8d69fbde04def8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
alt-svc: h3=":443"; ma=86400
content-length: 211
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: "64e4af48-d3"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQD2IW7IfxFptsU2BfEpztjXX4Z1nLiyF4RwhpwTCciSGFm2GCUXTcrXvIIMhPJm7jVa%2F%2Bo9ss8Z3un0oPgYHVETjzK8pwr%2FdDV4Qn%2FqY6CRKbkfF8OXNQLobSVlgLqpk3EfViYMrrR03B1oVg2oxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b9588b22ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 login-back.png
login.bleucrm.com/btinternet2/nxx/west/deep/ 279 B
823 B 28ms
28ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/login-back.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/common.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
alt-svc: h3=":443"; ma=86400
content-length: 279
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: "64e4af48-117"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwffhxYvXpT514rbMX3%2Bhi%2Fh6NJda7eQ8otPSJ74xjgeJw0i2wAqC0b8e2fGpZA%2BOxzF7S9uUfdbwndn%2FPTfjlmiBz5KGtv7cLM9uRwzW%2B8B3baqbibYUy8blPCXjLENnnuFPJ2HSr6cIwATYFvglQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b9588e22ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 css_sprite.png
login.bleucrm.com/btinternet2/nxx/west/deep/ 5 KB
5 KB 41ms
41ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/css_sprite.png

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/cookies.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20f7cca94611e545cc8ba171b49b578f519c3ebd00132eaa0a3870d3711f5f76

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/cookies.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400
content-length: 4781
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: "64e4af48-12ad"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4zTkLNSs2R9yLJq80R03foGnyJvqz3cGj2PhxFz5sfoZIghBs%2Bcb4qbAwz%2BrEaDTY0IVjAdcMAxd6Jai8X5PP8vfTbn%2BHXyjkun9A8KlKsfKeukMkuQZmXe2xNdJkgYYFJ26%2F9E2vAcIIk497vpgQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fabe0b9589122ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 BTFont_Rg.woff
login.bleucrm.com/btinternet2/nxx/west/deep/ 58 KB
58 KB 28ms
27ms Font
application/font-woff 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/BTFont_Rg.woff

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/responsive-footer.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef203c78f49eb32821e0c6ce993bb2d35a0c58fe770fe5ccbcfe5585a01e2ba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/responsive-footer.css
Origin: https://login.bleucrm.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:19 GMT
server: cloudflare
etag: W/"64e4af47-e6d4"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRdqkm8PIuYrJMb8%2BZRhoVhrjAraNxWUMMCZNMjotuQpaYbpUmn9ldeYEsi670MX9NKu0S%2BrZddPh1V9TVT6JqtTjhTSuQ0eeG8cTGc%2F9p5J%2FxRNq9lN%2B5NzBbFLjt4QF8kJ7PGhPWkof5imY%2F60iA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
vary: Accept-Encoding
cache-control: max-age=315360000
cf-ray: 7fabe0b9589222ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bttvicons.woff
login.bleucrm.com/btinternet2/nxx/west/deep/ 8 KB
9 KB 57ms
56ms Font
application/font-woff 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.bleucrm.com/btinternet2/nxx/west/deep/bttvicons.woff

Requested by

Host: login.bleucrm.com
URL: https://login.bleucrm.com/btinternet2/nxx/west/in/responsive-footer.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c471c762b4eb8ce3aac5aec2b1aac9bf9e8ccb8d2fe84d74c940e9ad2c5bc168

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.bleucrm.com/btinternet2/nxx/west/in/responsive-footer.css
Origin: https://login.bleucrm.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 22 Aug 2023 14:41:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 918
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 12:51:20 GMT
server: cloudflare
etag: W/"64e4af48-20a4"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=miT2be4P3nWBy7PY%2FZIEQNC4IMXSct28fRZLsO%2FOKjH5ByxEt5W8Ta4o5%2F5Isz%2BI%2FoRNwU3KO2twCkbarMC0v22JgkaCBLSectS5eCucerF3p24OUTbgS1nZptfiFdw7Z82Yf1V9TAKg40RY1iSOVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
vary: Accept-Encoding
cache-control: max-age=315360000
cf-ray: 7fabe0b9589322ac-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BT (Telecommunication)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| wCKtMyhjqM function| showP

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login.bleucrm.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d241c641f876a41ca9bca0b8d7ba706c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.bleucrm.com
www.ajbef.net
109.234.162.130
2a06:98c1:3121::3
075395b59521271a9edee1ed8c731c41eb9a1a2ded816f8a4de87a759a8dc813
1c1882f7997fa8bf6263bab77bd1728793115367d85c12d5bca6ae2a26849f67
20f7cca94611e545cc8ba171b49b578f519c3ebd00132eaa0a3870d3711f5f76
2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f
32ea58d9cd77632cb82a83afb29aa53c9aaabe82cc16f42623385c2a6048014e
3b08992554ee957c4fa7e6f2a2a743bf222c14e3b641dbd36cb7a8998741a55d
5b294fc801bbb5d0701baa9d993026b56b3104f29c9a9fb28708d769c9e7ae1e
64ad63da56637f4e952fc2d1ef0140a0050e85b4b32602a2016e94713fd09e57
64bedd57e310d3b3fe9958f126eb0f9f41dda092421a363b26ea4bb49c648a90
6c15da6e07c5e0c79941d5f3e5e5839e1b1d87d3f03badceb337e88bbe78609f
6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac
7583bdd341399e600785dab65ac725a95dced3b0054ed8ca9b8d69fbde04def8
be6f4025d24e0622e1defef4a43ce3c952e335762a80934efc30eee146235d30
beb93ab36466dd7d5c025abd825efdf485f511ceb10ea13fd89d8293fd33dd7e
c471c762b4eb8ce3aac5aec2b1aac9bf9e8ccb8d2fe84d74c940e9ad2c5bc168
dca0cc5454f25ae7dbc17261f1ea34785ec26bab59bc79a04c9e17596d26d771
e1087b7574ea7cdf83a44267599f5151be755c68b45119f0106ed441c6d3c9f8
e34830f7aea8479d5e9d353ba27f32e249b01d562bf617051ff7a3e968c24ca7
ef203c78f49eb32821e0c6ce993bb2d35a0c58fe770fe5ccbcfe5585a01e2ba4
fe496c7e3bf12df3c91e59fe0c367cf2c27ef3b9d3bd0025730789f95f4a1460

login.bleucrm.com Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

264 kBTransfer

590 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

login.bleucrm.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

264 kB
Transfer

590 kB
Size

1
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!