r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3307
Expires: Thu, 02 Feb 2023 21:10:05 GMT
Date: Thu, 02 Feb 2023 20:14:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16165
Expires: Fri, 03 Feb 2023 00:44:23 GMT
Date: Thu, 02 Feb 2023 20:14:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19188
Expires: Fri, 03 Feb 2023 01:34:46 GMT
Date: Thu, 02 Feb 2023 20:14:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 19:43:31 GMT
content-type: application/json
age: 1887
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Ty8MdKSplhtRYu6uAqRfnV3Ykx4wr6sDkmO0aMWnFkd6hmzM7Vxqo44giBggCu+Gr8e/lDPJPkw=
x-amz-request-id: FB64932EXQX2Y30J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 19:52:06 GMT
age: 1372
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/Login.php
45.60.97.185302 Found 222 B URL HTTP/1.1 avrgpro.com/afcu/Acu/Login.php
IP 45.60.97.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash df34fe242a76222f8c3925811be54d5c
12c50d669f9e3b5262b3c462219fa901b5f961f5
f626268f367c7a8ed503c70f1c258e5cfd4b0c3f78d01cfad9089857f1e0ef7d
Analyzer Verdict Alert openphish America First Credit Union
fortinet Phishing
GET /afcu/Acu/Login.php HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 20:14:58 GMT
Server: Apache
Location: https://avrgpro.com/afcu/Acu/Login.php
Content-Length: 222
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: incap_ses_674_2798871=9WktRfuwpTSnXSy0SIhaCcEZ3GMAAAAADP2OWuacgyeClimq+zYihg==; path=/; Domain=.avrgpro.com
X-CDN: Imperva
X-Iinfo: 5-102369820-102369821 NNNN CT(50 -1 0) RT(1675368897176 1) q(0 0 1 0) r(1 1) U11
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 20:14:58 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 19:49:05 GMT
age: 1553
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4348
Expires: Thu, 02 Feb 2023 21:27:26 GMT
Date: Thu, 02 Feb 2023 20:14:58 GMT
Connection: keep-alive
push.services.mozilla.com/
35.165.1.70101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.1.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Jhim2QFw0UUY7L3xV9xYdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X9rt0FSoW/ykvnb446wQIK1CHrs=
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/ruxitagentjs_ICA2QVfgjqru_10237220328075400.js
107.154.147.185200 OK 113 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/ruxitagentjs_ICA2QVfgjqru_10237220328075400.js
IP 107.154.147.185:0
File type ASCII text, with very long lines (19430)
Size 113 kB (113060 bytes)
Hash d5c14095e8720020aad1ac58fca00591
d769a4acf21b7e462245e3716f3b1a1414a54f28
a230819b9038ac0de206d3c1efffe28107c89134b7cee6f24352034f4e576000
Analyzer Verdict Alert fortinet Phishing
GET /afcu/Acu/America%20First%20Credit%20Union_files/ruxitagentjs_ICA2QVfgjqru_10237220328075400.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "1cc7ffd9"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 113060
content-encoding: gzip
cache-control: max-age=25689, public
expires: Fri, 03 Feb 2023 03:23:07 GMT
date: Thu, 02 Feb 2023 20:14:58 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45844400 2CNN RT(1675368898081 663) q(0 0 0 -1) r(0 0)
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.css
107.154.147.185200 OK 1.1 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.css
IP 107.154.147.185:0
File type ASCII text, with CRLF line terminators
Hash 7dfe867dc6a23f81c7f54f83c4c93c4e
0ccb4eb6981015623bd94f21ace328fb62f9bcac
a3c6eb524612691e533b3512279b6c4d2790e09bbc6813b4417e6f219a165262
GET /afcu/Acu/America%20First%20Credit%20Union_files/app.css HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "67a6a5ce"
last-modified: Tue, 24 May 2022 05:09:32 GMT
content-type: text/css
content-length: 1107
content-encoding: gzip
cache-control: max-age=25689, public
expires: Fri, 03 Feb 2023 03:23:07 GMT
date: Thu, 02 Feb 2023 20:14:58 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45846232 2CNN RT(1675368898081 680) q(0 0 0 -1) r(0 0)
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/Login.php
107.154.147.185200 OK 39 kB URL HTTP/2 avrgpro.com/afcu/Acu/Login.php
IP 107.154.147.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4826)
Hash 7b919a6ae2c98d1ad6e087cf49047f57
d467a7d5d45322dd3ecfa411e225c083f6b7b7c1
c1829f4c6414a283d6835749a1590355ee4fda85178489eee610db0808c0a157
Analyzer Verdict Alert openphish America First Credit Union
fortinet Phishing
GET /afcu/Acu/Login.php HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 02 Feb 2023 20:14:58 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/html; charset=UTF-8
set-cookie: incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==; path=/; Domain=.avrgpro.com
x-cdn: Imperva
x-iinfo: 10-45846140-45846157 NNNN CT(66 71 0) RT(1675368898081 125) q(0 0 1 11) r(2 2) U12
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js
107.154.147.185200 OK 72 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js
IP 107.154.147.185:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b61b3e206d5075767ed8c59e888e9f30
32a553c29a4d50b0ce6f036126bba7220a380f14
93f767545f8877f79ce5c9fbff02c1b1c2b71d55bd0eb9cfd178e2fda66f6695
Analyzer Verdict Alert fortinet Phishing
GET /afcu/Acu/America%20First%20Credit%20Union_files/launch-b0a09017373d.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "6d33eb70"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 71676
content-encoding: gzip
cache-control: max-age=25689, public
expires: Fri, 03 Feb 2023 03:23:07 GMT
date: Thu, 02 Feb 2023 20:14:58 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45844401 2CNN RT(1675368898081 666) q(0 0 0 -1) r(0 0)
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js
107.154.147.185200 OK 12 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js
IP 107.154.147.185:0
File type ASCII text, with very long lines (33334), with no line terminators
Hash 2ef41156365629385c86821bb4d1d2af
f61b2fdfa441a6edbc53a4db7931db8da8d59c9e
714b580647b34daae3ae628914739ff97814ab65b67fbea18a67fba5a0a6d0f3
Analyzer Verdict Alert fortinet Phishing
GET /afcu/Acu/America%20First%20Credit%20Union_files/AppMeasurement.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "df698d5e"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 12086
content-encoding: gzip
cache-control: max-age=25692, public
expires: Fri, 03 Feb 2023 03:23:10 GMT
date: Thu, 02 Feb 2023 20:14:58 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45845338 2CNN RT(1675368898081 676) q(0 0 0 -1) r(1 1)
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.css
107.154.147.185200 OK 120 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.css
IP 107.154.147.185:0
Size 120 kB (119589 bytes)
Hash c2cd3099cbc98916ca43b32d160b4674
2cc79c97eff2bebac360da34a00dee7a4e8dcb8f
9ddf7961a2e1c34aff3b1fa3245ad044f7aba5c613cff0ee3926b07343d0bb5d
GET /afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.css HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "582be71c"
last-modified: Tue, 24 May 2022 05:16:36 GMT
content-type: text/css
content-length: 119589
content-encoding: gzip
cache-control: max-age=25689, public
expires: Fri, 03 Feb 2023 03:23:07 GMT
date: Thu, 02 Feb 2023 20:14:58 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45846235 2CNN RT(1675368898081 685) q(0 0 0 -1) r(1 1)
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/logo-desktop-inverse.png
107.154.147.185200 OK 6.9 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/logo-desktop-inverse.png
IP 107.154.147.185:0
File type PNG image data, 390 x 134, 8-bit colormap, non-interlaced\012- data
Hash 1e294edb03f6c6aad7da011e5f42b2e4
bc7f9150741b80e29e54bdda0285fca09b98b7ea
522339b3af26cde9d1a7963d11581ec5c18f71d142c27594626d1ee3a852d0fd
GET /afcu/Acu/America%20First%20Credit%20Union_files/logo-desktop-inverse.png HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "ee985d29"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: image/png
content-length: 6942
cache-control: max-age=25693, public
expires: Fri, 03 Feb 2023 03:23:12 GMT
date: Thu, 02 Feb 2023 20:14:59 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45844402 2CNN RT(1675368898081 694) q(0 1 1 -1) r(3 3)
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.js
107.154.147.185200 OK 186 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.js
IP 107.154.147.185:0
File type Unicode text, UTF-8 text, with very long lines (65531), with no line terminators
Size 186 kB (186311 bytes)
Hash 90f7be05799f2f64d9df124e1fbb66db
c546cb6f9e2ec030b17ae66eaab885b71463b2ae
4218eda3cead519a378600e9e38deb019ec5dcf5f0ae42a946e6727259b04887
Analyzer Verdict Alert fortinet Phishing
GET /afcu/Acu/America%20First%20Credit%20Union_files/chunk-vendors.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "a2d24cea"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 186311
content-encoding: gzip
cache-control: max-age=25689, public
expires: Fri, 03 Feb 2023 03:23:07 GMT
date: Thu, 02 Feb 2023 20:14:58 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45844401 2CNN RT(1675368898081 692) q(0 1 1 -1) r(1 1)
X-Firefox-Spdy: h2
avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.js
107.154.147.185200 OK 63 kB URL HTTP/2 avrgpro.com/afcu/Acu/America%20First%20Credit%20Union_files/app.js
IP 107.154.147.185:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash cd07d1e455a8170f8e7981c87f058dcf
263410d33e11a0454256945119a443700a3e421b
3748a011f14cc2adb0ff6d8558e717799e3b07f2a1bb8531c23c9fbfa157573b
Analyzer Verdict Alert fortinet Phishing
GET /afcu/Acu/America%20First%20Credit%20Union_files/app.js HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "4ad07136"
last-modified: Tue, 24 May 2022 05:07:50 GMT
content-type: application/javascript
content-length: 63335
content-encoding: gzip
cache-control: max-age=25689, public
expires: Fri, 03 Feb 2023 03:23:08 GMT
date: Thu, 02 Feb 2023 20:14:59 GMT
x-cdn: Imperva
x-iinfo: 10-45846140-45846258 2CNN RT(1675368898081 687) q(0 1 3 -1) r(3 3)
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
2.18.172.233200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (32766)
Hash ef1dca45932932a17b01c4b6946f6042
0f0f0501b7d48e1e2b2aead666d9b9b59c07720c
37d818de56459121621e8df2e54ff42109e6ac62fab1ead9aae508fab006073d
GET /extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12184
unused62: 8096267
expires: Thu, 02 Feb 2023 21:15:00 GMT
date: Thu, 02 Feb 2023 20:15:00 GMT
cache-control: no-cache
access-control-allow-origin: https://avrgpro.com
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 376568ad565582b9a012526b079e1d15
8a3d0933e4ad5e6b4942abc856e2b06bd518cb86
8638da6b826ab2e28955fa6963b3fbac2fb85c937e5eb0e629b8a10b3e029498
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1733
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:15:00 GMT
Last-Modified: Thu, 02 Feb 2023 19:46:07 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://avrgpro.com/afcu/Acu/Login.php&r=
52.18.63.80200 OK 55 B URL HTTP/1.1 canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://avrgpro.com/afcu/Acu/Login.php&r=
IP 52.18.63.80:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 185695cd1669914f5338d8b0461ce776
283cd2c856f899ff4a8c4b0b9c20b3b9e56140f3
35679d2e3f0639729b18de7ae45abb47073fbbf1aa4bc59aa065991494d63d7d
NIDS Severity Alert suricata high ETPRO POLICY Observed HTTP Request to Canary Token Service
GET /d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://avrgpro.com/afcu/Acu/Login.php&r= HTTP/1.1
Host: canarytokens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 20:15:00 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17489
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 20:15:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17489
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 20:15:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17489
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 20:15:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17489
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 20:15:01 GMT
Connection: keep-alive
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1675368927389
52.51.133.63302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1675368927389
IP 52.51.133.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1675368927389 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://avrgpro.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-04fb65ba6.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1675368927389
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=09075312785581856051799487619577075101; Max-Age=15552000; Expires=Tue, 01 Aug 2023 20:15:01 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: aXZ73JTzThU=
Content-Length: 0
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C1kqthy0eZop0UZfG3_op5xeBOVGiPLYfia4uS1l4-kchEzV6ccE9w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:16:08 GMT
age: 46733
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:54:58 GMT
age: 80403
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i697kJpdT4ZPeMLWIftWf16pWCic0-v4tL4GDKfVfTZLo-E4-3FwDQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 78803
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df4a4906103a8f409c066b1cded71384
22847e3926db3e3d5f6b529297a4abe8b377c3a6
84a14b73b2cc7f4641eaa5539cbee0a109ae2b05cf88d06797a2b00c8d4f0c43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9221
x-amzn-requestid: 209c2ad4-7a1f-4867-bf98-4ca8621111a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTBFv5IAMFgqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-1627a9d603c69f7760ad013b;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kAkcQOKAvuq3k-X081MLCqon-cnQJqGryVeE0fwX0a7bcXgJlySIvg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 78803
etag: "22847e3926db3e3d5f6b529297a4abe8b377c3a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b9af1fd56c0de8f128ddce88d49c1b4d
e3bb3d4950f7c0267f4476eef21872da332831aa
908153182f76362ff329803d9c11c06c66181e85e8e51dabd927f1f1ac630d5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8944
x-amzn-requestid: 07495184-ede8-485c-94e8-5302ec348ea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: freiLHRPoAMFYbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dade0d-275437a54eceb40e302a7f55;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:47:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: e0zaXjoBKOmsY4fPEbl1SWCBxetMssmszZug0-epLq-X5rGb5zKHZw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:36 GMT
age: 80125
etag: "e3bb3d4950f7c0267f4476eef21872da332831aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ybz4mmNUwsKOkpz6GFm4nLz7iGX5gJ--EiUjqrs8G92GBLn6qaF7IQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:51 GMT
age: 80230
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1675368927389
52.51.133.63200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1675368927389
IP 52.51.133.63:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&ts=1675368927389 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avrgpro.com
Content-Type: application/x-www-form-urlencoded
Referer: https://avrgpro.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://avrgpro.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-01a6f2a00.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: NJVjuwM7SFw=
Content-Length: 124
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ae9d74725bf321b2c3430e4bc714ca5f
14d4719b96c14ec0765ec249ce7aec4c829ca54f
645da8085b7f565747d614ff7465c26c1b5634ae59a0f7656c2c74377fac2a1e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:15:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 19:27:31 GMT
Expires: Mon, 06 Feb 2023 19:27:30 GMT
Etag: "14d4719b96c14ec0765ec249ce7aec4c829ca54f"
Cache-Control: max-age=342148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793598b10e2cb50b-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ae9d74725bf321b2c3430e4bc714ca5f
14d4719b96c14ec0765ec249ce7aec4c829ca54f
645da8085b7f565747d614ff7465c26c1b5634ae59a0f7656c2c74377fac2a1e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:15:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 19:27:31 GMT
Expires: Mon, 06 Feb 2023 19:27:30 GMT
Etag: "14d4719b96c14ec0765ec249ce7aec4c829ca54f"
Cache-Control: max-age=342148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793598b11b780b39-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d01d47f307bf0600651054261dfceba4
9f475f60887eff804bdb0c308010207c666321a5
c98bde90580b8a77f978837425971008be7133e6897ae8f17ebe6b09f3e1d03f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=99621
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:15:01 GMT
Etag: "63dafbea-1d7"
Expires: Fri, 03 Feb 2023 23:55:22 GMT
Last-Modified: Wed, 01 Feb 2023 23:55:22 GMT
Server: nginx
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a0e545cab68d32a3af28ff3fc889d65
bf882cc0a9a76a8c0dabd35955cf69139350b255
60b8ee0a2680558a7e1cbc70e194f5c82dadbaa13429941b90fd7833f1df0d15
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4434
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:15:01 GMT
Last-Modified: Thu, 02 Feb 2023 19:01:07 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
sstats.americafirst.com/id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1675368928844
15.236.117.205200 OK 48 B URL HTTP/2 sstats.americafirst.com/id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1675368928844
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ba6e8668c1e2bc14009aee082ccb3dc4
41e3dcd8a44256470491fd0fd57c8ff32130c5ed
93b32330eb687e166570b9be43a0080e20609da2a8218c13dcaeaaf0f4ad570b
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&mcorgid=A7873BC75245AD770A490D4D%40AdobeOrg&ts=1675368928844 HTTP/1.1
Host: sstats.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://avrgpro.com
access-control-allow-credentials: true
date: Thu, 02 Feb 2023 20:15:01 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=0%7CMCMID%7C24695773332038147672084647543589980161; Path=/; Domain=americafirst.com; Max-Age=63072000; Expires=Sat, 01 Feb 2025 20:15:15 GMT;
s_ecid=MCMID%7C24695773332038147672084647543589980161; Path=/; Domain=americafirst.com; Max-Age=63072000; Expires=Sat, 01 Feb 2025 20:15:15 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 02 Feb 2023 19:45:20 GMT
expires: Thu, 02 Feb 2023 21:45:20 GMT
cache-control: public, max-age=7200
age: 1781
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
secure.americafirst.com/fonts/roboto-latin-400.479970ff.woff2
216.51.43.116200 16 kB URL HTTP/1.1 secure.americafirst.com/fonts/roboto-latin-400.479970ff.woff2
IP 216.51.43.116:0
File type Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Hash 479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
GET /fonts/roboto-latin-400.479970ff.woff2 HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Set-Cookie: dtCookie=v_4_srv_1_sn_91C0987A0C7C6FF742A084F13EA09CD3_perc_100000_ol_0_mul_1_app-3Aec967b149da485d6_1; Path=/; Domain=.americafirst.com
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="-1238799126", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
ETag: W/"15736-1665719314000:dtagent10255221104040649emzY"
Last-Modified: Fri, 14 Oct 2022 03:48:33 GMT
Content-Type: font/woff2
Content-Length: 15736
Date: Thu, 02 Feb 2023 20:15:01 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000
secure.americafirst.com/fonts/roboto-latin-500.020c97dc.woff2
216.51.43.116200 16 kB URL HTTP/1.1 secure.americafirst.com/fonts/roboto-latin-500.020c97dc.woff2
IP 216.51.43.116:0
File type Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Hash 020c97dc8e0463259c2f9df929bb0c69
8f956a31154047d1b6527b63db2ecf0f3a463f24
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
GET /fonts/roboto-latin-500.020c97dc.woff2 HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Set-Cookie: dtCookie=v_4_srv_2_sn_0988D9BF52339F0F301AC512198A83F1_perc_100000_ol_0_mul_1_app-3Aec967b149da485d6_1; Path=/; Domain=.americafirst.com
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="2015214608", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
ETag: W/"15872-1665719314000:dtagent10255221104040649emzY"
Last-Modified: Fri, 14 Oct 2022 03:48:33 GMT
Content-Type: font/woff2
Content-Length: 15872
Date: Thu, 02 Feb 2023 20:15:01 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 20:15:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=24695773332038147672084647543589980161&ts=1675368929606
52.51.133.63200 OK 899 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=24695773332038147672084647543589980161&ts=1675368929606
IP 52.51.133.63:0
File type JSON data\012- , ASCII text, with very long lines (2321), with no line terminators
Hash 9096f2f8a6cc1815de40abe07c21e17e
f2f1f4e0c4f41dc3d3d9c265e1aad43a0b9276c2
a13844d72c7ab16d404c306be28ebc1652dceb6f470e4deffbe4f49c713756fb
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7873BC75245AD770A490D4D%40AdobeOrg&d_nsid=0&d_mid=24695773332038147672084647543589980161&ts=1675368929606 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://avrgpro.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=29389102387309127391613009052088566413; Max-Age=15552000; Expires=Tue, 01 Aug 2023 20:15:02 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 7D5nx6LBQjY=
Content-Length: 899
Connection: keep-alive
secure.americafirst.com/fonts/roboto-latin-500.87284894.woff
216.51.43.116200 20 kB URL HTTP/1.1 secure.americafirst.com/fonts/roboto-latin-500.87284894.woff
IP 216.51.43.116:0
File type Web Open Font Format, TrueType, length 20464, version 1.1\012- data
Hash 87284894879f5b1c229cb49c8ff6decc
fb1bd3baf122d5d350eb387f0536c20da71f09df
ba98f991d002c6bfaaf7b874652ffdcde9261a86925db87df3ed2861ea080adf
GET /fonts/roboto-latin-500.87284894.woff HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Set-Cookie: dtCookie=v_4_srv_3_sn_925114D121A65E81D6BDD2C0259B3081_perc_100000_ol_0_mul_1_app-3Aec967b149da485d6_1; Path=/; Domain=.americafirst.com
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="1960314029", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
ETag: W/"20464-1665719314000:dtagent10255221104040649emzY"
Last-Modified: Fri, 14 Oct 2022 03:48:33 GMT
Content-Type: font/woff
Content-Length: 20464
Date: Thu, 02 Feb 2023 20:15:01 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000
secure.americafirst.com/fonts/roboto-latin-400.60fa3c06.woff
216.51.43.116200 20 kB URL HTTP/1.1 secure.americafirst.com/fonts/roboto-latin-400.60fa3c06.woff
IP 216.51.43.116:0
File type Web Open Font Format, TrueType, length 20268, version 1.1\012- data
Hash 60fa3c0614b8fb2f394fa29944c21540
42c8ae79841c592a26633f10ee9a26c75bcf9273
c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684
GET /fonts/roboto-latin-400.60fa3c06.woff HTTP/1.1
Host: secure.americafirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Set-Cookie: dtCookie=v_4_srv_3_sn_87F588297ACFC735D9F0B3895917E36D_perc_100000_ol_0_mul_1_app-3Aec967b149da485d6_1; Path=/; Domain=.americafirst.com
X-OneAgent-JS-Injection: true
Timing-Allow-Origin: *
Server-Timing: dtRpid;desc="-1532635872", dtTao;desc="1", dtSInfo;desc="0"
Accept-Ranges: bytes
ETag: W/"20268-1665719314000:dtagent10255221104040649emzY"
Last-Modified: Fri, 14 Oct 2022 03:48:33 GMT
Content-Type: font/woff
Content-Length: 20268
Date: Thu, 02 Feb 2023 20:15:01 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Referrer-Policy: STRICT-ORIGIN
Expect-CT: "enforce,max-age=30"
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Permissions-Policy: geolocation=(self "https://FAKE URL.com")
X-Powered-By: Fake Name
Server: Fake Name
Strict-Transport-Security: max-age=2592000
avrgpro.com/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D73_sn_R10JBVTTCK1U0G1HQV2NESB61838D6C4&svrid=-73&flavor=post&vi=FDRWRMJONWOJEPLGVMQCOSPWHIUFNILU-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=2541291763&en=ztho6o9v&end=1
107.154.147.185406 Not Acceptable 0 B URL HTTP/2 avrgpro.com/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D73_sn_R10JBVTTCK1U0G1HQV2NESB61838D6C4&svrid=-73&flavor=post&vi=FDRWRMJONWOJEPLGVMQCOSPWHIUFNILU-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=2541291763&en=ztho6o9v&end=1
IP 107.154.147.185:0
POST /rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D73_sn_R10JBVTTCK1U0G1HQV2NESB61838D6C4&svrid=-73&flavor=post&vi=FDRWRMJONWOJEPLGVMQCOSPWHIUFNILU-0&modifiedSince=1653321765455&rf=https%3A%2F%2Favrgpro.com%2Fafcu%2FAcu%2FLogin.php&bp=3&app=ec967b149da485d6&crc=2541291763&en=ztho6o9v&end=1 HTTP/1.1
Host: avrgpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 556
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/afcu/Acu/Login.php
Cookie: visid_incap_2798871=1r5MsWY6SWipu5OYGVaYw6IZ3GMAAAAAQUIPAAAAAADagSDe+3R4uLTAM9c40QS2; rxVisitor=16753688966180OBECJA3UO94U9RC3KAVAL7U03F0TNJT; AMCV_A7873BC75245AD770A490D4D%40AdobeOrg=-1124106680%7CMCIDTS%7C19391%7CvVersion%7C5.2.0; mbox=session#48c8190f4cb94a0b89dd7dbea100e53a#1675370757|PC#48c8190f4cb94a0b89dd7dbea100e53a.37_0#1738613700; _ga=GA1.2.1556450031.1675368897; _gid=GA1.2.715037432.1675368897; incap_ses_1543_2798871=fO0fOIDLdT9PnQkNmdZpFcIZ3GMAAAAA1T/Z9vT0rpMf7qtbovo2hw==; dtCookie=v_4_srv_-2D73_sn_R10JBVTTCK1U0G1HQV2NESB61838D6C4; dtPC=-73$168927236_333h1vFDRWRMJONWOJEPLGVMQCOSPWHIUFNILU-0e0; rxvt=1675370727271|1675368927256; dtLatC=333; dtSa=-; at_check=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 406 Not Acceptable
date: Thu, 02 Feb 2023 20:15:01 GMT
server: Apache
content-type: text/html; charset=iso-8859-1
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 10-45846140-45846157 PNYN RT(1675368898081 3447) q(0 0 0 -1) r(1 1) U6
X-Firefox-Spdy: h2
www.freepsdking.com/data/weddingalbumdesign/12X36/289/289-08.zip
104.21.6.47200 OK 0 B URL HTTP/1.1 www.freepsdking.com/data/weddingalbumdesign/12X36/289/289-08.zip
IP 104.21.6.47:0
GET /data/weddingalbumdesign/12X36/289/289-08.zip HTTP/1.1
Host: www.freepsdking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 20:14:59 GMT
Content-Type: application/zip
Content-Length: 82725336
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Last-Modified: Fri, 09 Dec 2022 04:07:10 GMT
ETag: "4ee49d8-5ef5d49a697a3"
Cache-Control: public, max-age=31536000
Expires: Fri, 02 Feb 2024 20:12:55 GMT
Referrer-Policy: no-referrer-when-downgrade
Pragma: public
CF-Cache-Status: HIT
Age: 124
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lHku2yrokRXBn%2FzKoXd%2Fc579Af9AJglYlWEGyXucSUAJBNKN9olnwaO4AqmMjtAqaRM06NKlLOwkqzjORJWJ0s8%2BoBRRghZimShNHsBbllFwKTHOEB%2BWXAIQTnTaX6BcqG%2B8TlAB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793598a32940b4f9-OSL
alt-svc: h2=":443"; ma=60
americafirstcreditun.tt.omtrdc.net/rest/v1/delivery?client=americafirstcreditun&sessionId=48c8190f4cb94a0b89dd7dbea100e53a&version=2.4.0
63.34.41.96200 OK 0 B URL HTTP/2 americafirstcreditun.tt.omtrdc.net/rest/v1/delivery?client=americafirstcreditun&sessionId=48c8190f4cb94a0b89dd7dbea100e53a&version=2.4.0
IP 63.34.41.96:0
POST /rest/v1/delivery?client=americafirstcreditun&sessionId=48c8190f4cb94a0b89dd7dbea100e53a&version=2.4.0 HTTP/1.1
Host: americafirstcreditun.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 771
Origin: https://avrgpro.com
Connection: keep-alive
Referer: https://avrgpro.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 20:15:02 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
access-control-allow-origin: https://avrgpro.com
access-control-allow-credentials: true
x-request-id: bb3ed6b4d98975206caf79c33deae66e
timing-allow-origin: *
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
content-encoding: gzip
X-Firefox-Spdy: h2