detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 25 Nov 2022 14:57:06 GMT
Age: 69790
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7848
Expires: Sat, 26 Nov 2022 12:31:04 GMT
Date: Sat, 26 Nov 2022 10:20:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d0e1bad8c0e8789c312d5020d839fff0
7ba27c4977c98ac9697df3891e3974c0f2f643c2
7a0e3c0ed7c9ce558e091f945f748b0ad14a4f32ff16ce66cd0ee20a493b6707
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7A0E3C0ED7C9CE558E091F945F748B0AD14A4F32FF16CE66CD0EE20A493B6707"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5027
Expires: Sat, 26 Nov 2022 11:44:03 GMT
Date: Sat, 26 Nov 2022 10:20:16 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 40 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 83a190c4988e3a8bb201691e23d39026
a53147b125979e5f3bb6624c5d1f05502dbf69a8
ba826a6d5a088644d1641f77eee4bdaa1e933b9024a32dc731c0590af520a9d6
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: l1STLSWqFF1CpMdZySSGlH2EVazuV1yCSnBdqKF4CCScj8OW-yDtnQ==
content-encoding: gzip
via: 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 10:07:18 GMT
age: 778
content-type: application/json
content-length: 39849
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10521
Expires: Sat, 26 Nov 2022 13:15:37 GMT
Date: Sat, 26 Nov 2022 10:20:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vpN8nkd6zBS85RcP9dyOeQWOGjiK05okF7Nw5kVL2WgASvFHUVe84YniPFA9FijVqcuye/AgRrA=
x-amz-request-id: HJ7N97A5JYGTFXJ2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 09:23:39 GMT
age: 3397
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 10:20:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6024
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:16 GMT
Last-Modified: Sat, 26 Nov 2022 08:39:52 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 10:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 63
alt-svc: clear
X-Firefox-Spdy: h2
www.cardealsnearyou.com/
8.38.122.197301 Moved Permanently 0 B IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 10:20:16 GMT
Server: Apache
X-B-Cache: BYPASS
X-Redirect-By: WordPress
Set-Cookie: stm_visitor_1=72201626; expires=Mon, 26-Dec-2022 10:20:16 GMT; Max-Age=2592000; path=/
Location: https://www.cardealsnearyou.com/
X-Signature: KUSANAGI
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 0
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 579c5055711abbbba8ff3b1e65e7052a
f4aae256ccf9a7de307d43c572d544ab182e62c8
67bbce66f27e9aa01790cb11b928a758694ee9789b3a62c6dd1c8ea8936c474e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2326
Cache-Control: max-age=116025
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:17 GMT
Etag: "63810184-1d7"
Expires: Sun, 27 Nov 2022 18:34:02 GMT
Last-Modified: Fri, 25 Nov 2022 17:55:16 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6077
Cache-Control: max-age=88071
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:17 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:48:08 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 10:08:54 GMT
cache-control: public,max-age=3600
age: 683
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
34.215.6.110200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 34.215.6.110:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Sat, 26 Nov 2022 10:20:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 645075ac8ec0810e23c9042664fed28d
48cff1ed4f72f6027665174d1681ba2a77905d69
3932c9a648deebb94a060cf4641b1f1753b82125a611aeb911320934187ed56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3932C9A648DEEBB94A060CF4641B1F1753B82125A611AEB911320934187ED56C"
Last-Modified: Thu, 24 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21499
Expires: Sat, 26 Nov 2022 16:18:36 GMT
Date: Sat, 26 Nov 2022 10:20:17 GMT
Connection: keep-alive
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 80zp7ryt0f2NJ4nOGWVXNA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ifhp+KIaNIfAAPVGQKlClRhDnPo=
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669431432522%22
34.102.187.140200 OK 22 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669431432522%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Hash ea03d5317b8603ecb3e688bccb4f2ebf
44561c5d52f29d99fb156f0c458076664c48e0d1
e1c36b08648f69f97433e0bf626d7fb667db060285ea239e8e729e607e83569c
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221669431432522%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Sat, 26 Nov 2022 10:02:06 GMT
cache-control: public,max-age=3600
age: 1091
last-modified: Sat, 26 Nov 2022 02:57:12 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22
34.102.187.140200 OK 6.6 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (6593), with no line terminators
Hash 173414a662e4d0d6c29b893819284fcc
e7823586afc7d40c1ffd732e3f0f98d22f9cb6b6
28a589a49cbca81692eb7cc6bb2725f5d56b11238143a58c97f33260a81eb750
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6593
via: 1.1 google
date: Sat, 26 Nov 2022 09:20:00 GMT
cache-control: public,max-age=3600
age: 3617
last-modified: Mon, 21 Nov 2022 18:37:18 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: HDPHtAJlA4vdCNN8Ix9U1B+Sn4cPHr5cYyI6o7fLRCCEDQDiFwgaXY+PJW3T/c0qoBmBmIvERbc=
x-amz-request-id: B5AY2N48T9X0GKGS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 09:41:09 GMT
age: 2348
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669390557029&_since=%221666483264567%22
34.102.187.140200 OK 51 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669390557029&_since=%221666483264567%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (51208), with no line terminators
Hash 21b6a1c29930dd71addd901f726cce7d
fb0e9b091e6f6f41bbf72a4857653745b9f7ddba
7f75908497bee301b1803d7ec5a6ca5301de05da4c89832be9ab6e4f5e4884df
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669390557029&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 51208
via: 1.1 google
date: Sat, 26 Nov 2022 09:32:44 GMT
cache-control: public,max-age=3600
age: 2854
last-modified: Fri, 25 Nov 2022 15:35:57 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22
34.102.187.140200 OK 27 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22
IP 34.102.187.140:0
File type ASCII text, with very long lines (27155), with no line terminators
Hash ac619cf3864a0cc124ef2d8917355b2c
e7deb60297e8951331382468d8ad9b1804e51139
5c5aad45a1d663bbb00d9021e9920bfa636f15fd04fbf35fd58bffc22ef865aa
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 27155
via: 1.1 google
date: Sat, 26 Nov 2022 10:16:49 GMT
cache-control: public,max-age=3600
age: 209
last-modified: Thu, 24 Nov 2022 18:46:35 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
34.102.187.140200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Hash 673c0c8594251318f6ddab69439200f0
dfdfdbaa6ea4d5e1f2b58917573fa74c84b73f96
26808cb3b91051a2e383451dad0b069836788756c6a97faba58fc23d11a88477
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Sat, 26 Nov 2022 09:51:03 GMT
cache-control: public,max-age=3600
age: 1755
last-modified: Mon, 31 Oct 2022 17:42:02 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22
34.102.187.140200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (1482), with no line terminators
Hash 151df207a4786253007ead8264c7a9fe
ef39481d3f610c25b27836fb375e24ac0f3c6b47
352e05fd634451861f76ed1790e01b4f9f8d8fe3993464263f846ada17eb343e
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1482
via: 1.1 google
date: Sat, 26 Nov 2022 09:35:40 GMT
cache-control: public,max-age=3600
age: 2678
last-modified: Wed, 16 Nov 2022 14:02:20 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 25 Nov 2022 14:57:06 GMT
Age: 69792
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 97a57655ba22116ba79436348704d85b
95ece8a2f2f3ffc4d3635a0afa553d0eb7640496
82c8c22d42455acc2412e8361534eb9847f1bb0a39bfccec106a2a665d12a89a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2657
Cache-Control: max-age=135393
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:18 GMT
Etag: "63814be2-117"
Expires: Sun, 27 Nov 2022 23:56:51 GMT
Last-Modified: Fri, 25 Nov 2022 23:12:34 GMT
Server: ECS (amb/6B7A)
X-Cache: HIT
Content-Length: 279
www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
8.38.122.197200 OK 972 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 8bf268dfcca7cb20719b7ea14373ef4a
58bd839bbf0e8cc082f0a488b538b4ec71bebd2e
eece4a14939273c7af07bce8bab3a6cfc2c9de44c0eea82cc886abac13cb3870
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 16:45:04 GMT
etag: "aab-5ebdea14c16e2-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 972
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/css/animations.css?ver=2.7.10
8.38.122.197200 OK 1.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/css/animations.css?ver=2.7.10
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 590881ddb2faca501eb64a1cae756d2a
095a054091ac2d12de37d460b54fac424f406fc1
e4ac349500702dcd738cde2fb9eb760d6d11d762e25997a39e3cb9db23ad40a3
GET /wp-content/plugins/dynamic-content-for-elementor/assets/css/animations.css?ver=2.7.10 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:02 GMT
etag: "3cfb-5e9dce38493fc-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1551
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0
8.38.122.197200 OK 1.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash bca8508ed19ce66d215162de0dcd5743
538112b87de9de0ca1b5b7e2d446a3244e2f523a
b080aba9c0cbdeb630352ebbce2c83a06783a09e4c34d54a0c8e73aa408582ef
GET /wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 16:53:57 GMT
etag: "18eb-5ebdec10e3351-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1333
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/css/dist/block-library/style.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/css/dist/block-library/style.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Jul 2022 13:21:17 GMT
etag: "15b64-5e3afa8f72a1e-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11681
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/owl.carousel.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 899 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/owl.carousel.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (3630), with no line terminators
Hash 0fd6cde7646e79e085a7bcd4e54454e1
6af9258308691fc18f233b3a716bab3d0ef49426
4ba6f1bcf100600b7f2e008c46cc8597916f14c8db378fa507f2daaa3560740d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/owl.carousel.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "e2e-5d9e1308340c7-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 899
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/lightgallery.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 3.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/lightgallery.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (20660), with no line terminators
Hash b8f5fb406b5dde0528079b1f2957f623
cd9e95a4c9121e714058ccd4b4bb20abfabc9080
d906fb4ec194f825b3a60ba2367400588fee92446204b49fdab907258b0e68c1
GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/lightgallery.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "50b4-5d9e130833cdf-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3790
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/grid.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 1.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/grid.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (540)
Hash 010ba361ace5fbb7d07bd66b3a48cf2a
c60c40f4e72c63363b68ba02a2a19b682041a10f
f3edb316d73bcd98551b4d90fb059d3ebf5307852a046a507915fb0d8a7a60b8
GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/grid.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "2b33-5d9e13083350f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1444
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/js?key=AIzaSyDr1xM6IU4fHaTYM8RxC9hoou0Ig_58ITc&libraries=places%2Cdrawing%2Cgeometry&language=en&ver=2.0.1
216.58.211.10200 OK 58 kB URL HTTP/2 maps.googleapis.com/maps/api/js?key=AIzaSyDr1xM6IU4fHaTYM8RxC9hoou0Ig_58ITc&libraries=places%2Cdrawing%2Cgeometry&language=en&ver=2.0.1
IP 216.58.211.10:0
File type ASCII text, with very long lines (2447)
Hash a28ea4bcfd13792205117343ae90830a
ef122c0c8e20112ec74e91d6c7c9415de4e6325c
daa53b949e15cbf2e9f02245c96ce035f0256ce80a9f18f89d3778dd41202e0d
GET /maps/api/js?key=AIzaSyDr1xM6IU4fHaTYM8RxC9hoou0Ig_58ITc&libraries=places%2Cdrawing%2Cgeometry&language=en&ver=2.0.1 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 58396
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=21
date: Sat, 26 Nov 2022 10:19:58 GMT
expires: Sat, 26 Nov 2022 10:49:58 GMT
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
age: 20
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/js?key=AIzaSyDRiOJcH5jlSFqsAFGOgkGLZ02XvQSMTHo&libraries=places&sensor=false&language=en-US&ver=5.1.2
216.58.211.10200 OK 56 kB URL HTTP/2 maps.googleapis.com/maps/api/js?key=AIzaSyDRiOJcH5jlSFqsAFGOgkGLZ02XvQSMTHo&libraries=places&sensor=false&language=en-US&ver=5.1.2
IP 216.58.211.10:0
File type ASCII text, with very long lines (2459)
Hash 11316c73ccc4779f33a1ca77ff182157
36bab1dcbe2501b7f0d6b287746279cd3058191e
f10a8464669f94b22304ea78c011c0569ec448a87710888a3869e378be521c07
GET /maps/api/js?key=AIzaSyDRiOJcH5jlSFqsAFGOgkGLZ02XvQSMTHo&libraries=places&sensor=false&language=en-US&ver=5.1.2 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 55564
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=23
date: Sat, 26 Nov 2022 10:19:58 GMT
expires: Sat, 26 Nov 2022 10:49:58 GMT
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
age: 20
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/formidable/css/formidableforms.css?ver=10181831
8.38.122.197200 OK 8.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/formidable/css/formidableforms.css?ver=10181831
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (51296)
Hash ea90d24c5f8e265b80412d77c8fe82ce
9aa22159c8a3ad5e7980e8efc9d5ddd692236207
639d7e1e608414d341a42ed372d15f0f18caf92bb9cd946de61f814d711eea01
GET /wp-content/plugins/formidable/css/formidableforms.css?ver=10181831 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 18 Oct 2022 18:31:28 GMT
etag: "c8c4-5eb534ce47ce3-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8583
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1669458017
8.38.122.197200 OK 13 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1669458017
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (59158)
Hash d7913fc87c4606f82b4ee77a8d47fc2f
62a54acf7535ae53425b44dadfe5fdabf3d8300a
bb05c88bb0b82e2f14f1efb94b4c3511292f74c3bb7cb0b104d300a42a49492f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1669458017 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:15:37 GMT
etag: "e7d0-5d9e133737f19-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12869
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/css/megamenu.css?ver=2.3.1
8.38.122.197200 OK 29 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/css/megamenu.css?ver=2.3.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (545)
Hash 45f6eab951ca317ec475b529f46417b4
fce41b7dd131001beb3f1dc96a1793452f624b44
a231e34d708b1f7663ec942c27dd9eec1fcdf574b8f9431522d3c360afbf32a2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm-megamenu/assets/css/megamenu.css?ver=2.3.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:17:22 GMT
etag: "a149c-5d9e139b90cf5-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 29438
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/service-icons.css?ver=5.1.2
8.38.122.197200 OK 977 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/service-icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 641140f1223ff5df29ee18f8c8f70aba
ee0c640727fd652e863fd635d520b173e8b40d13
b5bc1943b25ef3c81c37dfb34d070364f53739ca18660bb96809c5a3225541aa
GET /wp-content/themes/motors/assets/css/service-icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "fad-5d2c3afd921f0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 977
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/boat-icons.css?ver=5.1.2
8.38.122.197200 OK 1.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/boat-icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash ed52b7ca5b3418b28153da35cedf6071
4487d8be68353b68bd5cc1d13f3f06f9cdbcfb27
19c044faacbde16eff6a8dbde2c95c527de4de1d75240f3e32f93de390db7582
GET /wp-content/themes/motors/assets/css/boat-icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "12c6-5d2c3afd50329-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1007
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/motorcycle/icons.css?ver=5.1.2
8.38.122.197200 OK 490 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/motorcycle/icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash cb10860ede4d9ab43f9cdb5aaae451bd
e3910ef96d8ceb6550f9ea6a58c712d004b79acc
33da399f2c6220f71350a51b05a19058cec7ccc070e5b1c18520d0eaec608830
GET /wp-content/themes/motors/assets/css/motorcycle/icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5b3-5d2c3afd90a80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 490
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/rental/icons.css?ver=5.1.2
8.38.122.197200 OK 516 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/rental/icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 277e52066662b1b4a68efef4e93727e2
a2f2b791f3510e4b5d44554e004f60d041ceca9c
3659bb3504f8f1972b298b0e35d3a7bb23abad8480b894c730a6081159daf0cf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/rental/icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "658-5d2c3afd91638-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 516
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/magazine/magazine-icon-style.css?ver=5.1.2
8.38.122.197200 OK 421 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/magazine/magazine-icon-style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 5c1a960d788c02bad2b16c27e454c54c
173296d3fc4e8de3414a123deb279dfdd64bd034
f11d0b6e69aaf946642073a7cca64a84239b56463ea101419eb5cc2249a4bf5d
GET /wp-content/themes/motors/assets/css/magazine/magazine-icon-style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3e5-5d2c3afd902af-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 421
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/listing_two/icons.css?ver=5.1.2
8.38.122.197200 OK 427 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/listing_two/icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 19bb036adf9fd75599fa621d9cb38848
52111ce03d19317deb4405fe90e46fa556d3acd7
03e075be68024ed59155efdb887c1154ea3685980f4d35da09c6b2f21101a69a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/listing_two/icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "401-5d2c3afd8fadf-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 427
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/stm-aircrafts-font-style.css?ver=5.1.2
8.38.122.197200 OK 500 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/stm-aircrafts-font-style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash e3aa2e50e7548a11d09b751859c1becb
576d4d743e87890fcb1d27c9b612095dc38f157f
08390ab2377861fbbeae93767265f829763ce9cbe12a73f93e79ce3eb2ce6c2c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/stm-aircrafts-font-style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5dd-5d2c3afd98f53-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 500
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/select2.min.css?ver=5.1.2
8.38.122.197200 OK 2.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/select2.min.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (14965)
Hash 8e684dd388239a6bcac3bc41e52c4e17
2691065d51586e3fdcfce1ea8e51787a05061989
f5e41c52b1303b9ad13beb859f02abc7397d27e3b6504c5bd82a2b68dfa6ece4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/select2.min.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3a76-5d2c3afd91e08-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1998
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/classie.js?ver=5.1.2
8.38.122.197200 OK 2.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/classie.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 55e1109b3022c56ad23c5ba676055619
a940196e1ddfad80d753dd70484da942a3b2c2b4
9477ec4f89eb231b413a95b7438ababe1800c2cff84bb08283dedadf565731f1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/classie.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "7b4-5d2c3afdeea89"
accept-ranges: bytes
content-length: 1972
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery-ui.css?ver=5.1.2
8.38.122.197200 OK 1.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery-ui.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1165)
Hash 9c409d2d0082c4c92f139b79b9b56496
71af88ff8fb89bbde6780e3654e9ac5efcf6cd72
3abed05aa50906e4ba6d49983bd2c324bd57c9a0a4e74b52f95ceb965d27f27f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/jquery-ui.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1ad9-5d2c3afd7d9c9-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1833
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cookie.js?ver=5.1.2
8.38.122.197200 OK 3.2 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cookie.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 274f1795c34d6b35e0e79eb1633abe23
a9e973e7d4830462c90a44f4766ab4e1f5177fe5
582e7032302e4a28726d52ff3ff8db3bb0d1b3a7c1e83e38890ee62bc0a174ed
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/jquery.cookie.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "c9f-5d2c3afdf1582"
accept-ranges: bytes
content-length: 3231
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 404 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1414), with no line terminators
Hash dcadca1139e6522100c6ba8850f572ca
dca0ee9e0f96f5f8d399e2aee39b26ff26a4ee18
bb206bb906b05edee537c89d075ec04bc570ff9f7e59270d803b6f4bb80f2534
GET /wp-content/plugins/motors-vin-decoder//assets/css/icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "586-5e9dce4f2e538-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 404
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/vin-decoder.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 4.5 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/vin-decoder.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (23366), with no line terminators
Hash 409ed4df68521a808313b7ce8d2875d3
2bfeb5236e3db8e1ed77213d8dad9e97b6f7bb17
ec27d1caa25b46911cbe9f09fc12684cb3dc2c07c36972f6f9b9304145e9fd62
GET /wp-content/plugins/motors-vin-decoder//assets/css/vin-decoder.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "5b46-5e9dce4f2fca8-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4490
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
8.38.122.197200 OK 7.5 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Web Open Font Format, TrueType, length 7536, version 1.0\012- data
Hash 04eb8fc57f27498e5ae37523e3bfb2c7
d942ae11706c3f7e511e3c49b0e4574d7ad199c4
f7b9c3065e55fa3b9e320093612e7b30dcb14355a44ec461247b495a3e729686
GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:11 GMT
etag: "1d70-5d9e1357174d3"
accept-ranges: bytes
content-length: 7536
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/font-woff
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 98d0d340eb8d59293eb903c2a304d14f
bb7407cb7d75c7642e0ce86e8a0f7e24d5a42774
94fedc49f2c2d1b6a013682102b56a5a52246125c1d3ed7b2ba123d6bad86737
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=164804
Date: Sat, 26 Nov 2022 10:20:18 GMT
Etag: "6381c7a1-1d7"
Expires: Mon, 28 Nov 2022 08:07:02 GMT
Last-Modified: Sat, 26 Nov 2022 08:00:33 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LQ_1g5qiIQXSOdxqfQM3MI9PCMv4_86c3FwzRiuCJARa86AC8vSS4Q==
Age: 389
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/animation.css?ver=5.1.2
8.38.122.197200 OK 6.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/animation.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash c539b9aac3a65cca3f449ef37e548ccb
b87a9e1f75f50a6d22ee1d783d3689d674204f0b
7e9d9f8aacc325dc3d2abfa0252b9049cd3399c7f81cbf32f776c4644d0ec698
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/animation.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "14f25-5d2c3afd4f388-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6679
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
8.38.122.197200 OK 11 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (11126)
Hash 79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 17 Dec 2020 15:23:57 GMT
etag: "2bd8-5b6aa9497f7ec"
accept-ranges: bytes
content-length: 11224
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 12ffc2abe29dfdd5f574565c0fd1a056
af6271b801a5091eebc607772a2c6b04a45cbfe3
4444b9c5d34e3c911b38e6b7d3125033b5f8938f25c761672966aec936b656c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=125566
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:18 GMT
Etag: "63812fe0-117"
Expires: Sun, 27 Nov 2022 21:13:04 GMT
Last-Modified: Fri, 25 Nov 2022 21:13:04 GMT
Server: nginx
Content-Length: 279
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cascadingdropdown.js?ver=5.1.2
8.38.122.197200 OK 15 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cascadingdropdown.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d46dc465806c94eb45c31ef252cc4d3e
6af119bb9785f07c0bdb0a6be7ade13cc045135c
17fb1aea21344fabd758897bdf5b704ee83e417efd5411c836cfef6ec2dfc41a
GET /wp-content/themes/motors/assets/js/jquery.cascadingdropdown.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3af3-5d2c3afdf119a"
accept-ranges: bytes
content-length: 15091
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
8.38.122.197200 OK 9.9 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (9937), with no line terminators
Hash dc74c9954b1944928eca0172c3b8c6b3
e9e00e587e0e28491b69563b4e768945ff2e0ed5
d7eff2d3185c4035edbe18b653f9da26c2d872e03c92419542ed524d569fe81b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 16:45:04 GMT
etag: "26d1-5ebdea14ce207"
accept-ranges: bytes
content-length: 9937
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder/assets/img/vin-check-btn.svg
8.38.122.197200 OK 1.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder/assets/img/vin-check-btn.svg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1076), with no line terminators
Hash d0b222e20615087119d27f2619371dd0
dfa0a9fa19d7a53f94e430dc6210bb199b81d441
d47df921df4e7d3e59b1b157ab1d80bdda634160a5e1f2f6251418964121b9f1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/motors-vin-decoder/assets/img/vin-check-btn.svg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "434-5e9dce4f3cf9d"
accept-ranges: bytes
content-length: 1076
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/stm-icon.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 922 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/stm-icon.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (4593), with no line terminators
Hash db40a8a36efef57420f92ea109fc33a2
5554034fed439657049ea0b3bd7eb43d9aa0fb50
c3ff3a300e8016e244ca4e49de4285da191044970ddcf0f93710d014481f5765
GET /wp-content/plugins/motors-vin-decoder//assets/css/stm-icon.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "11f1-5e9dce4f2f0f0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 922
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/service-icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 691 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/service-icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (3302), with no line terminators
Hash ab6f97ea7059c232693a4b570e087b62
dcfe539ea4e28d385ce694223174123f82e14ac0
6d7bc8cdd8c2936c4e49bca0f1f14363bc020331fba7379c0f741f85e014ab6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/motors-vin-decoder//assets/css/service-icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "ce6-5e9dce4f2e920-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 691
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/auto-parts/style.css?ver=5.1.2
8.38.122.197200 OK 544 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/auto-parts/style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 647499d93bd6ced6839431fee63db188
2090144108643c4f8ad4181e18c7625a9019615d
46cb51a861e4887e2d2017ac5e6eb349bc2b4427948598d26d6e55e6e15dcf58
GET /wp-content/themes/motors/assets/css/auto-parts/style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "6bb-5d2c3afd4ff41-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 544
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 1.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (5334), with no line terminators
Hash 0b06d9e311712e0f5c38e06f549d646c
96ffc4906d416ca3c5e0aa21fc2d6ea262b4f8bd
e3c5dbba5924a8329f175882cd40dba5f02b082fb631dc6510119a88ce19b112
GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:49:49 GMT
etag: "14d6-5e9dce2b4f716-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1108
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect-slide.min.js?ver=1.13.1
8.38.122.197200 OK 901 B URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect-slide.min.js?ver=1.13.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (715)
Hash e0b6ee7035469fab34982887e7ef21f7
8f38f75ae3db197142744524b6fcb8dc11efd577
f7f639c14daca92fe9f66f08d4ef076d2413eb99dbc35129158de1814d1d7c91
GET /wp-includes/js/jquery/ui/effect-slide.min.js?ver=1.13.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:19:20 GMT
etag: "385-5d9e140bc8be3"
accept-ranges: bytes
content-length: 901
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/wp-auto-affiliate-links/css/style.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 998 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/wp-auto-affiliate-links/css/style.css?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 863bd6ca1f3e51547c37bbf7f3a621ed
b24c95e413ff38ea4e4bf0abf88db4feebe9f565
b895c8a154b420f9612aa9911eb4a1599585fc21e550dfff747226a1f38e59e5
GET /wp-content/plugins/wp-auto-affiliate-links/css/style.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:49:44 GMT
etag: "c78-5e9dce267100a-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 998
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/style.css?ver=5.1.2
8.38.122.197200 OK 396 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 5b14aab06cc4ce54392ef426221ba25d
07f40c8f54e83ff19f3d0b03529419cf0f93f1e5
32acde4090f36bd8d830b58765765d2fc848935052bb4154be54fb786447666b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:35 GMT
etag: "298-5d2c3afeb1417-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 396
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.touch.punch.min.js?ver=5.1.2
8.38.122.197200 OK 1.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.touch.punch.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (1090)
Hash 700b877cd3ade98ce6cd4be349d81a5c
c1c36e6927436231eb20474356b29667c4c648aa
000854d782781aff1b16ea5451c1da3d07efadd35ab911ccb7e4b851571a25bd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/jquery.touch.punch.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "50b-5d2c3afdf38ab"
accept-ranges: bytes
content-length: 1291
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
rdcdn.com/rt?aid=18662&e=1&img=1
52.7.240.180302 Found 121 B URL HTTP/2 rdcdn.com/rt?aid=18662&e=1&img=1
IP 52.7.240.180:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3566835ab38329ddb105f8649131cabb
72eb59670ff0ea8cc99983629acc33aebd65a6e0
66b563593020781cd23517f1e111f600993a0b893f79970b32e9f95147db269c
GET /rt?aid=18662&e=1&img=1 HTTP/1.1
Host: rdcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:18 GMT
content-type: text/html; charset=utf-8
content-length: 121
cache-control: private
location: /eow
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 4.0
x-aspnet-version: 4.0.30319
set-cookie: aid=18662; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure
ref=https://www.cardealsnearyou.com/; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure
img=http://rdcdn.com/rt?aid=18662&e=1&img=1; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure
X-Firefox-Spdy: h2
developers.google.com/maps/documentation/javascript/examples/markerclusterer/markerclusterer.js?ver=5.1.2
142.250.74.14200 OK 8.9 kB URL HTTP/2 developers.google.com/maps/documentation/javascript/examples/markerclusterer/markerclusterer.js?ver=5.1.2
IP 142.250.74.14:0
File type HTML document, ASCII text
Hash 38abdd6fa03b1953058c0ac096cd9fe7
11cf2e06927628bffe06f683e9b04cb11f40458b
be197ce617a190740b3c332bdc489fef0aa748b90bc57f8cf6c70bb54aa3a8e3
GET /maps/documentation/javascript/examples/markerclusterer/markerclusterer.js?ver=5.1.2 HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 16 Jan 2017 03:43:59 GMT
set-cookie: _ga_devsite=GA1.3.3398093343.1669458019; Expires=Mon, 25 Nov 2024 10:20:19 GMT; Max-Age=63072000; Path=/
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-oPOL9BqfWEqfecjq36QnsZagdNPBgA' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
cache-control: no-cache, must-revalidate
expires: 0
pragma: no-cache
content-encoding: gzip
x-cloud-trace-context: 8006fc600567998c9389cefc10d7b5d4
vary: Accept-Encoding
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Google Frontend
content-length: 8937
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rdcdn.com/eow
52.7.240.180302 Found 151 B IP 52.7.240.180:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82133787c1fcce4fd893463e0b0b3ecb
f4af96850470b845614985cb3a56d9e16ad14e9c
ba90dc61e3a7b2caff87da8bf66ff677120d58b1f76e79f40dcfaac4cf58a555
GET /eow HTTP/1.1
Host: rdcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: aid=18662; ref=https://www.cardealsnearyou.com/; img=http://rdcdn.com/rt?aid=18662&e=1&img=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:19 GMT
content-type: text/html; charset=utf-8
content-length: 151
location: https://rdcdn.com/images/blank.gif
cache-control: private
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 4.0
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
34.102.187.140200 OK 681 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Hash eaee4fcc2a30b5cb65768e7228765063
a618faa6e4c7c412584de1dbc760a8067e32b7d7
20565fc5642a0bc063da8706ee310dd2512ee2a096a39976c34056a13a2bc2f6
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Sat, 26 Nov 2022 10:17:24 GMT
cache-control: public,max-age=3600
age: 175
last-modified: Sun, 20 Nov 2022 16:36:52 GMT
etag: "1668962212585"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6014
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6014
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6048
Expires: Sat, 26 Nov 2022 12:01:07 GMT
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6048
Expires: Sat, 26 Nov 2022 12:01:07 GMT
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6014
Expires: Sat, 26 Nov 2022 12:00:33 GMT
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b1c6878914466cfece680fa7cb73502
47fac81a2dd809df5c42ca1362f71d553572d2b1
6458883dfa2bdfd483e92e5f847a229508ef00ce1dbd11f49eec369d0bd3160a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: 4db4ed29-20b4-4ca7-8835-2463d0989d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVFHQYIAMFc4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135b9-613da006118724124e345b29;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qKxrYxVsJWOXAbrn6IpwLycF3rknFLkQeDyKOLq5WyflvTLeUjg_Lg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:18:42 GMT
age: 43297
etag: "47fac81a2dd809df5c42ca1362f71d553572d2b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: utbUF-6Z7rMqPNdRKHJyI-IZoyTy6HpkNBY-60xcZ-6NDXBz1XN6-Q==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:40 GMT
age: 45099
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bfe2d23-9843-4fb7-b46a-fd8ffd7bce9a.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bfe2d23-9843-4fb7-b46a-fd8ffd7bce9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d30923b7d20eeb37527255c3ee1da34f
bed54bd4f659fbf29834b262e9179df7e7bc56a6
3110f22342b17a7b1d30bd53350e6a11fd6032d97bccf4206e4a27d6e332c79b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bfe2d23-9843-4fb7-b46a-fd8ffd7bce9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9011
x-amzn-requestid: f0e83373-0f65-4358-a902-45f2e9c24c24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUfPHzAoAMF4ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813461-19e037da49c44e4363bbe8f0;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: N2zsqycYk04GXPSMhxJKCrX84Asqzq8UNIFTYg2hJllP4fTGXzwEuA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:16:10 GMT
age: 43449
etag: "bed54bd4f659fbf29834b262e9179df7e7bc56a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400%2C400+%21important%2C700%7CRoboto:700%2C400&display=swap
142.250.74.10200 OK 10 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400%2C400+%21important%2C700%7CRoboto:700%2C400&display=swap
IP 142.250.74.10:0
Hash 7e2f7d3fb318dacefb513b14224a6bb6
6a817c086b6af621ecdaff0d11c49015491eb414
a0484191a39cc5cb2efb53171e73934610602d888f67bbfee0be3b31182e3070
GET /css?family=Montserrat:400%2C400+%21important%2C700%7CRoboto:700%2C400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 10:20:18 GMT
date: Sat, 26 Nov 2022 10:20:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 02:19:43 GMT
age: 28836
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SRN-oOfa8Z0mQZFYkWAv32XFiXChfGjfwZkfWz-IzHubwrKgzwoTxQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 03:55:38 GMT
age: 23081
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery.stmdatetimepicker.css?ver=5.1.2
8.38.122.197200 OK 4.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery.stmdatetimepicker.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1961)
Hash 2dbe5d4f94fdcf3df53ec6071a433b32
b71af6bb415f16b2624d97e8914137399c8ec596
0850bfcae403b88d409a60d16d73c6e1f7ef1c8274c5b090ab290b2aa7923546
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/jquery.stmdatetimepicker.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "4981-5d2c3afd7ddb1-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4618
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-user-sidebar.js?ver=5.1.2
8.38.122.197200 OK 898 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-user-sidebar.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 233c154fec1bd47cb2d7c5c9c5f70941
40260ff178c49cf3ecffe7b8484d07e52308cead
f0fcb6a32306c5ff4a50df8e19e176be412c7ec0b9306c8083347a52c98ca1bd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/app-user-sidebar.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "382-5d2c3afdec760"
accept-ranges: bytes
content-length: 898
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.7.0
8.38.122.197200 OK 4.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (34217)
Hash ff23202f1227d35b13635501c86b2156
31c5de356f90da7a53468ef8ed0a9237cdaa67ce
c4b5a8cbcaef7b3a6d4d2f1a3d68cfac3a2ccb7fbfcd7ae212bf2c39fc85ed42
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "865f-5d9e136b05866-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4260
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
8.38.122.197200 OK 68 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 2a637d3d825673c0e3462fa4ed9a1c5c
81668d396da22832d75a986407ff10035e0d5899
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:09 GMT
etag: "44-5d9e135542066"
accept-ranges: bytes
content-length: 68
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
rdcdn.com/images/blank.gif
52.7.240.180200 OK 42 B URL HTTP/2 rdcdn.com/images/blank.gif
IP 52.7.240.180:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash accba0b69f352b4c9440f05891b015c5
9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
GET /images/blank.gif HTTP/1.1
Host: rdcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: aid=18662; ref=https://www.cardealsnearyou.com/; img=http://rdcdn.com/rt?aid=18662&e=1&img=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:19 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 23 Dec 2021 22:40:22 GMT
accept-ranges: bytes
etag: "04fc5114ef8d71:0"
server: Microsoft-IIS/10.0
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type HTML document, ASCII text, with very long lines (12310), with no line terminators
Hash 1f9968a7c7a2a02491393fb9d4103dae
0032c8a6a692e6f072b2cef20828449402fdd57d
f1d5583d4c00ebe19c7be536e72ab8234c1f926023cb5a1fd5edbe9c912f0f49
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 16:45:04 GMT
etag: "3016-5ebdea14c45c3"
accept-ranges: bytes
content-length: 12310
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/form-autocomplete-nish-premium/js/app.js?ver=2.0.1
8.38.122.197200 OK 7.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/form-autocomplete-nish-premium/js/app.js?ver=2.0.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 7c898d32907792a4ca6d509d0c2b52af
b54cb8a2682a24d180f0528ef06d998f88fc3a59
05322da8b0c192999052935f12b463d6e5a84b224f6fae2937abeb2b27b6bebe
GET /wp-content/plugins/form-autocomplete-nish-premium/js/app.js?ver=2.0.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 19 Apr 2022 14:32:02 GMT
etag: "1c56-5dd02bd7ece60"
accept-ranges: bytes
content-length: 7254
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/bootstrap.min.css?ver=5.1.2
8.38.122.197200 OK 19 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/bootstrap.min.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (65371)
Hash a69801e0e683a8efdc50685e08da6a5c
6f9e7217c522f9e426b01836de5ca4b489da9cc8
af869524400958bf10cefcd1a2790715f9f569117fabe6c69e24e5ca65e45321
GET /wp-content/themes/motors/assets/css/bootstrap.min.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1ca38-5d2c3afd55d03-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 19250
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/headers/header-car_dealer.css?ver=5.1.2
8.38.122.197200 OK 11 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/headers/header-car_dealer.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d23d8ee10642ccb21ae0153d554fda59
6de0a2d9861421f92ed4f77633c47ebbb9736022
c70f9c79a5d06d76a364ba8fa18218ef77aa585888ca2a418d61753edfec6e30
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/dist/headers/header-car_dealer.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "271fc-5d2c3afd691a1-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 10852
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/vivus.min.js?ver=5.1.2
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/vivus.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (11790)
Hash edca8ffeb6cac2f6d5f9186043d569b6
ff20f18369ad92eedfee40a0cd461510eef41756
6cbced0782f23b4da0f1c24988d05a1395af3f6399a50cdd79114f1aac5b2b0c
GET /wp-content/themes/motors/assets/js/vivus.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "2eb3-5d2c3afe1d89a"
accept-ranges: bytes
content-length: 11955
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash ec14123fd07ef488fc1aff60a6f99c13
55e9b5c3cad505a780d948349d9009867368cf6a
46e3efd2835c5f189acbe5c392d41ce6b86f2cfe3f064cdd6780032777f5706a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:10 GMT
etag: "e197-5d9e13570059b-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12303
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (56243)
Hash 56ff26e4540fe0eb470200be12da9539
e55c1cf13307417eb0721280047dfe0a7e870752
41bd8b382a880ae6ec59d84506d7b5ba03c23eb9dd5b4044eb8f50e182fb39f4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "dc69-5d9e136b05096-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12251
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/js/megamenu.js?ver=2.3.1
8.38.122.197200 OK 3.5 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/js/megamenu.js?ver=2.3.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 1d26ded5f43ab4a713a025725d980d93
f6372bb22d53b2986160a3ff764f6ef2e615130c
69e9d8eeb0cc13a23f786c0dafd6909001e394d69d397083473ccd6ee2f0b234
GET /wp-content/plugins/stm-megamenu/assets/js/megamenu.js?ver=2.3.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:17:22 GMT
etag: "ddc-5d9e139b93406"
accept-ranges: bytes
content-length: 3548
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/jquery.cookie.js
8.38.122.197200 OK 3.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/jquery.cookie.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 0f1f6cd6e0036897019b376d38593403
498b29de6e170fffc8535183b7d6550490f0a159
8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/jquery.cookie.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "c44-5d9e13084daf8"
accept-ranges: bytes
content-length: 3140
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1
8.38.122.197200 OK 3.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (3233)
Hash 5c38aa6d5b98586ca2ba973ab8b4b6b1
8215983363ea0d74f99368336404b0d27217778f
7c4dcab706e6bf67c64df89d3f5e137cb19efa293771613f511aff1ad563a6df
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "d53-5e0322dd55ac3"
accept-ranges: bytes
content-length: 3411
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/filter.js
8.38.122.197200 OK 3.9 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/filter.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 4b48425e53ee05842fa3dba2952cca8c
d69bbb7e79c27e0b6c1dd13881c1dbc7c40ba7a3
2ed882d62d05459ec26f592856c0b845c01576d77982041311bca039901102a4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/filter.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "f0f-5d9e13084cf3f"
accept-ranges: bytes
content-length: 3855
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
8.38.122.197200 OK 90 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (65447)
Hash 02dd5d04add4759122013c5ab4dc5cc2
a45a56e396ac549b4ff39b696ce9e0c16a7612de
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 17:31:52 GMT
etag: "15db1-5cc344e9c4b4e"
accept-ranges: bytes
content-length: 89521
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
34.102.187.140200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (1506), with no line terminators
Hash 202f8030219491c4a368c475aaa98861
b3f7120107465db6e1eb7a21efb451253a30e31e
379786244e20b5c0d5ed80b9f3c03e9a964615c7df36764c9d96528290754de4
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Sat, 26 Nov 2022 10:10:26 GMT
cache-control: public,max-age=3600
age: 593
last-modified: Thu, 27 Oct 2022 18:14:21 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.7.0
8.38.122.197200 OK 46 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (65358)
Hash bfddc4ff4e82f2dd9a33b2b0bf3bb878
5cb05aacf9e97c6c58e02fabd69fcae22118c200
be6316c3e4d24d0b139c1afabe5be1fd0e84e62a0e72d9f507eb32407897d4b2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "76878-5d9e136a58a8c-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 45810
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2017/09/2018-toyota-camry-350x205.jpg
8.38.122.197200 OK 9.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2017/09/2018-toyota-camry-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Hash 819068307a587d984f28e60907bdfd1c
6e46fea8bc6c0b264e0100c94820443f729aeac3
a52a9b7ae1715e83974c953535f27607c6cf7b36cb5825ccdf34b0af847326ae
GET /wp-content/uploads/2017/09/2018-toyota-camry-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Nov 2021 23:18:02 GMT
etag: "24c7-5d10440e0d7b5"
accept-ranges: bytes
content-length: 9415
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/01/img-1-960x-350x205.jpg
8.38.122.197200 OK 11 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/img-1-960x-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Hash 66cc6b8b127fc5d9149fd34ec77c20ed
e1dad3dceaac31074655d2e7120e0c7741ea354d
1ce5e67c9fb60b2215f6ef8151ddc43e3ffe1587aec9e53e4e2de3d8b65780ce
GET /wp-content/uploads/2022/01/img-1-960x-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 15:24:16 GMT
etag: "2c46-5d4eb76a0b233"
accept-ranges: bytes
content-length: 11334
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/6-350x205.jpg
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/6-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Hash 6687e81017d51a5ae62ac9d4a8e272d2
fd38828d026ea40e7e0f40835767af9d7a292593
ac63a05279b1d4d0ed62cd73480673108d526a72ff593d0f3ac6a00d072be9d0
GET /wp-content/uploads/2015/12/6-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:57:33 GMT
etag: "2f88-5cc3581046509"
accept-ranges: bytes
content-length: 12168
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm-google-places.js?ver=5.1.2
8.38.122.197200 OK 4.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm-google-places.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Algol 68 source text\012- Pascal source, ASCII text
Hash f130c0956c2e19ed130561577a694499
1ef8515331c4861d7c8ccbcc79382802dc003c83
930cfdcae2f9f6e399d2cf40fe97c1ce86f97cf7f6c6994573d61f4b39ce3565
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/stm-google-places.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "12c6-5d2c3afe18a78"
accept-ranges: bytes
content-length: 4806
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/09/logo.png
8.38.122.197200 OK 32 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/09/logo.png
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type PNG image data, 1738 x 286, 8-bit/color RGBA, non-interlaced\012- data
Hash 4deff5845cbb90754c8ffabf3dfd81cd
1f618ced7ef5cf2a02af294275249388f6c2a835
5ab4cc19429e66d11688ffb55af4f733c289799eaaae054b14893ccfd13fa341
GET /wp-content/uploads/2021/09/logo.png HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:13:07 GMT
etag: "7df1-5cc34e21889ef"
accept-ranges: bytes
content-length: 32241
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2
8.38.122.197200 OK 5.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 2e546bbdcb575cc8ccfd49e09f8a0d1e
de02ee8c061a9e7b019af42d6894e9a6161c044b
56a580939c1b8c0a26c5fab297b2efc96e7dfe1e66b22b70adc9ef440b4d2b03
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "162f-5d2c3afdf407b"
accept-ranges: bytes
content-length: 5679
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.countdown.min.js?ver=5.1.2
8.38.122.197200 OK 5.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.countdown.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (4136)
Hash 5d3ff3c3fbaa67cc639501f44eeb07be
bd66e4cd58de09c198e7abc77fa4c883955d189e
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/jquery.countdown.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "14db-5d2c3afdf196a"
accept-ranges: bytes
content-length: 5339
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/11/Automakers-Commit-to-Increased-EV-Production-Can-They-Pull-350x181.png
8.38.122.197200 OK 46 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/11/Automakers-Commit-to-Increased-EV-Production-Can-They-Pull-350x181.png
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type PNG image data, 350 x 181, 8-bit/color RGBA, non-interlaced\012- data
Hash 74377d03908d16b6f60841c366d73ed2
ff54cb2ee7766895b8bfd19c0b6f53b5a2090d9b
82e4d49cbae47bad0ed1c0cba40825e870d560f397ec14520db0afd4a292decf
GET /wp-content/uploads/2022/11/Automakers-Commit-to-Increased-EV-Production-Can-They-Pull-350x181.png HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 26 Nov 2022 03:07:18 GMT
etag: "b3f9-5ee56ef9ecc05"
accept-ranges: bytes
content-length: 46073
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/droppable.min.js?ver=1.13.1
8.38.122.197200 OK 6.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/droppable.min.js?ver=1.13.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (6469)
Hash 986cbf4f93616febf4243f6e3e76e3e9
7de9dd72732ca8fe46c0242749d4a705345fe0b7
c3a015f250093ba41c36da57625051930eada74b0bb8d61b7e0c6fef36952317
GET /wp-includes/js/jquery/ui/droppable.min.js?ver=1.13.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "19fb-5e0322dd52fca"
accept-ranges: bytes
content-length: 6651
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.uniform.min.js?ver=5.1.2
8.38.122.197200 OK 8.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.uniform.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (8555), with no line terminators
Hash 602e6f2ddacb95ef0f3061fd2a671f87
91cbe28c3c5cf6187680f4529f0c40e4cf6098ff
8db04d82f75d8073b25dc594a13c2dafdfb762f8d66ed1dd32f95c3420868a6a
GET /wp-content/themes/motors/assets/js/jquery.uniform.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "216b-5d2c3afdf3c93"
accept-ranges: bytes
content-length: 8555
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.1
8.38.122.197200 OK 8.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type C source, ASCII text, with very long lines (8750), with no line terminators
Hash 5f7dca83f1cac6295b0d4c72e325ac20
e0aacf1cfd0d8ed4bc37c8ef2be23d46513b71ed
af735813266cdf52a38a6e1583a86066db357469ceded2d7ea8335b298d73d65
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:49:49 GMT
etag: "222e-5e9dce2b5f503"
accept-ranges: bytes
content-length: 8750
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-header-scroll.js?ver=5.1.2
8.38.122.197200 OK 9.9 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-header-scroll.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 3e79399963f950548b8528e8f2ce8354
48f2c8bf5bf3ab66c930bbf4aaebc4d44b549e40
7ccc91bc49d744f8f5131ab1a1080c4fb4afad71648f71901344f76e013faae7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/app-header-scroll.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "269f-5d2c3afdeb3d8"
accept-ranges: bytes
content-length: 9887
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/init.js
8.38.122.197200 OK 11 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/init.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with CRLF line terminators
Hash ef27876965ca7a901f5d659cfef2508e
00ef39e8450b72bdac334c9d6d360f97dbc54c5c
b52fb9c7daf25d03006566b0ed7941011b21a1b42041cabce73c681e8163e4dd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/init.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "2afc-5d9e13084d710"
accept-ranges: bytes
content-length: 11004
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.1
8.38.122.197200 OK 11 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (10572)
Hash 0ee357a183287d64fcf277f66d532e6d
b45721bde387037ac73347020edb890ac4a77814
7ce6eb9cd7f07b424c34ee977214503668ae5e137d07b3fe0a37373e57686ebf
GET /wp-includes/js/jquery/ui/slider.min.js?ver=1.13.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "29ff-5e0322dd57234"
accept-ranges: bytes
content-length: 10751
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/sell-a-car.js?ver=5.1.2
8.38.122.197200 OK 10 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/sell-a-car.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 940cfb0a414f7d25580db8ae1d593cce
9fc3d2e8fe80298b7698e91d50eb9a8353845e5e
3a1828577697300c7856c303a82e07c62a4ce6886f8783e0494b6f11638a9772
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/sell-a-car.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "28a7-5d2c3afe182a8"
accept-ranges: bytes
content-length: 10407
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/wp-emoji-release.min.js?ver=e36eae1c9f3075d8b2de55c94dc7e512
8.38.122.197200 OK 19 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/wp-emoji-release.min.js?ver=e36eae1c9f3075d8b2de55c94dc7e512
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
GET /wp-includes/js/wp-emoji-release.min.js?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "48b9-5e0322dd7569e"
accept-ranges: bytes
content-length: 18617
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
8.38.122.197200 OK 21 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 6aaf0a4e8eac131defea126f5b1b5fbf
24da0326af36303e5a1e9799a3c26f7a1077928c
240b702419d6c39ecc4896f0132ccfc9bc517e9aef0c782d99580e0c678b47d5
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "50eb-5e0322dd51c42"
accept-ranges: bytes
content-length: 20715
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.1
8.38.122.197200 OK 17 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (15439)
Hash aa5fef7b171510a2a430328d4a0f3b03
cf6377f9bd83d9ce5f18c3de8ac7e57c047168d4
5f030eda75a32de3b4f63e28a38e83642b8a723c84ae73bf3726b85cd411bfee
GET /wp-includes/js/jquery/ui/effect.min.js?ver=1.13.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "43b3-5e0322dd552f3"
accept-ranges: bytes
content-length: 17331
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.1
8.38.122.197200 OK 18 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (18145)
Hash e5928fe54e2689822e39407a9ce71391
8c205903aedfae7f51df37d2387e14542544e4aa
8b934f3213c33c849410d6edf4fa6f85f970839503d462d94413bd8c15a2e106
GET /wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "4797-5e0322dd52be2"
accept-ranges: bytes
content-length: 18327
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
rtxpx-a.akamaihd.net/main.js
23.36.76.114200 OK 31 kB URL HTTP/1.1 rtxpx-a.akamaihd.net/main.js
IP 23.36.76.114:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (50918), with NEL line terminators
Hash abe669990a8ec7d16c36e0c32e80abf9
b46a4bd88e20175b4e660e9e52b8eaef9c59373a
7b3b6a221e62ae6765c49111c8697db2c40cce8651cc8f6d6feb2e58a1dde95f
GET /main.js HTTP/1.1
Host: rtxpx-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: TAyOzEssvwNa8Am544iCz+NPIUwkgHSMu1TJHwcbKWQUosr9T6tD1fEX9XrX6lqnY5FnpTYUmoc=
x-amz-request-id: C831BE0276127BEE
Last-Modified: Thu, 28 Jan 2021 21:02:34 GMT
ETag: "0e00eda4d7973d0a511ce8aae95bef1c"
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Unused62: 8096267
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 10:20:19 GMT
Content-Length: 30922
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lg-video.js?ver=5.1.2
8.38.122.197200 OK 14 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lg-video.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 5f7d592389a8dbbf34620dd38d2d2c57
46405fe79ab85a930797c814d6cd8879a7553041
53aad6aea6b1938f9b296a38293fb4b862a066e0102020b6772e5a8c72060044
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/lg-video.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "351d-5d2c3afdf4463"
accept-ranges: bytes
content-length: 13597
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/smoothScroll.js?ver=5.1.2
8.38.122.197200 OK 23 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/smoothScroll.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 28caad470346a31bde5404ea7c6be837
927590e21de028a332a5fa2f036c6d063860ed3c
11a137a3aa4740aa67ff3f25ec5034c22c5d4532b7112e3f116170039371016b
GET /wp-content/themes/motors/assets/js/smoothScroll.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5b47-5d2c3afe18690"
accept-ranges: bytes
content-length: 23367
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/load-image.all.min.js?ver=5.1.2
8.38.122.197200 OK 26 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/load-image.all.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (26142), with no line terminators
Hash cb3dbe292b68411b99ee97e96b466401
485596ed25391964a16e53bab5f0bc0cd9519ab9
24f0a6a74ca6edba6bb4ff364aae0fa92eac5835b529a2e05faf8666f5cd635d
GET /wp-content/themes/motors/assets/js/load-image.all.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "6623-5d2c3afdf5404"
accept-ranges: bytes
content-length: 26147
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/filter.js?ver=5.1.2
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/filter.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 66c22cb02b7d85cf5b8dad3bbddfa373
cf41bdb5596cda0a6492be756a1256a76a0269ab
92aad1c4ed170ca3235640b5acdebbd3a5433bf4b4441f4e24b88e19bc183bbc
GET /wp-content/themes/motors/assets/js/filter.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "30bf-5d2c3afdef641"
accept-ranges: bytes
content-length: 12479
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 382045cb7298955e284181015cfcac92
6bee7ac21dc4befd1ce0c259c3ab175add79b3ae
26cbd7596aa03d301b0cc833b94ca3f9146ddab1d30fc8ed1e82afc6e80b067c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CBD7596AA03D301B0CC833B94CA3F9146DDAB1D30FC8ED1E82AFC6E80B067C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2988
Expires: Sat, 26 Nov 2022 11:10:07 GMT
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.7.0
8.38.122.197200 OK 20 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (19905)
Hash 596d6e5d8400fd1e913f9adc21071f93
fee2d7a4ac08d5a522c2298a5ad3ed30ac9e62ec
159faf7827be43b4c85a35fc941924a9de59a169d42d600b49161f60debf9dff
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "4e9c-5d9e136a90157"
accept-ranges: bytes
content-length: 20124
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=6.7.0
8.38.122.197200 OK 13 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (12478)
Hash 0bf128a0c049a8e5386d7c709e8f2d5d
dca62041e11fcbb5aeb958612916f3453efbcf5c
2d42b8a78389235460930cf4f496b8411d46a3344229e4309480803bb39d1575
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:32 GMT
etag: "3222-5d9e136b26f99"
accept-ranges: bytes
content-length: 12834
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/bootstrap.min.js?ver=5.1.2
8.38.122.197200 OK 36 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/bootstrap.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (32087)
Hash 2616d3564578d8f845813483352802a9
5ada7c103fc1deabc925cc1fdbbb6e451c21fc70
f971b901aeb9e55b07d472afee09bd5ae05159e1119dbd16d993e473565e7fc0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/bootstrap.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "8b11-5d2c3afded319"
accept-ranges: bytes
content-length: 35601
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/lib/isotope/isotope.pkgd.min.js?ver=2.7.10
8.38.122.197200 OK 35 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/lib/isotope/isotope.pkgd.min.js?ver=2.7.10
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (32019)
Hash 2afcff647ed260006faa71c8e779e8d4
c4e5994f24ee8c8d2cf2d6602f0b56b9096a2e98
081ae9baaacc857c1c2cb51de6dbd0e1eb811c2761ef01a50df373f2f6eefe22
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/dynamic-content-for-elementor/assets/lib/isotope/isotope.pkgd.min.js?ver=2.7.10 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:04 GMT
etag: "8a75-5e9dce399d5d6"
accept-ranges: bytes
content-length: 35445
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app.js?ver=5.1.2
8.38.122.197200 OK 50 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1677)
Hash d9f0e8b77f8c0359825b0d31a012af19
4f1488ce8c5d3d5cfe672d03379d34f3278412cf
9c12230d2e212e052effc78814f0548efa5b2838d22b2babcc407c93c489729d
GET /wp-content/themes/motors/assets/js/app.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "c3b9-5d2c3afdecb48"
accept-ranges: bytes
content-length: 50105
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c.fqtag.com/tag/implement-r.js?org=9Xf4JS6qIDnMDOaZ0z86&fmt=banner&rt=click&sl=1&fq=1&p=undefined&a=undefined&cmp=cdny
35.190.72.161200 OK 2.6 kB URL HTTP/2 c.fqtag.com/tag/implement-r.js?org=9Xf4JS6qIDnMDOaZ0z86&fmt=banner&rt=click&sl=1&fq=1&p=undefined&a=undefined&cmp=cdny
IP 35.190.72.161:0
File type ASCII text, with very long lines (2634), with no line terminators
Hash 9fe8ce25680782f07372378fa773d75b
b8182f172fa3d35114db64e28653ffdc5c714d4c
535ede74dca9be7c65ea0cc6303e5a4b5ac3edbef8ed3cd23ac4f6298780d00d
GET /tag/implement-r.js?org=9Xf4JS6qIDnMDOaZ0z86&fmt=banner&rt=click&sl=1&fq=1&p=undefined&a=undefined&cmp=cdny HTTP/1.1
Host: c.fqtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: 0
cache-control: no-cache, no-store, must-revalidate
x-xss-protection: 0
pragma: no-cache
date: Sat, 26 Nov 2022 10:20:19 GMT
access-control-allow-origin: *
content-type: application/javascript
content-length: 2634
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 189448
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 225971
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:40:18 GMT
expires: Fri, 24 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 150001
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 382045cb7298955e284181015cfcac92
6bee7ac21dc4befd1ce0c259c3ab175add79b3ae
26cbd7596aa03d301b0cc833b94ca3f9146ddab1d30fc8ed1e82afc6e80b067c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CBD7596AA03D301B0CC833B94CA3F9146DDAB1D30FC8ED1E82AFC6E80B067C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2988
Expires: Sat, 26 Nov 2022 11:10:07 GMT
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
www.googletagmanager.com/gtm.js?id=GTM-N68RHD7
142.250.74.168200 OK 90 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-N68RHD7
IP 142.250.74.168:0
File type ASCII text, with very long lines (41285)
Hash 6a3023ae9122eaf2214f15e69bdf95bb
b676b1d4c994b28dc8e52d5115e51aa32796a486
4c6f53e3bf117af5264d68a35e77a7a8171e9b2c5ba8ba521678f296b8767d1a
GET /gtm.js?id=GTM-N68RHD7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 10:20:19 GMT
expires: Sat, 26 Nov 2022 10:20:19 GMT
cache-control: private, max-age=900
last-modified: Sat, 26 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90305
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
35.190.36.172200 OK 90 kB URL HTTP/2 cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
IP 35.190.36.172:0
File type ASCII text, with very long lines (31986)
Hash e0eff30579598f76147c9ea12f490d21
f0bf2ef576db440b275bdae3d6abac35e59a33b2
e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b
GET /1.27.339-ccfb11a/pixel.js HTTP/1.1
Host: cdn.fqtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdu0FF2TI5s8V7gpUlENS04WFPtihxxlA46Q_EAfYdSSO8rrRIIDB5rHVaub-Eqp8hHeo3KyxZUXiWcXY6sVRT7Yiw
x-goog-generation: 1611776924905378
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 89647
content-language: en
x-goog-hash: crc32c=YwE4YA==, md5=4O/zBXlZj3YUfJ6hL0kNIQ==
x-goog-expiration: Sun, 11 Nov 2294 19:48:44 GMT
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 89647
server: UploadServer
date: Sat, 26 Nov 2022 10:20:14 GMT
expires: Sat, 26 Nov 2022 11:20:14 GMT
cache-control: public, max-age=3600
age: 5
last-modified: Wed, 27 Jan 2021 19:48:44 GMT
etag: "e0eff30579598f76147c9ea12f490d21"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fwww.cardealsnearyou.com
23.36.76.176302 Moved Temporarily 154 B URL HTTP/1.1 stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fwww.cardealsnearyou.com
IP 23.36.76.176:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 52558d05355ee6e9d14ff3cf8a5a3ef0
52cfd7dd3859dc0578849a7b1c91bb8f91ad84c2
bac5546ea0f819f461c9023592ec2398a45a6c3aab78e55fed8b7c908dce6060
GET /id?o=https%3A%2F%2Fwww.cardealsnearyou.com HTTP/1.1
Host: stickyid-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: Apache
Content-Length: 154
Content-Type: text/html
Location: /id?cc=1&o=https%3A%2F%2Fwww.cardealsnearyou.com
Set-Cookie: b53eedc13__=4e6e967858fc813cae35f1e5589acd5cc9b2289ac.1669458019; expires=Sun, 26 Nov 2023 10:20:19 GMT; domain=.akamaihd.net; path=/; HttpOnly; SameSite=None; Secure
ETag: "d2715d34e10e5a9f3692d96bd0fbb282:1592835897"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cardealsnearyou.com
P3P: CP="We do not have a P3P policy."
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Unused62: 8096267
Expires: Sat, 26 Nov 2022 10:20:19 GMT
Cache-Control: max-age=0, no-cache, no-store, private
Pragma: no-cache
Date: Sat, 26 Nov 2022 10:20:19 GMT
Connection: keep-alive
stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fwww.cardealsnearyou.com
23.36.76.176200 OK 90 B URL HTTP/1.1 stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fwww.cardealsnearyou.com
IP 23.36.76.176:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash d8af579ead5c4b8535f9897e711a75c4
04337d815a96199a3ae04a5c6a53b5e96b176664
9dabf3f9bc69014f3f3c9da8ce1e1d460b450b1aa036e65664657a1e17a181de
GET /id?cc=1&o=https%3A%2F%2Fwww.cardealsnearyou.com HTTP/1.1
Host: stickyid-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: b53eedc13__=4e6e967858fc813cae35f1e5589acd5cc9b2289ac.1669458019
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache
Content-Length: 90
Content-Type: application/json
Set-Cookie: b53eedc13__=4e6e967858fc813cae35f1e5589acd5cc9b2289ac.1669458019; expires=Sun, 26 Nov 2023 10:20:20 GMT; domain=.akamaihd.net; path=/; HttpOnly; SameSite=None; Secure
ETag: "d2715d34e10e5a9f3692d96bd0fbb282:1592835897"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cardealsnearyou.com
P3P: CP="We do not have a P3P policy."
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Unused62: 8096267
Expires: Sat, 26 Nov 2022 10:20:20 GMT
Cache-Control: max-age=0, no-cache, no-store, private
Pragma: no-cache
Date: Sat, 26 Nov 2022 10:20:20 GMT
Connection: keep-alive
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/select2.full.min.js?ver=5.1.2
8.38.122.197200 OK 79 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/select2.full.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (64131)
Hash fcd7500d8e13d2b2aae5d3956dc3e21d
aa40e683c82dd844db73fde37048cf7fc145135e
5c6fdab80cb86a279695dccc226a1fac50e2c922bea70242edaa28f52b7bad2d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/select2.full.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1356c-5d2c3afe17ec0"
accept-ranges: bytes
content-length: 79212
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-ajax.js?ver=5.1.2
8.38.122.197200 OK 80 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-ajax.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (306)
Hash 80a8bbad5263fd42737869d711456fe9
4dde8bfaefc5895e8ab74ae381caddc8d2b5e761
c23720f61db5d790e244dd55f002003c4a02e3fb130cf2f54c7806e8327e5239
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/app-ajax.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1379b-5d2c3afdea820"
accept-ranges: bytes
content-length: 79771
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/owl.carousel.js
8.38.122.197200 OK 90 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/owl.carousel.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (360)
Hash ccdf893e7d8b26933af0c336bcc3943e
ac575ba3377f95ef22bad865ec35b0b3dcb0dfe0
db9d6cf3c1c4b047c62f646e7d9991c06a212931c362bf53f9a2406b30f09466
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/owl.carousel.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "15f88-5d9e13084ee80"
accept-ranges: bytes
content-length: 89992
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/typeahead.jquery.min.js?ver=5.1.2
8.38.122.197200 OK 97 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/typeahead.jquery.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 225d23210d08c40de16183769eedacd7
a7a647b3279ace05c5a7b94ca33c2ffed84db28e
313d5e4676cc2cce8935b127b275d25bc17c2383885ee78b6aadab1c2fd14162
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/typeahead.jquery.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1795d-5d2c3afe1ada1"
accept-ranges: bytes
content-length: 96605
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/lightgallery-all.js
8.38.122.197200 OK 114 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/lightgallery-all.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Size 114 kB (114456 bytes)
Hash 2083eeef194af32db80a59d25aab2173
a3a64ac55f1c3db1af77b557fd6b15fab4b437b2
29903c5bea8030c189c2a863f8a79594f02ce5c58322d2f5063b5265efed7161
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/lightgallery-all.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "1bf18-5d9e13084e6b0"
accept-ranges: bytes
content-length: 114456
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm_dt_picker.js?ver=5.1.2
8.38.122.197200 OK 144 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm_dt_picker.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (6345)
Size 144 kB (143745 bytes)
Hash b976614f337b821f817f693e5970a410
df3ea44f4e022a258e2087fdace054838e34b64d
10bba1d290e50db78a800758934818ffbb5c8ef03174fd9902fd637cf3e292a3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/stm_dt_picker.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "23181-5d2c3afe19630"
accept-ranges: bytes
content-length: 143745
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
trc.pushnami.com/api/push/track
100.26.2.196204 No Content 0 B URL HTTP/2 trc.pushnami.com/api/push/track
IP 100.26.2.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/push/track HTTP/1.1
Host: trc.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Referer: https://www.cardealsnearyou.com/
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 10:20:20 GMT
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,key
access-control-max-age: 86400
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
X-Firefox-Spdy: h2
c.fqtag.com/pixel
35.190.72.161204 No Content 0 B IP 35.190.72.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /pixel HTTP/1.1
Host: c.fqtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 2364
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 26 Nov 2022 10:20:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11
8.38.122.197200 OK 471 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 903f30ae0d572a3e826035822357c72a
f27df3b8fcabf5785b9d4ab85496250f0d12acf0
80632d2682fa6b99e7158d49d43bc081ba2223499a2db0a892bcc2404e79344a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:11 GMT
etag: "1e4e6-5d9e13571c2f4"
accept-ranges: bytes
content-length: 124134
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
trc.pushnami.com/api/push/track
100.26.2.196200 OK 2 B URL HTTP/2 trc.pushnami.com/api/push/track
IP 100.26.2.196:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /api/push/track HTTP/1.1
Host: trc.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
content-type: application/x-www-form-urlencoded
key: 6307cede82599900146a1edc
Origin: https://www.cardealsnearyou.com
Content-Length: 126
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:20 GMT
content-type: text/html; charset=utf-8
content-length: 2
access-control-allow-origin: *
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
X-Firefox-Spdy: h2
pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
35.227.248.159302 Found 0 B URL HTTP/2 pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
IP 35.227.248.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /idsync/ex/receive?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP/1.1
Host: pixel.tapad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:20 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1669458020406;Expires=Wed, 25 Jan 2023 10:20:20 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=8a18daed-8af2-47e8-8b9b-dde981a0c88f;Expires=Wed, 25 Jan 2023 10:20:20 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 903f30ae0d572a3e826035822357c72a
f27df3b8fcabf5785b9d4ab85496250f0d12acf0
80632d2682fa6b99e7158d49d43bc081ba2223499a2db0a892bcc2404e79344a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4999
Cache-Control: max-age=155370
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:20 GMT
Etag: "638190c7-1d7"
Expires: Mon, 28 Nov 2022 05:29:50 GMT
Last-Modified: Sat, 26 Nov 2022 04:06:31 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
35.227.248.159302 Found 0 B URL HTTP/2 pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
IP 35.227.248.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /idsync/ex/receive/check?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP/1.1
Host: pixel.tapad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:20 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1669458020464;Expires=Wed, 25 Jan 2023 10:20:20 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=a6da084a-2453-4ceb-839b-7fb97d4ff113;Expires=Wed, 25 Jan 2023 10:20:20 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_3WAY_SYNCS=;Expires=Wed, 25 Jan 2023 10:20:20 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://a.clickcertain.com/px/ta/?done=true&ta_id=a6da084a-2453-4ceb-839b-7fb97d4ff113
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.11
8.38.122.197200 OK 383 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.11
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (64288)
Size 383 kB (382936 bytes)
Hash 71ce48ddf4cac7d8bce4c0f574c4b9ed
f9ef3531d6e74249531971735f6d7ec8a30c7fcd
81ff08960b407fde4ee478cf9e8804ca6daf5491d65932f255e24babed80d14b
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.11 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:11 GMT
etag: "5d7d8-5d9e13571da65"
accept-ranges: bytes
content-length: 382936
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v1/pushnami-adv/6307cede82599900146a1edc
54.230.111.113200 OK 70 kB URL HTTP/2 api.pushnami.com/scripts/v1/pushnami-adv/6307cede82599900146a1edc
IP 54.230.111.113:0
Hash 2e9252213442e4f16e466319eb882e71
3b7a4076b2a758938629979ec8a9c50b5367d3da
ba1ecae85734e646a8c2fa9ff38f8e2288921d12fed04168697045bae36b6786
GET /scripts/v1/pushnami-adv/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sat, 26 Nov 2022 10:15:47 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BHz2RVzKwGoBu5FBVwULdVTelKOYeIRYxy3xl1vOwFYBZ-0PXZmKjA==
age: 272
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 42f42e72339ab5e581d739e6a5f117c8
37440f4489831bff65e9833a8b9ba01872e4ec3c
d805c3880f5f6ebb2811b01306c196c28e65c4eddf1ac864cd5f605f5cf3b708
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134895
Date: Sat, 26 Nov 2022 10:20:20 GMT
Etag: "63815020-1d7"
Expires: Sun, 27 Nov 2022 23:48:35 GMT
Last-Modified: Fri, 25 Nov 2022 23:30:40 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HAkqlO1_PKpE6doWewG2l3QNd6aYFD8DCRfS-wSDSal-hqOyFlJgAA==
Age: 1075
a.clickcertain.com/px/ta/?ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/ta/?ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a
IP 104.26.8.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/ta/?ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&cn=NO
Cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:20 GMT
content-type: text/html
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
set-cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; Expires=Sun, 26 Nov 2023 10:20:20 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-4gz9x:cc-nginx-c76b96594-4gz9x
x-requestid: f325ae0e-3f02-4a9a-be58-ab06a4d5ba64
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PotaMVxJ%2BrTZKuwnXLPJ5BDtK3QlI3cgqqbLV4rWan7W3fg1XEoHSJ0EVQb5tYfTI%2F3zW2AVEgo4sKUaPjzy9WwvfVSDF29ZoDNGVJMOdSvN62geov8Zxv4%2FdOwMsuro2y5plQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e4118cbcb506-OSL
X-Firefox-Spdy: h2
i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253df2397e42%25252dc938%25252d4db0%25252db5c3%25252d04b0b68f6e8a%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&_li_chk=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&previous_uuid=b77386e03d5c453e8a6814bdb4599b44
34.195.237.112303 See Other 0 B URL HTTP/1.1 i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253df2397e42%25252dc938%25252d4db0%25252db5c3%25252d04b0b68f6e8a%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&_li_chk=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&previous_uuid=b77386e03d5c453e8a6814bdb4599b44
IP 34.195.237.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253df2397e42%25252dc938%25252d4db0%25252db5c3%25252d04b0b68f6e8a%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&_li_chk=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&previous_uuid=b77386e03d5c453e8a6814bdb4599b44 HTTP/1.1
Host: i.liadm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Sat, 26 Nov 2022 10:20:20 GMT
Content-Length: 0
Connection: keep-alive
Location: https://a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253df2397e42%252dc938%252d4db0%252db5c3%252d04b0b68f6e8a%2526anx_uId%253d%2524UID&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a
Set-Cookie: _li_ss=MgYIkgEQ2RM; Max-Age=2592000; Expires=Mon, 26 Dec 2022 10:20:20 GMT; SameSite=None; Path=/s; Secure
lidid=1a55f175-ffa0-438a-87dd-8887463ac48c; Max-Age=63072000; Expires=Mon, 25 Nov 2024 10:20:20 GMT; SameSite=None; Path=/; Domain=liadm.com; Secure
Request-Time: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains
a.clickcertain.com/px/ta/?done=true&ta_id=a6da084a-2453-4ceb-839b-7fb97d4ff113
104.26.8.50204 No Content 0 B URL HTTP/2 a.clickcertain.com/px/ta/?done=true&ta_id=a6da084a-2453-4ceb-839b-7fb97d4ff113
IP 104.26.8.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/ta/?done=true&ta_id=a6da084a-2453-4ceb-839b-7fb97d4ff113 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 10:20:20 GMT
set-cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; Expires=Sun, 26 Nov 2023 10:20:20 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-fvbxr:cc-nginx-c76b96594-fvbxr
x-requestid: 96aac0f6-8bca-4679-9541-b6f7433f252f
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OydpVv8CCj5gGolW9X1jg0A7Sr3pNbvC1ThVcX4ltTy7nh5%2BdcUeN%2FXf%2BGY8mtI2ilTyqB%2BD8YCZ18N76XR7XYHPMIwFSnazrNZZNpBq5uSN8RIIAqR0kjjixFe34ZwTYYf3dw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e41579d3b506-OSL
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/02/01.jpeg?id=6230
8.38.122.197200 OK 169 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/02/01.jpeg?id=6230
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x759, components 3\012- data
Size 169 kB (168966 bytes)
Hash 9bbb2b4a61d32c85b36d4a2b9b13f2af
297c996ceeaf68e10dd2e93191039e7169fc14ad
46726421207bd477e351650ad225bf408152d5e6f95c23e3614e74a5c21c3fdf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2022/02/01.jpeg?id=6230 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Feb 2022 22:54:58 GMT
etag: "29406-5d7250604432d"
accept-ranges: bytes
content-length: 168966
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
aux.fqtag.com/aux/p
35.190.13.203204 No Content 0 B IP 35.190.13.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /aux/p HTTP/1.1
Host: aux.fqtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 235
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 26 Nov 2022 10:20:21 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/03/02.jpg?id=1747
8.38.122.197404 Not Found 196 B URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/03/02.jpg?id=1747
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2021/03/02.jpg?id=1747 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/webfonts/fa-brands-400.woff2
8.38.122.197200 OK 77 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/webfonts/fa-brands-400.woff2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Hash f7307680c7fe85959f3ecf122493ea7d
fce0da592a3e536d6d5df5b50cb513398d8c5161
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1669458017
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:15:37 GMT
etag: "12bdc-5d9e1337455f6"
accept-ranges: bytes
content-length: 76764
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/io1Wf4rSHtoZ1h526tBordIxO5M-255x135.jpg
8.38.122.197200 OK 4.2 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/io1Wf4rSHtoZ1h526tBordIxO5M-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 3d1e88f35f2f14d4104beef3c515475c
2588cd75a75cc3697fb012aeb5351b906dd3643e
fdbcccbeaf42877b5d30f793ca0363a13d7e61e970ff767a6b584752818d1b2c
GET /wp-content/uploads/2015/12/io1Wf4rSHtoZ1h526tBordIxO5M-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 19:13:46 GMT
etag: "108b-5cc35bb09d0b5"
accept-ranges: bytes
content-length: 4235
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/01/3T3WJXA46INUXVHMZWIW2OP4FE-cr-1400-255x135.jpg
8.38.122.197200 OK 7.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/3T3WJXA46INUXVHMZWIW2OP4FE-cr-1400-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash ff6ba712527af496379f7f7604c6d5e7
1cb8ac447959e55f1e061cc1a68295036974f1ec
0e67156167f5722bdb7bda65451d3a46887d994d01d24ab77bd8f9a158f10a5b
GET /wp-content/uploads/2022/01/3T3WJXA46INUXVHMZWIW2OP4FE-cr-1400-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Jan 2022 17:26:35 GMT
etag: "1bba-5d53da36e24c6"
accept-ranges: bytes
content-length: 7098
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/01/NQN53HOWVI7RM5YQ6SKVFOK3GE-cr-860-255x135.jpg
8.38.122.197200 OK 6.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/NQN53HOWVI7RM5YQ6SKVFOK3GE-cr-860-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash f327702125a762eb039fe4b5d80c205a
46b97ec409c19ff74b50c722b46057d5b9259e47
5ef090f8cdb84f4b9c93140992d56e02fab63d8c8843c13a7ca1dd56933e5701
GET /wp-content/uploads/2022/01/NQN53HOWVI7RM5YQ6SKVFOK3GE-cr-860-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Jan 2022 17:02:36 GMT
etag: "19cc-5d53d4db4a844"
accept-ranges: bytes
content-length: 6604
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a22bc94a1116f343d9c3377cfd4fc5b2
b0bad6a620abd0c33a96c32721ad87849da9f9e6
294cd4b44650b17a93cbe9a4de887ad1da8ab8c11105707cccff17812a8d5890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/uploads/2022/01/2022-audi-a3-exterior-3-255x135.jpg
8.38.122.197200 OK 8.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/2022-audi-a3-exterior-3-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 5755a004944727d1d19720ee4c1e621e
757fabc9eb3166e810dd69667a72c5cf298fbd0d
b8c5215277dc00ca259bc091c029530c8e510bd441ff5fd5eaaa4ab9090a6406
GET /wp-content/uploads/2022/01/2022-audi-a3-exterior-3-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 19:14:05 GMT
etag: "21d2-5d4eeac8fc84d"
accept-ranges: bytes
content-length: 8658
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/09/Land-Rover-2020-7-255x135.jpg
8.38.122.197200 OK 5.9 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/09/Land-Rover-2020-7-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 26b2a4a9a0593c8f2058947b563d3c27
7bbc565109e384c149d57118c992eb97226468eb
acb2b9280e4a709120c9701a3208b2e62b51e8fe6b27251a1b69a5a2d3494741
GET /wp-content/uploads/2021/09/Land-Rover-2020-7-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:33:17 GMT
etag: "1713-5cc352a37a9f0"
accept-ranges: bytes
content-length: 5907
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2017/09/2018-toyota-camry-255x135.jpg
8.38.122.197200 OK 5.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2017/09/2018-toyota-camry-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash d2d370f81b534ab16ebdcdc6ba0e3add
792ca4fdb404b56101a3a9b64c1fcd814f43362b
b998dd034eda10934f1fb5ce7b5d050c5fecf13a128d5554d4a654a2715dd5a1
GET /wp-content/uploads/2017/09/2018-toyota-camry-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Nov 2021 23:18:02 GMT
etag: "15af-5d10440e9b570"
accept-ranges: bytes
content-length: 5551
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3df2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a%26anx_uId%3d%24UID
216.58.207.194302 Found 509 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3df2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a%26anx_uId%3d%24UID
IP 216.58.207.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (332), with CRLF, LF line terminators
Hash 5e89570d9a2c9915a35d7da6ea72e07e
e0b4f9ad6444597ce81e2d636bed0b20fed52690
35cd252400f016277ed72ea6c6ad7c62c4afc222b38aca14a7924253c1c627cd
GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3df2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a%26anx_uId%3d%24UID HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_tc=
date: Sat, 26 Nov 2022 10:20:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 509
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 26-Nov-2022 10:35:21 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_tc=
216.58.207.194302 Found 455 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_tc=
IP 216.58.207.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 7d4d214ac52714b73fe2b6ae9728dbd1
dbfa3f15e6173bcd27935679ac8706306bceb0c1
64ce8212e2ac1bc0e8dd0d8bd6243c0864d42fc6cecf4dd7a679a97bd653846e
GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_error=3
date: Sat, 26 Nov 2022 10:20:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 455
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash a5b57670d0b1426473ea6171db116b0c
343f16f54dc2310b361b05d33f004ac139701ae2
4e4bc1938962b77778cdfd44636b9ab3b8cc62405cbfcf72573e6afd1ee6c296
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 26 Nov 2022 10:20:20 GMT
Last-Modified: Sat, 26 Nov 2022 09:40:49 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8wsNsQ2AE3EpIkEDkE_8xfhDJBSjb9OnGCxNmEaiT9f7ZVU8Ay2reQ==
Age: 2371
www.cardealsnearyou.com/wp-content/uploads/2015/12/6-255x135.jpg
8.38.122.197200 OK 6.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/6-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash b22f163d8dd9f8686b1b33f48c05bf4f
7cfe5db549a478ede241bf589350fd5ff9f06045
5faa004936437d1e03a1bddc087770ee81bb840184669c6e46730a8fc4864f49
GET /wp-content/uploads/2015/12/6-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:57:33 GMT
etag: "1a73-5cc35810a54b3"
accept-ranges: bytes
content-length: 6771
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a22bc94a1116f343d9c3377cfd4fc5b2
b0bad6a620abd0c33a96c32721ad87849da9f9e6
294cd4b44650b17a93cbe9a4de887ad1da8ab8c11105707cccff17812a8d5890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/uploads/2015/12/hondaaccord1-255x135.jpg
8.38.122.197200 OK 7.2 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/hondaaccord1-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 1354b99ee4e1ea202f38d762968685ec
3bb97d0707619d1b1ab5c46a3f17b43875095984
25e6ce80e7820c2e38de6bebfa3a9f85fd1022b36a746bd6a6b8f48f12566a20
GET /wp-content/uploads/2015/12/hondaaccord1-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 19:05:06 GMT
etag: "1c24-5cc359c00e8d9"
accept-ranges: bytes
content-length: 7204
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/service-worker.js
8.38.122.197200 OK 106 B URL HTTP/2 www.cardealsnearyou.com/service-worker.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with no line terminators
Hash c7c0044df4e13403015baf77b1bb5a2f
95b41a3bac71a03a227348d758fbff4447aa8d07
f8aa7d28657b722d4ac9cf4875dcc7e3bae24827acbb8264b60c147bc77c0c69
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 26 Nov 2022 10:10:28 GMT
etag: "6a-5ee5cd903f561"
accept-ranges: bytes
content-length: 106
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
date: Sat, 26 Nov 2022 10:20:19 GMT
server: Apache
X-Firefox-Spdy: h2
a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253df2397e42%252dc938%252d4db0%252db5c3%252d04b0b68f6e8a%2526anx_uId%253d%2524UID&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a
104.26.8.50302 Found 471 B URL HTTP/2 a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253df2397e42%252dc938%252d4db0%252db5c3%252d04b0b68f6e8a%2526anx_uId%253d%2524UID&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a
IP 104.26.8.50:0
Hash 6b1375db6e7919543da75a804b4a3c36
3cdcd700fe8bb67280884772ae99f25f9e8c2433
1c21e7f8a4aeb30778ac0f67f396b0f70f29a0ab74b6120b7b400f4b070c593e
GET /px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253df2397e42%252dc938%252d4db0%252db5c3%252d04b0b68f6e8a%2526anx_uId%253d%2524UID&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:21 GMT
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3df2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a%26anx_uId%3d%24UID
set-cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; Expires=Sun, 26 Nov 2023 10:20:20 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-4gz9x:cc-nginx-c76b96594-4gz9x
x-requestid: b417ef61-15e8-4394-95eb-f90e7f2b49f5
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LInfNiGH0USm1LnXBXRyINaKoRv7sc%2FKHQyX9Co2%2FThSS%2Bu5ZLnOPVGBAprmYsM948Gs4wqpGO8%2FbehMMHxfJRe4C3%2FlOVwjCnbkg6EtgURx%2BZ33N%2BfrXtmp6OFlsWhb47uviQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e416bbc4b506-OSL
X-Firefox-Spdy: h2
rtclx.com/s/?p=7279
23.22.38.158204 No Content 0 B IP 23.22.38.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /s/?p=7279 HTTP/1.1
Host: rtclx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 220
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 10:20:21 GMT
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,X-Forwarded-For,X-Forwarded-Proto,If-Modified-Since,referer,Cache-Control,Content-Type,Range,Pragma,Accept,Accept-Encoding,Accept-Language
X-Firefox-Spdy: h2
a.browserspeed.support/cs?puid=646f441b-49b0-5b9c-be38-58e1691470f0&pid=lc
35.82.220.221302 Found 24 B URL HTTP/2 a.browserspeed.support/cs?puid=646f441b-49b0-5b9c-be38-58e1691470f0&pid=lc
IP 35.82.220.221:0
File type HTML document, ASCII text
Hash cd5fa747861f510d1d45ab9dc80a16a0
90d910869fbe5e0f79b7f7e58f59f5303f46ad78
5bdd19de1ad3c04f1a88334882b16565cef8ac274902e671a72ebebdb35c697c
GET /cs?puid=646f441b-49b0-5b9c-be38-58e1691470f0&pid=lc HTTP/1.1
Host: a.browserspeed.support
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: awselb/2.0
date: Sat, 26 Nov 2022 10:20:21 GMT
content-type: text/html; charset=utf-8
content-length: 24
location: https://a.browserspeed.support/
set-cookie: tuid=7f981e73-a4bf-464c-8577-99f986febbc7; Path=/; Domain=a.browserspeed.support; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
8.38.122.197200 OK 75 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Web Open Font Format (Version 2), TrueType, length 75368, version 330.32636\012- data
Hash 859c4002d9954718cac1ddea5555698f
2392ce297c92bcf2c7d5a4c461a582dadc8039c8
5054ab369966fea3657ac6af00c3bc47bdc9e7b5114e61d1764be06213ca9781
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "12668-5d9e136b0fc7a"
accept-ranges: bytes
content-length: 75368
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 26 Nov 2022 10:20:20 GMT
server: Apache
X-Firefox-Spdy: h2
secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=$UID
37.252.171.84307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=$UID
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=$UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 10:20:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42-c938-4db0-b5c3-04b0b68f6e8a%26anx_uId%3D%24UID
AN-X-Request-Uuid: 6cd3052f-05b1-410e-8033-59c508fc4c6c
Set-Cookie: uuid2=4183665624052805188; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 24-Feb-2023 10:20:21 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
a.browserspeed.support/
35.82.220.221200 OK 4 B IP 35.82.220.221:0
File type ASCII text, with no line terminators
Hash 72054d9a6fbdcc7df012e19f32345b65
52dd4c74c813db3790179c4f236ceadaca3467a8
c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: a.browserspeed.support
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: tuid=7f981e73-a4bf-464c-8577-99f986febbc7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: awselb/2.0
date: Sat, 26 Nov 2022 10:20:21 GMT
content-type: application/json; charset=utf-8
content-length: 4
set-cookie: tuid=7f981e73-a4bf-464c-8577-99f986febbc7; Path=/; Domain=a.browserspeed.support; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42-c938-4db0-b5c3-04b0b68f6e8a%26anx_uId%3D%24UID
37.252.171.84302 Found 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42-c938-4db0-b5c3-04b0b68f6e8a%26anx_uId%3D%24UID
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42-c938-4db0-b5c3-04b0b68f6e8a%26anx_uId%3D%24UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 10:20:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=0
AN-X-Request-Uuid: 8a0a3beb-847e-4132-99ff-4d34b7e5e969
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
www.cardealsnearyou.com/wp-content/uploads/2021/09/02.jpg
8.38.122.197200 OK 271 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/09/02.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, baseline, precision 8, 1920x450, components 3\012- data
Size 271 kB (271281 bytes)
Hash 054f6ba2c1b361dbfee5d38a63d0126c
b7cce95247af8bb050e92ee4cc9f06bda213f0ac
89f03002262b38ce4d110d2e2a95a68fea59392a13c72c3d84384e9c094ee598
GET /wp-content/uploads/2021/09/02.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761; _gcl_au=1.1.1884459440.1669458019
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 22:18:11 GMT
etag: "423b1-5cc384e91f130"
accept-ranges: bytes
content-length: 271281
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:20 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/assets/loader.gif
8.38.122.197200 OK 2.5 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/assets/loader.gif
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type GIF image data, version 89a, 24 x 24\012- data
Hash 4b3afb84b2b71ef56df09997a350bd04
accdac8a7abeab0e21c49539aad0a973addb28ef
9034d5d34015e4b05d2c1d1a8dc9f6ec9d59bd96d305eb9e24e24e65c591a645
GET /wp-content/plugins/revslider/public/assets/assets/loader.gif HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11
Cookie: stm_visitor_1=60201761; _gcl_au=1.1.1884459440.1669458019
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:09 GMT
etag: "9f1-5d9e135543fa6"
accept-ranges: bytes
content-length: 2545
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
date: Sat, 26 Nov 2022 10:20:21 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/stm-slide-2-50x100.jpg
8.38.122.197200 OK 1.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/stm-slide-2-50x100.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x100, components 3\012- data
Hash 8221013173b2d9bbba64fe5b414d8656
7093ef97cd16becf037f06a76eec9a238a6d0455
28da6b49c7d5ef55c4dddeb68cf86bfbe43f43b39a03385b19e9ec6124165b59
GET /wp-content/uploads/revslider/home_slider/stm-slide-2-50x100.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761; _gcl_au=1.1.1884459440.1669458019
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 21:37:23 GMT
etag: "713-5cc37bc9edf1d"
accept-ranges: bytes
content-length: 1811
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:21 GMT
server: Apache
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/unip/1122536/tfa.js
151.101.85.44200 OK 18 kB URL HTTP/2 cdn.taboola.com/libtrc/unip/1122536/tfa.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (58511)
Hash 78b77d9b6889711d949558aa54b23440
ff82a58405df37ef8dfc81a089afc2cc384e0f3d
87b97fb8655ecc9ff19f71edec3b567bbe5d847cc8b16a91f58bdc5a4ab492de
GET /libtrc/unip/1122536/tfa.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TenLWvh+GzQ5U7Jk0Hyw2gF8+tCQOpsVm2scWt8S2BY1t8g/12Mdmrsh62jgb+LJKE7SC7RzCaSm/qX3L7rHCA==
x-amz-request-id: VC173Q28P3YB1PVX
x-amz-replication-status: COMPLETED
last-modified: Sun, 20 Nov 2022 11:24:46 GMT
etag: "274218232d3407760e8911c5e304b2af"
x-amz-version-id: ltiqNd9vZlYUzfyesxBQm5oVs90yKNE5
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 10:20:22 GMT
via: 1.1 varnish
age: 103
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669458022.234324,VS0,VE3
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 80
content-length: 17953
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 26 Nov 2022 08:41:08 GMT
expires: Sat, 26 Nov 2022 10:41:08 GMT
cache-control: public, max-age=7200
age: 5954
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&ct_cookie_present=1
142.250.74.162200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&ct_cookie_present=1
IP 142.250.74.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 26 Nov 2022 10:20:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 26-Nov-2022 10:35:22 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/siteimpact-network/loader.js
151.101.85.44200 OK 27 kB URL HTTP/2 cdn.taboola.com/libtrc/siteimpact-network/loader.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65476)
Hash 10779ba97215d4f7bae70d91b052b2f1
f8309679d259d90f28511004bca583b7477d35da
674e483786b89edf3f5d09aa1814a3cb15af9f04098ed68120e2d4c63129ff94
GET /libtrc/siteimpact-network/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "04e344a90a70c12e04973ddf65b8a92988bd9cc5"
last-modified: Sat, 26 Nov 2022 03:08:46 UTC
x-amz-id-2: Y+dDM/iH1Q2feik+QY9sJJ1WzVqHZKjHnQISTOxkoQJ2OI7egMb2zDJhvE8ust2smHuN6ckZb4Hl5T/PFMeKdQ==
x-amz-request-id: PEYPSXW7ZWZCYWPF
x-amz-version-id: XbTGhIa_AZwLJtmXDWOBXY0Bg6OnB3Ai
x-from-cache: 1
x-envoy-upstream-service-time: 9
accept-ranges: bytes
date: Sat, 26 Nov 2022 10:20:22 GMT
via: 1.1 varnish
age: 103
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669458022.256767,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding, Accept-Encoding
abp: 28
content-length: 26737
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 30f833b25d6e5af2229d9584c6f6cf97
ee79c3fa994d53c1d0687ca61353d63cce459e25
1bc091991c4663dbc86ae735e47ddc3e887a24661050ad9f24b8d458bfd11a6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
216.58.211.10200 OK 23 B URL HTTP/2 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 216.58.211.10:0
File type JSON data\012- , ASCII text
Hash e3981ca10169a319d5aa062bf43a5fa1
2c6ed584767b65688ce99b1ebe1a3b7448a67421
8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 26 Nov 2022 10:20:22 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5c8551591e515d9029e8c9a29804eecb
1298f0c1b78880a93b57d06eeecddc8f668208b9
87bd2ac1ed0fcd041651ce64766499da60cc349352b42f5bf28ace8ef647a72a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 10:20:22 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 01:56:51 GMT
Expires: Sat, 03 Dec 2022 01:56:50 GMT
Etag: "1298f0c1b78880a93b57d06eeecddc8f668208b9"
Cache-Control: max-age=573987,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7701e41d48a7b50c-OSL
www.google.com/pagead/1p-conversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
142.250.74.164302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 142.250.74.164:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 26 Nov 2022 10:20:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
216.58.211.10200 OK 23 B URL HTTP/2 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 216.58.211.10:0
File type JSON data\012- , ASCII text
Hash e3981ca10169a319d5aa062bf43a5fa1
2c6ed584767b65688ce99b1ebe1a3b7448a67421
8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 26 Nov 2022 10:20:22 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.clickcertain.com/px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=0
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=0
IP 104.26.8.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=0 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:21 GMT
content-type: text/html
location: https://x.bidswitch.net/sync?dsp_id=179&user_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&expires=5&user_group=0
set-cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; Expires=Sun, 26 Nov 2023 10:20:21 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-f42zd:cc-nginx-c76b96594-f42zd
x-requestid: c103110e-69cd-4a2b-97a3-35763ca60a7d
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i58xEqSou9Iob0bQXAy9CCTnV7elPKgUaEL3TduhVj6y4Dro29J2NIvRzSY%2FmCv9NgEREDkijHO%2F4l8FhAKbkhCIq8oMI7LK91EVzfszozwStkizqlXmP%2F%2F%2FP1VbaD17m2ig3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e41bb9d2b506-OSL
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&expires=5&user_group=0
52.29.215.78200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&expires=5&user_group=0
IP 52.29.215.78:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=179&user_id=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&expires=5&user_group=0 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:22 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
143.204.55.20200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
IP 143.204.55.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Hash e0652b84b7b3b650769c759fc520c3f8
0b55d6e28613350c7f41b88f19e726e6751ad03b
94b4c240f83065223dcacdd3f8b69cb229d0616edc3e2041eef3e270d859fc3d
GET /box-5e66f98b4ee957db209dc6f63e3d59dd.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Wed, 23 Nov 2022 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4Fz4DXySajdtFMD8Qoc7LyGd1hrygOGOtzPcCqeqLaKU4M7VAnuy1w==
age: 249016
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20220503-18-RELEASE.js
151.101.85.44200 OK 133 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20220503-18-RELEASE.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65508)
Size 133 kB (132588 bytes)
Hash defdab8a5f7034eb7f08c19866fa7ac5
d180f795a8cd7f7164c71ee54af461e4a70080e6
2dd0eacab9c1b4b02cbc7e3a20fbc950f6823d34473fa63dcbebf7376a51cf5b
GET /libtrc/impl.20220503-18-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: vUYHuaWuGhSkWG7tmaVV+/AraDrOSmGxQZ9vSGtz3bgkcdWKmmHv3zMnmv3DKL0FrDiemFhfRGY=
x-amz-request-id: PQMF8MZ1CYSKEAH7
last-modified: Sun, 08 May 2022 10:32:39 GMT
etag: "defdab8a5f7034eb7f08c19866fa7ac5"
content-encoding: br
x-amz-version-id: 18oAbik0LYD7YzztmCIoH2rcA8SpF7lR
content-type: application/javascript
accept-ranges: bytes
date: Sat, 26 Nov 2022 10:20:22 GMT
via: 1.1 varnish
age: 18147
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669458023.643970,VS0,VE1
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 80
server: AmazonS3-br
content-length: 132588
X-Firefox-Spdy: h2
script.hotjar.com/modules.e1bdbadbcc63daea6270.js
143.204.55.68200 OK 69 kB URL HTTP/2 script.hotjar.com/modules.e1bdbadbcc63daea6270.js
IP 143.204.55.68:0
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash 53db6c810ee48127f87a9c79e206fc67
aa53e521ba10b23524afc519c6e6ba8d1eb5147c
f89c4d3c17828a5c54ecc60f5107e2bfe92cb8b4622fb766fda6d1fca1c95fdd
GET /modules.e1bdbadbcc63daea6270.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 68720
date: Thu, 24 Nov 2022 08:09:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "53db6c810ee48127f87a9c79e206fc67"
last-modified: Thu, 24 Nov 2022 08:08:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QpxfWBsEOoOga1twJUvEEId7FZY9Bspo1o5UKb8lO-yMuyJOQOK9MA==
age: 180676
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f3424fd0abb5ab18be62cd209cb3d3dc
dbb2a21b12e92c8837c4346b6d052454bb6dffd6
e69548655278cf6a48fce549928656eb5a91d787e7b1afc12959e2bffb58990b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-conversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.3200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.3:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/756219746/?random=1669458019277&cv=11&fst=1669458019277&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=n0T0CLD9kuMBEOL-y-gC&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cardealsnearyou.com%2F&tiba=Front%20page%20-%20Car%20Deals%20Near%20You&value=0&bttype=purchase&auid=1884459440.1669458019&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 26 Nov 2022 10:20:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-172606863-1&cid=2057272773.1669458022&jid=1692832902&gjid=385264568&_gid=1572591897.1669458022&_u=YEBAAEAAAAAAACAAI~&z=1049170740
142.251.1.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-172606863-1&cid=2057272773.1669458022&jid=1692832902&gjid=385264568&_gid=1572591897.1669458022&_u=YEBAAEAAAAAAACAAI~&z=1049170740
IP 142.251.1.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-172606863-1&cid=2057272773.1669458022&jid=1692832902&gjid=385264568&_gid=1572591897.1669458022&_u=YEBAAEAAAAAAACAAI~&z=1049170740 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.cardealsnearyou.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 26 Nov 2022 10:20:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f3424fd0abb5ab18be62cd209cb3d3dc
dbb2a21b12e92c8837c4346b6d052454bb6dffd6
e69548655278cf6a48fce549928656eb5a91d787e7b1afc12959e2bffb58990b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/slide-1.jpg
8.38.122.197200 OK 397 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/slide-1.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x599, components 3\012- data
Size 397 kB (396968 bytes)
Hash 8c05c26f1076baa2687a3710eaf10563
65f7011a1ed66f6a564708a93b311811e1de9c0f
0470dc5271de8c95437a5d7d31eaa606b7876c6ec3c7db4f7ab7723eb5a6769d
GET /wp-content/uploads/revslider/home_slider/slide-1.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761; _gcl_au=1.1.1884459440.1669458019
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 17:51:18 GMT
etag: "60ea8-5cc349410290a"
accept-ranges: bytes
content-length: 396968
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:21 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/favicon.ico
8.38.122.197404 Not Found 196 B URL HTTP/2 www.cardealsnearyou.com/favicon.ico
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
GET /favicon.ico HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761; _gcl_au=1.1.1884459440.1669458019
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Sat, 26 Nov 2022 10:20:22 GMT
server: Apache
X-Firefox-Spdy: h2
sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1669458021914&ns_c=UTF-8&c7=https%3A%2F%2Fwww.cardealsnearyou.com%2F&c8=Front%20page%20-%20Car%20Deals%20Near%20You&c9=
143.204.55.94204 No Content 0 B URL HTTP/2 sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1669458021914&ns_c=UTF-8&c7=https%3A%2F%2Fwww.cardealsnearyou.com%2F&c8=Front%20page%20-%20Car%20Deals%20Near%20You&c9=
IP 143.204.55.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1669458021914&ns_c=UTF-8&c7=https%3A%2F%2Fwww.cardealsnearyou.com%2F&c8=Front%20page%20-%20Car%20Deals%20Near%20You&c9= HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 10:20:22 GMT
set-cookie: UID=1D34b321f33e7cc259b6ae51669458022; domain=.scorecardresearch.com; path=/; max-age=62208000
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gBZ2tFv3qNoCYL_ByAUxs8JnGlnvJddjLcDf8kq9p49luNo5GD-_hQ==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e87d5c628a1332905189e7661b787164
b9d5398e4c3988032da4fc2e3010def9907b7808
f8d4d71b96f74664ddd70227b8462bb527a35fd57eec243549f63b4d679381af
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3086
Cache-Control: max-age=92270
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:23 GMT
Etag: "6380a1c7-139"
Expires: Sun, 27 Nov 2022 11:58:13 GMT
Last-Modified: Fri, 25 Nov 2022 11:06:47 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
trc-events.taboola.com/siteimpact-cardealsnearyou/log/2/debug?tim=10%3A20%3A22.073&type=usage&msg=rtus&llvl=2&id=222&cv=20220503-18-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/siteimpact-cardealsnearyou/log/2/debug?tim=10%3A20%3A22.073&type=usage&msg=rtus&llvl=2&id=222&cv=20220503-18-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /siteimpact-cardealsnearyou/log/2/debug?tim=10%3A20%3A22.073&type=usage&msg=rtus&llvl=2&id=222&cv=20220503-18-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sat, 26 Nov 2022 10:20:23 GMT
x-fastly-to-nlb-rtt: 22456
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 08435750e1dd4b208d3212b05d30e71c
dc45a782f14424ced39c331909d357ead0e52a37
a5e4bb78cd86d7d642301bb5a249d963f0d12fc7b2a4ab4ffe24b35555847855
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=110652
Date: Sat, 26 Nov 2022 10:20:23 GMT
Etag: "6380de5e-1d7"
Expires: Sun, 27 Nov 2022 17:04:35 GMT
Last-Modified: Fri, 25 Nov 2022 15:25:18 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EG5kt-V7fWYw7623cLW7lqevMAnJ0piHj5_pAEaJJIiWG6YZfARPiQ==
Age: 5957
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 228394
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
in.hotjar.com/api/v2/client/sites/1899855/visit-data?sv=6
63.35.111.165200 OK 95 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/1899855/visit-data?sv=6
IP 63.35.111.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 039d32f7359c34eee13f02bae640eff7
7550a24e404da6c533fa8597113eec17a6d55f4c
1874a3ed03bfe4289ca3a8cc3c495a498033ddb248a6fbdcdce02e70065eca54
POST /api/v2/client/sites/1899855/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 130
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 121 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
Size 121 kB (120789 bytes)
Hash 4401352af0d6b3ef35edc73f198899b2
9091b11bc04235bd38d1705fe141d2595f85ecb7
227fded330b0969aa4b06db895cfbb98e745eed187f17a9ac8fd2707fe42fe04
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:22 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 824751
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.cardealsnearyou.com/service-worker.js
8.38.122.197304 Not Modified 0 B URL HTTP/2 www.cardealsnearyou.com/service-worker.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: stm_visitor_1=60201761; _gcl_au=1.1.1884459440.1669458019; _ga=GA1.2.2057272773.1669458022; _gid=GA1.2.1572591897.1669458022; _gat_UA-172606863-1=1; _hjSessionUser_1899855=eyJpZCI6ImJmZTljYjNjLTEyNGItNWQ1Zi05YTg4LTJhNmI3M2Y2M2NmYSIsImNyZWF0ZWQiOjE2Njk0NTgwMjE5ODAsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=1; _hjSession_1899855=eyJpZCI6ImUyMmNiMTE5LTdhZmItNDUxNy05OWQ2LTNlODc2NDQ3MDVkYyIsImNyZWF0ZWQiOjE2Njk0NTgwMjIxNDIsImluU2FtcGxlIjp0cnVlfQ==; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Sat, 26 Nov 2022 10:10:28 GMT
If-None-Match: "6a-5ee5cd903f561"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
last-modified: Sat, 26 Nov 2022 10:10:28 GMT
etag: "6a-5ee5cd903f561"
accept-ranges: bytes
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 26 Nov 2022 10:20:23 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 2f430e776295c8a092ddc55a2884da0a
e3f281f24cba695cffbadec33c5e84345cb85197
0b3dae016bcce1949ee52c22d6082e9a8e5477bf307cd629c45a55bbdd55f05b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2955
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:23 GMT
Last-Modified: Sat, 26 Nov 2022 09:31:09 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=l42jVl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMlMkY4blNTbWg1YlpocG5SQ1IwRUR5QUxrJTJGa1hWQW1GaVJUa29PZnc1dUxN; expires=Thu, 21 Dec 2023 10:20:24 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 146495
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 6133568bfacb7548c70e5ebc0f9223c8
26f424b5dfe87e27a3057f6937b70f583caeead3
db5ce4366fb7fe75f1e2e79d7374da572fd78e84f35ce537bf734ff64a1beaa5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4813
Cache-Control: max-age=90055
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:24 GMT
Etag: "63809262-139"
Expires: Sun, 27 Nov 2022 11:21:19 GMT
Last-Modified: Fri, 25 Nov 2022 10:01:06 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 6133568bfacb7548c70e5ebc0f9223c8
26f424b5dfe87e27a3057f6937b70f583caeead3
db5ce4366fb7fe75f1e2e79d7374da572fd78e84f35ce537bf734ff64a1beaa5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4813
Cache-Control: max-age=90055
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:24 GMT
Etag: "63809262-139"
Expires: Sun, 27 Nov 2022 11:21:19 GMT
Last-Modified: Fri, 25 Nov 2022 10:01:06 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
trc-events.taboola.com/1122536/log/3/unip?en=pre_d_eng_tb&tos=1689&scd=18&ssd=1&est=1669458021519&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1669458023210&vi=1669458021517&ri=2c4202578781a0a75eb5f707a543abfb&ref=null&cv=20221117-23-RELEASE&item-url=https%3A%2F%2Fwww.cardealsnearyou.com%2F
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1122536/log/3/unip?en=pre_d_eng_tb&tos=1689&scd=18&ssd=1&est=1669458021519&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1669458023210&vi=1669458021517&ri=2c4202578781a0a75eb5f707a543abfb&ref=null&cv=20221117-23-RELEASE&item-url=https%3A%2F%2Fwww.cardealsnearyou.com%2F
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1122536/log/3/unip?en=pre_d_eng_tb&tos=1689&scd=18&ssd=1&est=1669458021519&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1669458023210&vi=1669458021517&ri=2c4202578781a0a75eb5f707a543abfb&ref=null&cv=20221117-23-RELEASE&item-url=https%3A%2F%2Fwww.cardealsnearyou.com%2F HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 26 Nov 2022 10:20:24 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://www.cardealsnearyou.com/
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:24 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://www.cardealsnearyou.com
server-processing-duration-in-ticks: 678738
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
psp.pushnami.com/api/psp
52.54.160.235200 OK 69 B IP 52.54.160.235:0
File type JSON data\012- , ASCII text, with no line terminators
Hash cef934af42a2b3c3a2ef347da15d70ee
f83f1f069fcc230e3c9397653eef8ddd4d66c9a9
47e250e449472cb557a99ef04f6b6b5a407034f197d911e6301193c20c2f1cee
OPTIONS /api/psp HTTP/1.1
Host: psp.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Referer: https://www.cardealsnearyou.com/
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:24 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-credentials: true
access-control-expose-headers: content-type, content-length, etag
access-control-max-age: 600
access-control-allow-headers: key
access-control-allow-methods: POST
cache-control: no-cache
vary: accept-encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.138200 OK 76 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.138:0
Hash a30bb584d4b6a2b20a3d9dcccb3dc76e
f1bc7ca1524d0441c19a190f10e5c3a4168da69b
eb05f3540fa1ee7ad2b5f3b35a56e12b1ad7eb135863a50ebdb90e6c290c77fd
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 100519
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9aaa274664972b294098fbb45bec1e5c
b41c09331d833d84d0ab4bc5d4406dc19d64e71a
3a517d69ba3f37dafb7943bb0b2684cbdeb8ffbdf1fcbab23bd6c5da392e19b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4389
Cache-Control: max-age=112695
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 10:20:24 GMT
Etag: "6380ec7a-139"
Expires: Sun, 27 Nov 2022 17:38:39 GMT
Last-Modified: Fri, 25 Nov 2022 16:25:30 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:24 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
142.250.74.110200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.110:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sat, 26 Nov 2022 10:20:22 GMT
date: Sat, 26 Nov 2022 10:20:22 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=dO0wgelYojo; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=c92u7yCyrfc; Domain=.youtube.com; Expires=Thu, 25-May-2023 10:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+687; expires=Mon, 25-Nov-2024 10:20:22 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/app.css?ver=5.1.2
8.38.122.197200 OK 0 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/app.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/dist/app.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "7af78-5d2c3afd62c0f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
a.clickcertain.com/px/r/?ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/r/?ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a
IP 104.26.8.50:0
GET /px/r/?ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&cn=NO
Cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:20 GMT
content-type: text/html
location: https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253df2397e42%25252dc938%25252d4db0%25252db5c3%25252d04b0b68f6e8a%252526anx_uId%25253d%252524UID
set-cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; Expires=Sun, 26 Nov 2023 10:20:20 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-92mk2:cc-nginx-c76b96594-92mk2
x-requestid: 017bf366-443e-4676-bf7e-a1235c02a735
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHhnUYMMfqBI9vacwrXD0W0AznmGw58hLHyNF894t0sfQKwm9YwCadIz8wGSU7sv6KXgG3ArEc1ggfbS37rOyTaJzZbN%2FL8VN8DCO7f8gwdlLBMgYLkpdf6a2B%2FAojXumg2QGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e4118cc6b506-OSL
X-Firefox-Spdy: h2
a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&cn=NO
104.26.8.50200 OK 0 B URL HTTP/2 a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&cn=NO
IP 104.26.8.50:0
GET /px/cont/?c=243b667b11e7ebf&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&cn=NO HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:19 GMT
content-type: text/html
etag: W/"ZjIzOTdlNDJnYzkzOGc0ZGIwZ2I1YzNnMDRiMGI2OGY2ZThhLXow"
set-cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; Expires=Sun, 26 Nov 2023 10:20:19 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-f42zd:cc-nginx-c76b96594-f42zd
x-requestid: e1ff85bd-6ebb-4a52-bf63-8f80afcafb2c
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72xFER%2FnR3wl1CP3w6CoO36p6z6Ng6Uf8KjM53%2FIdIk7HDGIUwRu05kSiqSBdmfLlaOcRRbFdzA8G5uF%2B7TQPzRm%2FbSIuIuWri90hJviTsCvbmAraYHe4oRgot5rAgLbAgzVxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e40e68fbb506-OSL
content-encoding: br
X-Firefox-Spdy: h2
trc.taboola.com/1122536/trc/3/json?tim=1669458021522&data=%7B%22id%22%3A44%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1669458021517%2C%22cv%22%3A%2220221117-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-trafficsourcedeliverymarketercom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1669458021522%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A18%2C%22supv%22%3Atrue%7D%7D&pubit=i
151.101.85.44200 OK 0 B URL HTTP/2 trc.taboola.com/1122536/trc/3/json?tim=1669458021522&data=%7B%22id%22%3A44%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1669458021517%2C%22cv%22%3A%2220221117-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-trafficsourcedeliverymarketercom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1669458021522%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A18%2C%22supv%22%3Atrue%7D%7D&pubit=i
IP 151.101.85.44:0
GET /1122536/trc/3/json?tim=1669458021522&data=%7B%22id%22%3A44%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1669458021517%2C%22cv%22%3A%2220221117-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-trafficsourcedeliverymarketercom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1669458021522%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A18%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 10:20:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1670-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669458023.648295,VS0,VE96
vary: Accept-Encoding
x-vcl-time-ms: 96
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.210200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.210:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 105424
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.cardealsnearyou.com/
8.38.122.197200 OK 0 B IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-b-cache: BYPASS
link: <https://www.cardealsnearyou.com/wp-json/>; rel="https://api.w.org/", <https://www.cardealsnearyou.com/wp-json/wp/v2/pages/1360>; rel="alternate"; type="application/json", <https://www.cardealsnearyou.com/>; rel=shortlink
set-cookie: stm_visitor_1=60201761; expires=Mon, 26-Dec-2022 10:20:17 GMT; Max-Age=2592000; path=/
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/html; charset=UTF-8
date: Sat, 26 Nov 2022 10:20:17 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=5.1.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=5.1.2
IP 142.250.74.10:0
GET /css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=5.1.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 10:20:18 GMT
date: Sat, 26 Nov 2022 10:20:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.clickcertain.com/px/smart/a/?c=243b667b11e7ebf
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/smart/a/?c=243b667b11e7ebf
IP 104.26.8.50:0
GET /px/smart/a/?c=243b667b11e7ebf HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:19 GMT
content-type: text/javascript
location: https://a.clickcertain.com/px/?c=243b667b11e7ebf
set-cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; Expires=Sun, 26 Nov 2023 10:20:19 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-tgrs9:cc-nginx-c76b96594-tgrs9
x-requestid: 8ee9d338-8dc1-45bc-8b5b-d69fe0a54b7b
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7FnKiQNp6NoIJurjdMiiV%2BP2cM%2BGeLvfVSdvXBw0N%2BI0p4I0avmtAXjVr5OFmxrHPtUtNCepvlSuq%2FHkU72KoEvY2gJJ2iWm2oBDA%2BfdcJwJ0UaiDQ4NYD2DawOO27gKlv%2BeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e40a4bc7b506-OSL
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=l42jVl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMlMkY4blNTbWg1YlpocG5SQ1IwRUR5QUxrJTJGa1hWQW1GaVJUa29PZnc1dUxN
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=hH8uNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMlMkY4blNTbWg1YlpocG5SQ1IwRUR5Q2RZNDRCVk5ySTZCWEYlMkZJckJZZVo4; expires=Thu, 21 Dec 2023 10:20:24 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 350652
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=cardealsnearyou.com&sn=FirefoxSyncframe&so=0&topUrl=www.cardealsnearyou.com&info=hH8uNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMlMkY4blNTbWg1YlpocG5SQ1IwRUR5Q2RZNDRCVk5ySTZCWEYlMkZJckJZZVo4&idsd=1775183211,835636547&cw=1&rtusCallerId=72&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=cardealsnearyou.com&sn=FirefoxSyncframe&so=0&topUrl=www.cardealsnearyou.com&info=hH8uNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMlMkY4blNTbWg1YlpocG5SQ1IwRUR5Q2RZNDRCVk5ySTZCWEYlMkZJckJZZVo4&idsd=1775183211,835636547&cw=1&rtusCallerId=72&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=rtus&domain=cardealsnearyou.com&sn=FirefoxSyncframe&so=0&topUrl=www.cardealsnearyou.com&info=hH8uNl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMlMkY4blNTbWg1YlpocG5SQ1IwRUR5Q2RZNDRCVk5ySTZCWEYlMkZJckJZZVo4&idsd=1775183211,835636547&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1238462
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v1/hub
54.230.111.113200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v1/hub
IP 54.230.111.113:0
GET /scripts/v1/hub HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Sat, 26 Nov 2022 09:29:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: X-Requested-With
content-security-policy: default-src 'unsafe-inline' *
x-content-security-policy: default-src 'unsafe-inline' *
x-webkit-csp: default-src 'unsafe-inline' *
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6EKO37jN2SEv0U90o9biqQbl6fdQxF7a5TqBHd4eHdFDT7XTrV7qpQ==
age: 3052
X-Firefox-Spdy: h2
ws35.hotjar.com/api/v2/sites/1899855/recordings/content
54.76.78.98200 OK 0 B URL HTTP/2 ws35.hotjar.com/api/v2/sites/1899855/recordings/content
IP 54.76.78.98:0
POST /api/v2/sites/1899855/recordings/content HTTP/1.1
Host: ws35.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 445148
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
psp.pushnami.com/api/psp
52.54.160.235200 OK 0 B IP 52.54.160.235:0
POST /api/psp HTTP/1.1
Host: psp.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
content-type: application/x-www-form-urlencoded
key: 6307cede82599900146a1edc
Origin: https://www.cardealsnearyou.com
Content-Length: 46
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:24 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-credentials: true
cache-control: no-cache
vary: accept-encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/cndy1_300x250_FINANCING.png
8.38.122.197200 OK 0 B URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/cndy1_300x250_FINANCING.png
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
GET /wp-content/uploads/2015/12/cndy1_300x250_FINANCING.png HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 May 2022 12:54:28 GMT
etag: "10337-5df34a41da471"
accept-ranges: bytes
content-length: 66359
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
cardealsnearyou.com/wp-json/acf/v3/options/options/
8.38.122.197200 OK 0 B URL HTTP/2 cardealsnearyou.com/wp-json/acf/v3/options/options/
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Analyzer Verdict Alert fortinet Phishing
GET /wp-json/acf/v3/options/options/ HTTP/1.1
Host: cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
x-robots-tag: noindex
link: <https://www.cardealsnearyou.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
vary: Origin
set-cookie: stm_visitor_1=22202198; expires=Mon, 26-Dec-2022 10:20:21 GMT; Max-Age=2592000; path=/
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
date: Sat, 26 Nov 2022 10:20:21 GMT
server: Apache
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=www.cardealsnearyou.com
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=www.cardealsnearyou.com
IP 178.250.0.157:0
GET /syncframe?origin=rtus&topUrl=www.cardealsnearyou.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 10:20:23 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=e31fc478-c6bb-4276-95fd-e9869f211b60; expires=Thu, 21 Dec 2023 10:20:22 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 320070
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/12/cu-1-350x205.jpg
8.38.122.197200 OK 0 B URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/12/cu-1-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
GET /wp-content/uploads/2021/12/cu-1-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: stm_visitor_1=60201761
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 05 Jan 2022 15:16:25 GMT
etag: "2462-5d4d73cb8db7e"
accept-ranges: bytes
content-length: 9314
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Sat, 26 Nov 2022 10:20:18 GMT
server: Apache
X-Firefox-Spdy: h2
a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_error=3
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_error=3
IP 104.26.8.50:0
GET /px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Df2397e42%2Dc938%2D4db0%2Db5c3%2D04b0b68f6e8a%26anx_uId%3D%24UID&google_error=3 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=f2397e42%2dc938%2d4db0%2db5c3%2d04b0b68f6e8a; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:21 GMT
content-type: text/html
location: https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=f2397e42-c938-4db0-b5c3-04b0b68f6e8a&anx_uId=$UID
x-frontend: cc-nginx-c76b96594-4gz9x:cc-nginx-c76b96594-4gz9x
x-requestid: 6596bb3b-20a3-4d87-b77f-8607f8e0594b
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0qkaLeuimEYOAAS4So3Srxht2SQwXRb7bPqb6cL7qZF5jHmvUtCIRad4cg2TPJwxiTPZIq6urr7qsXq2fWSSusEuGiKLFAkowuwbd9BZZ%2FvuHYmXwEEN5VqiYG%2FDsOj%2FrfKnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e418ce7eb506-OSL
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
54.230.111.33200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
IP 54.230.111.33:0
GET /scripts/v2/pushnami-sw/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sat, 26 Nov 2022 10:20:21 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qXfO6uw_HsBt9W4TbmadoeD6zN57WTi2jMnEIryT6kDsprabyKQwkA==
age: 2
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-1899855.js?sv=6
143.204.55.98200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-1899855.js?sv=6
IP 143.204.55.98:0
GET /c/hotjar-1899855.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 10:20:22 GMT
cache-control: max-age=60
etag: W/8a55a057dd0d7a0ffa4490d0185f0ea6
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SP5MhkeH_YE8RRDqG5iTgTtL4d2h2TYVXu2HaIs4KdTqUapEdgs-3w==
X-Firefox-Spdy: h2
a.remarketstats.com/px/smart/?c=243b667b11e7ebf
172.67.69.73302 Found 0 B URL HTTP/2 a.remarketstats.com/px/smart/?c=243b667b11e7ebf
IP 172.67.69.73:0
GET /px/smart/?c=243b667b11e7ebf HTTP/1.1
Host: a.remarketstats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 26 Nov 2022 10:20:18 GMT
content-type: text/html
location: https://a.clickcertain.com/px/smart/a/?c=243b667b11e7ebf
x-frontend: cc-nginx-c76b96594-rd9qd:cc-nginx-c76b96594-rd9qd
x-requestid: 6b0cd33d-7e8e-4199-aac5-183c3cc2af2f
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MSayVengAXUGSLawYthyZ6fb7d6XBcUISND4v55c0Rbe%2F1JG%2F5MAF7Cj1gcy%2FmHnxftCfpoat8qe2mvEVd%2BvJfo%2BbPyUdACOA0eNWRvd2E1Iu7OMHpP4ttJUcqYdQWz1Q7MP7kg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7701e408083eb512-OSL
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
54.230.111.113200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
IP 54.230.111.113:0
GET /scripts/v2/pushnami-sw/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sat, 26 Nov 2022 10:20:21 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iHPsT0I5BdSWLK9Hkv8VoKzpV5a_1zRJyCnmh5GsT9D6LN3aQE3Tkg==
X-Firefox-Spdy: h2
cardealsnearyou.com/wp-json/acf/v3/options/options/
8.38.122.197200 OK 0 B URL HTTP/2 cardealsnearyou.com/wp-json/acf/v3/options/options/
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Analyzer Verdict Alert fortinet Phishing
GET /wp-json/acf/v3/options/options/ HTTP/1.1
Host: cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
x-robots-tag: noindex
link: <https://www.cardealsnearyou.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
vary: Origin
set-cookie: stm_visitor_1=55202058; expires=Mon, 26-Dec-2022 10:20:20 GMT; Max-Age=2592000; path=/
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
date: Sat, 26 Nov 2022 10:20:20 GMT
server: Apache
X-Firefox-Spdy: h2