Report - covidtravel.clinicallabs.com.au/request-form/new

Report Overview

Submitted URL
covidtravel.clinicallabs.com.au/request-form/new
IP
3.24.79.27
ASN
#16509 AMAZON-02
Submitted
2023-02-06 06:27:37
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
7
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	401 B	45 kB	172.217.21.168
adservice.google.com	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	717 B	849 B	142.250.74.34
adservice.google.no	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	708 B	724 B	216.58.207.194
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
covidtravel.clinicallabs.com.au	unknown	2021-10-27T23:24:46Z	2022-11-22T00:09:34Z	9.7 kB	455 kB	3.104.10.184
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	64 kB	34.120.237.76
insight.adsrvr.org	631	2012-05-30T16:03:18Z	2023-03-13T05:18:25Z	1.0 kB	157 kB	15.197.193.217
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	984 B	143.204.42.165
js.adsrvr.org	1664	2012-11-26T21:54:54Z	2023-03-13T06:57:06Z	383 B	2.4 kB	108.157.224.123
11359170.fls.doubleclick.net	unknown			682 B	1.1 kB	142.250.74.70
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	388 B	21 kB	142.250.74.110
maps.googleapis.com	33876	2019-10-17T17:56:16Z	2023-03-13T08:06:07Z	453 B	580 B	142.250.74.170
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	95.101.11.115
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	44.227.59.33
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	3.1 kB	6.3 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-06 06:28:08	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-02-06 06:28:08	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-02-06 06:28:09	medium	Client IP	3.104.10.184	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
2023-02-06 06:28:10	medium	Client IP	3.104.10.184	ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
2023-02-06 06:28:10	medium	Client IP	3.104.10.184	ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
2023-02-06 06:28:10	medium	3.104.10.184	Client IP	ET HUNTING Possible COVID-19 Domain in SSL Certificate M2
2023-02-06 06:28:10	medium	3.104.10.184	Client IP	ET HUNTING Possible COVID-19 Domain in SSL Certificate M2

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=UA-88600307-18	112 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=UA-88600307-18 IP 172.217.21.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:17 Last Seen2023-03-13 18:14:17 Times Seen1 Hash 1f85c87d796d3d87b4b0506465eef4ef 114dc4409c73eee52e8de13befcd0bc589e36d6a a1a94a1695e0fa9a8293715b13ea38275302fc906fb627d9cb2a74f21c311c8b Loading...

	covidtravel.clinicallabs.com.au/app/global.bb5b9abe6071f2a343e8.bundle.js	938 B	2023-03-13	2023-03-13
Pretty URL covidtravel.clinicallabs.com.au/app/global.bb5b9abe6071f2a343e8.bundle.js IP 3.104.10.184 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:17 Last Seen2023-03-13 18:14:17 Times Seen1 Hash 25d6ff708ed148cd4088c157ce079bed 7d572643eed634b4c7262b1331acd206e86de6c3 44f50b2b4ae596c613a492aa4ae7933ff340f29113c41080b14e08059f51379b Loading...

	covidtravel.clinicallabs.com.au/app/30.bb5b9abe6071f2a343e8.chunk.js	1.4 MB	2023-03-13	2023-03-13
Pretty URL covidtravel.clinicallabs.com.au/app/30.bb5b9abe6071f2a343e8.chunk.js IP 3.104.10.184 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:17 Last Seen2023-03-13 18:14:17 Times Seen1 Hash 68569cff5c9f7d32de5992257fe19c6b c13267e4fff09aa7cc64b809f0eebf7aadfae7e3 c76b587f8dfbee1d93e6c56f6c5f98df51e23f98317fa67bb50cf34db8966eb6 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	covidtravel.clinicallabs.com.au/request-form/new	286 B	2023-03-13	2023-03-13
Pretty URL covidtravel.clinicallabs.com.au/request-form/new IP 3.104.10.184 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:18 Last Seen2023-03-13 18:14:18 Times Seen1 Hash 503ee571c845fff05ef5e53d015146d3 4d21a00766784534b4ce5ded975118d70090c53c 7270588e16d72bc4152177b87a1e1027ff9b921c6b8e64feb9150b62ec7aa353 Loading...

	covidtravel.clinicallabs.com.au/request-form/new	168 B	2023-03-13	2023-03-13
Pretty URL covidtravel.clinicallabs.com.au/request-form/new IP 3.104.10.184 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:18 Last Seen2023-03-13 18:14:18 Times Seen1 Hash b74717d8b261093a58315444d9dcdfd0 bbfd3d89978ef115ef4ba193334f81508f9c5961 ac811e3239265a8745678ecf30df7525acae82d97720c78c5f0944bcc6bab889 Loading...

	js.adsrvr.org/up_loader.1.1.0.js	4.6 kB	2023-03-07	2023-11-04
Pretty URL js.adsrvr.org/up_loader.1.1.0.js IP 108.157.224.123 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:29 Last Seen2023-11-04 15:38:59 Times Seen1096 Hash 98d98b3499058b76d58073cf8ede2f10 2ec5bc839a187c2a4d93499567e8fff091a6bcc4 ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9 Loading...

	covidtravel.clinicallabs.com.au/app/main.bb5b9abe6071f2a343e8.bundle.js	3.4 MB	2023-03-13	2023-03-13
Pretty URL covidtravel.clinicallabs.com.au/app/main.bb5b9abe6071f2a343e8.bundle.js IP 3.104.10.184 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:18 Last Seen2023-03-13 18:14:18 Times Seen1 Hash e2ec43f1b90045e549e4e897e0b58ac0 1199fe221c18831bf3786ac2ffd1e0b9d6570afd 2ac11611bcc1cada43ad4310b03ce72a7d57797c7ba303edab9ec79fcc35e726 Loading...

	covidtravel.clinicallabs.com.au/app/0.bb5b9abe6071f2a343e8.chunk.js	21 kB	2023-03-13	2023-03-13
Pretty URL covidtravel.clinicallabs.com.au/app/0.bb5b9abe6071f2a343e8.chunk.js IP 3.104.10.184 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:18 Last Seen2023-03-13 18:14:18 Times Seen1 Hash 61ec7dfa96a372ac4f57e2010a64798d 82e13e9faec1439ec04e12ec43139a709cf098e9 7611cae11bfdcbeeeae5400ab85440ab1731f3f603ea7b97e598a14b252f1daf Loading...

	maps.googleapis.com/maps/api/js?key=AIzaSyA4UfDIcHOL7Tvxo8S82YJWpnWPh8fkLtQ&libraries=places&v=weekly	172 kB	2023-03-13	2023-03-13
Pretty URL maps.googleapis.com/maps/api/js?key=AIzaSyA4UfDIcHOL7Tvxo8S82YJWpnWPh8fkLtQ&libraries=places&v=weekly IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:18 Last Seen2023-03-13 18:14:18 Times Seen1 Hash 4075614f2c4ce2e6c467ceaf19a57e39 6eeb2d37d364471133b2b9774fee9412b1a45016 4d1ca5d46dfe7fbb8e89261876ada017624b84b44fae5b7e518f16bb2de0a74b Loading...

	covidtravel.clinicallabs.com.au/request-form/new	372 B	2023-03-13	2023-03-26
Pretty URL covidtravel.clinicallabs.com.au/request-form/new IP 3.104.10.184 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:14:18 Last Seen2023-03-26 01:20:37 Times Seen2 Hash a6826b339962d79b33108fef3fb525c0 398949ef1103c8bc7b492c4c61cf7fd8f0f26bae 5297e3b7cfb38717ce526148c9b5c1e79f65361906073618d64bcf803227e1ae Loading...

HTTP Transactions (58)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2705
Expires: Mon, 06 Feb 2023 07:12:30 GMT
Date: Mon, 06 Feb 2023 06:27:25 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18972
Expires: Mon, 06 Feb 2023 11:43:37 GMT
Date: Mon, 06 Feb 2023 06:27:25 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10334
Expires: Mon, 06 Feb 2023 09:19:39 GMT
Date: Mon, 06 Feb 2023 06:27:25 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 05:34:02 GMT
content-type: application/json
age: 3203
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: CDdlaWITnndIbWo1rkzlibHkpTTMyLRLLIZSi2qcSQIBpmroFFUC5tsHfGSKCX7pK33fa2WIrnw=
x-amz-request-id: HSHV3HGF77DRTDG2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 06:24:50 GMT
age: 155
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 06:27:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/request-form/new

3.104.10.184

301 Moved Permanently

134 B

URL HTTP/1.1
covidtravel.clinicallabs.com.au/request-form/new
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET /request-form/new HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Mon, 06 Feb 2023 06:27:25 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://covidtravel.clinicallabs.com.au:443/request-form/new

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 06:07:20 GMT
age: 1205
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19187
Expires: Mon, 06 Feb 2023 11:47:13 GMT
Date: Mon, 06 Feb 2023 06:27:26 GMT
Connection: keep-alive

push.services.mozilla.com/

44.227.59.33

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.227.59.33:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9S1WkbcmRQaaGh2phwqayw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HPW1rVKL9rpT8gab6Hc8bulDfxc=

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ca2d57d8a057986bc6fb4dae41bcd11f
c8180a8302a5a5dffd39a4c241a07c80238890d8
d59aa2c999f4915bcc832340ebb534dff92c01e592a0ce6634566f8bc1d6c6c7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=152852
Date: Mon, 06 Feb 2023 06:27:26 GMT
Etag: "63e04fe2-1d7"
Expires: Wed, 08 Feb 2023 00:54:58 GMT
Last-Modified: Mon, 06 Feb 2023 00:54:58 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: weqoHmXqFJV4-6BA2BInTwPNpchqwdLOKhgBNs33231KGJHyVy45jw==

covidtravel.clinicallabs.com.au/request-form/new

3.104.10.184

200 OK

1.3 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/request-form/new
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (778), with CRLF line terminators
Size
1.3 kB (1288 bytes)
Hash
9a7f65a269ca9993c77f06d66e78b34a
b86ec201cf41ae269becd62c8ad3bfd361df1077
f26fd260a71e01feb0ec27e7787c358070806fdf34c76d8d5bb85460da018a19

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1

HTTP Headers

GET /request-form/new HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:26 GMT
content-type: text/html;charset=utf-8
content-length: 1288
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
accept-ranges: bytes
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
strict-transport-security: max-age=31536000 ; includeSubDomains
content-language: en-US
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

js.adsrvr.org/up_loader.1.1.0.js

108.157.224.123

200 OK

1.9 kB

URL HTTP/1.1
js.adsrvr.org/up_loader.1.1.0.js
IP
108.157.224.123:0
ASN
#0

File type
ASCII text, with very long lines (4593), with no line terminators
Size
1.9 kB (1887 bytes)
Hash
8dc722d27824e60548fd25752623cd07
33d66ad1a4a162e2d6c9ed732d6c9af79635fc4d
14ce9119fe06fb2d363ba3c824e9f5b3f212f1f39dfab38c836fa13a20daec1b

HTTP Headers

GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 09:30:24 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b301fa8d72072cc0289eb055d8389e68.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: 9BKfv70rXFb8GpiQoZcolWj2sLE2WsuFwJ2YwLXeZDM8txeKaqNR1Q==
Age: 75424

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9206c3ba6d5a17d62244c438fd03496e
069e8257aebe618953434b1299d065540125a512
937d395fed398e9410f75945e80f607f3146458b48cd47ba7249536ca2195817

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-88600307-18

172.217.21.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-88600307-18
IP
172.217.21.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
44 kB (43914 bytes)
Hash
f70830567fe570aec7c149b56a9f8332
7c38a05207cbac7e91368b221f2e19fade1deca5
ff7e779fb934da4cd660d16ac5573e2375386e9615476dcba1f3fce4392c9a96

HTTP Headers

GET /gtag/js?id=UA-88600307-18 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 06 Feb 2023 06:27:27 GMT
expires: Mon, 06 Feb 2023 06:27:27 GMT
cache-control: private, max-age=900
last-modified: Mon, 06 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43914
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9206c3ba6d5a17d62244c438fd03496e
069e8257aebe618953434b1299d065540125a512
937d395fed398e9410f75945e80f607f3146458b48cd47ba7249536ca2195817

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13567
Expires: Mon, 06 Feb 2023 10:13:34 GMT
Date: Mon, 06 Feb 2023 06:27:27 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13567
Expires: Mon, 06 Feb 2023 10:13:34 GMT
Date: Mon, 06 Feb 2023 06:27:27 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13567
Expires: Mon, 06 Feb 2023 10:13:34 GMT
Date: Mon, 06 Feb 2023 06:27:27 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11630 bytes)
Hash
b08a4dc42d2e08b2b18c9545ce9a2fdb
b688557ebba4b3c987275761e9a1f5993ad3d8a5
641402fb9282208b33877e4812cb9392b035dba85fcb3a344a2a1072d5a69f28

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11630
x-amzn-requestid: 3912e3f9-44a5-405c-9edb-d8409faa0b04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pkUHUoIAMFzcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022e8-03e547e96b085d9e29a1852b;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vrf1axqufJTrf057F6nY_97NtiM_Wt0tZXpTGN42rvAOV7a4CPe1ig==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:12:02 GMT
age: 29725
etag: "b688557ebba4b3c987275761e9a1f5993ad3d8a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8981 bytes)
Hash
714723c38877e0d1655c7118a88ec064
809a42ce7c76cea0ce16af8172d852723c3a5f02
6bad7253694d155de31a8f5a3c635545a39aac340ca49d1bc10efb6739d4a356

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8981
x-amzn-requestid: 0054e925-c381-4737-bd92-32b2af3a604e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQHRFoAMFw6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-45ea5ee33d07326c593d21d3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ixAMZh_xOYWVESJ0jOEPOXZ4GQBDUZZsh26yEDYfl8APcBF2x2sZYg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 31044
etag: "809a42ce7c76cea0ce16af8172d852723c3a5f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13230 bytes)
Hash
a24cf7b2db6d65c3fe5daf78b3309ced
a3653a9a7baea412808dd91572ff21e1a505c26f
f55ee98bab5ce53d6acc1cac7f54f089b42d5f2ffbe750d869c4f4a7bc26f715

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13230
x-amzn-requestid: 8171829a-cf6d-4c33-99a1-f3cef7cd4475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiTH8GoAMFYLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1597a0f06ef3db2534a101aa;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Nvfp0sEYw5bxnFHisq80WCXh6T-LdFlPqs95tyX2epjMfhM_hjUj0A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 31044
etag: "a3653a9a7baea412808dd91572ff21e1a505c26f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8481 bytes)
Hash
929818fabd5a6ee5200499ca445d121e
3951cfa614e0a8674b730c4850f6483e35f73f6a
9f56ead2f8c136f6d6906fbb8a0ee5e0fd879e8ed104512ed4edf3ba3ece6917

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4c26323-ca84-49c2-9f28-1ea4944d5cd9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8481
x-amzn-requestid: 77c27205-9d32-42d4-b2c4-e5c3941bbe72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pcuG8VoAMFTaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022b7-76fae5a943c7a1d242f7a758;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:42:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Et74Co732_uh0XdLXtBoER9YtKrPXnac-OGNxyuLmjIHsvgi1XwtYA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:13:26 GMT
age: 29641
etag: "3951cfa614e0a8674b730c4850f6483e35f73f6a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3482c5eb-0e83-4722-a14e-ee2eefae5e03.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6779 bytes)
Hash
5eb98d203ce09cf8d1964decb2e44058
004d35f6af8f06b453a4c047e202fddbd410aaf4
80232fe0b4ce7393653076fc39d2d315274e8c17f76a4f754576f4a8a1b3baef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3482c5eb-0e83-4722-a14e-ee2eefae5e03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6779
x-amzn-requestid: e2a59d9f-577d-4071-8d40-80e54051fc18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVx6FjwoAMFyNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033f-1fcd55e1413543440d46307c;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Q7yMHmaEpwLuUNkDG-InGzSE6Lsl-4BJAfAliwalUwb57vEF9Vtixg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 07:11:11 GMT
age: 83776
etag: "004d35f6af8f06b453a4c047e202fddbd410aaf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8039 bytes)
Hash
336b665bfad04ec8ed14b01bbf17566d
92102d4c75d2c7efd8197be88e3cb467d2682190
1e21687a242c058a3b442909b168c5e706175b1e93e51cfce691c6f033f795d7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8039
x-amzn-requestid: b36a6062-0676-4abc-820c-959bc02810f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pkoECwIAMF4hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022ea-52faddc079b7107004e8cfea;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:43:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MOgI0aopvRaUSJ-YFH6QFNpGxhUNlpnLk7VeCeOsmcrGTUYIESN2Hg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:04:24 GMT
age: 30183
etag: "92102d4c75d2c7efd8197be88e3cb467d2682190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/app/global.bb5b9abe6071f2a343e8.bundle.js

3.104.10.184

200 OK

938 B

URL HTTP/2
covidtravel.clinicallabs.com.au/app/global.bb5b9abe6071f2a343e8.bundle.js
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (938), with no line terminators
Size
938 B (938 bytes)
Hash
25d6ff708ed148cd4088c157ce079bed
7d572643eed634b4c7262b1331acd206e86de6c3
44f50b2b4ae596c613a492aa4ae7933ff340f29113c41080b14e08059f51379b

HTTP Headers

GET /app/global.bb5b9abe6071f2a343e8.bundle.js HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:27 GMT
content-type: application/javascript
content-length: 938
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
cache-control: max-age=126230400, public
accept-ranges: bytes
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/content/8081832fc5cfbf634aa664a9eff0350e.ttf

3.104.10.184

200 OK

158 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/content/8081832fc5cfbf634aa664a9eff0350e.ttf
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
TrueType Font data, 13 tables, 1st "GDEF", 17 names, Microsoft, language 0x409, Copyright 2020 The Poppins Project Authors (https://github.com/itfoundry/Poppins)PoppinsRegularI\012- data
Size
158 kB (158192 bytes)
Hash
8b6af8e5e8324edfd77af8b3b35d7f9c
01d319c533f62ea29f03b5df8adfd4d93d2d2a38
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527

HTTP Headers

GET /content/8081832fc5cfbf634aa664a9eff0350e.ttf HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://covidtravel.clinicallabs.com.au/content/global.46f6932359da192a6b85.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:28 GMT
content-type: application/x-font-ttf
content-length: 158192
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
cache-control: max-age=126230400, public
accept-ranges: bytes
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/i18n/en.json?buildTimestamp=1669431307903

3.104.10.184

200 OK

10 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/i18n/en.json?buildTimestamp=1669431307903
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (40419), with no line terminators
Size
10 kB (10173 bytes)
Hash
1d9116556d32c57893e217239ebe3210
00a8c3ad7702ea0371daa6a94d68235cc516130c
2129f411238eb6e8826750ea36de8b5034fc79e8740f21ee5700d648e8203c9c

HTTP Headers

GET /i18n/en.json?buildTimestamp=1669431307903 HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:29 GMT
content-type: text/html;charset=utf-8
content-length: 10173
content-encoding: gzip
cache-control: max-age=126230400, public
accept-ranges: bytes
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/app/0.bb5b9abe6071f2a343e8.chunk.js

3.104.10.184

200 OK

4.2 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/app/0.bb5b9abe6071f2a343e8.chunk.js
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (21248), with no line terminators
Size
4.2 kB (4182 bytes)
Hash
2bdfff0cae399ad855fe746949c028cd
6086274f75baf27619ce519cbb775a36c8e14b26
071a46fb90ad9ad6c95c0596a938d64eb85cbefd8dc17621d359a82f5a945360

HTTP Headers

GET /app/0.bb5b9abe6071f2a343e8.chunk.js HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:29 GMT
content-type: application/javascript
content-length: 4182
content-encoding: gzip
cache-control: max-age=126230400, public
accept-ranges: bytes
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Mon, 06 Feb 2023 05:44:08 GMT
expires: Mon, 06 Feb 2023 07:44:08 GMT
cache-control: public, max-age=7200
age: 2601
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

covidtravel.clinicallabs.com.au/app/30.bb5b9abe6071f2a343e8.chunk.js

3.104.10.184

200 OK

219 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/app/30.bb5b9abe6071f2a343e8.chunk.js
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (64716), with no line terminators
Size
219 kB (218662 bytes)
Hash
1e3e9594747eb94acc08b0dddda1336b
d8249c1e481f9962f6704659be6bfb8a80c6e500
231d7e4d294873ceb96e53418f1f30641d83d2fddb09dfae5bef84cac7023947

HTTP Headers

GET /app/30.bb5b9abe6071f2a343e8.chunk.js HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:29 GMT
content-type: application/javascript
content-encoding: gzip
cache-control: max-age=126230400, public
accept-ranges: bytes
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

covidtravel.clinicallabs.com.au/favicon.ico

3.104.10.184

200 OK

1.2 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/favicon.ico
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
0595f8a08fd3ff8fb08b9ca8c5d2198d
d66b0d36733a583efcc12e7e9bc78cb4b0ff46cf
c17bde6f444b9a2d1e3587ca65b2fdb5c32122e2855bf691165a87544de7b575

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:29 GMT
content-type: image/x-icon
content-length: 1150
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
accept-ranges: bytes
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a1b0adb1c8292e353e84a56a163dddf0
e72fe20524a0cc1d6077eeef4445bd24cae46a60
d82c206adfc4b455e24ae565256cca03e48944af39dbbef0c704ddfc1cce501a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

11359170.fls.doubleclick.net/activityi;src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664?

142.250.74.70

200 OK

282 B

URL HTTP/2
11359170.fls.doubleclick.net/activityi;src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (540), with no line terminators
Size
282 B (282 bytes)
Hash
c07da5f510e74163d2e337085e3dc442
f2f917de2f4f1a4fde493a11cd20fd94dfad6ccb
3731750cdceab43e252ff0872ece01158fbeb32a258f82823593cc49e45fbbfb

HTTP Headers

GET /activityi;src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664? HTTP/1.1
Host: 11359170.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 06:27:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 282
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 06-Feb-2023 06:42:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/content/main.823d867760a9773c9aa9.css

3.104.10.184

200 OK

26 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/content/main.823d867760a9773c9aa9.css
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
data
Size
26 kB (25671 bytes)
Hash
de70ac6b88a05531aba61838dcb16eb5
bff0c20db2f5680460cf753b9243dbb0f2285755
dc656a48d6dc3045b9656e311f35d5595670432ce82d96eae7092c53111f6fea

HTTP Headers

GET /content/main.823d867760a9773c9aa9.css HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:27 GMT
content-type: text/css
content-encoding: gzip
cache-control: max-age=126230400, public
accept-ranges: bytes
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
X-Firefox-Spdy: h2

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.170

200 OK

23 B

URL HTTP/2
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
e3981ca10169a319d5aa062bf43a5fa1
2c6ed584767b65688ce99b1ebe1a3b7448a67421
8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/
Origin: https://covidtravel.clinicallabs.com.au
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 06 Feb 2023 06:27:30 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://covidtravel.clinicallabs.com.au
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/management/info

3.104.10.184

200 OK

5.9 kB

URL HTTP/2
covidtravel.clinicallabs.com.au/management/info
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type
data
Size
5.9 kB (5913 bytes)
Hash
fb944e5db3b96d97775ac6c5a3e2dee9
095b49c268c4bdb78fb85d2e434f13b3dc2b1410
c47da83536528a6f2d7b8895f5c20f95915bbb75370c1aa431797d5799decbd0

HTTP Headers

GET /management/info HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:29 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2183fdf183ed33f2cd4342abd7bcadbe
007fe0bb01b7d77fbaaff5346fd7582041c978c8
8f0381d12ab5a76be5137b365e811e75db681eb0f6ad04d7ce28ad73101c33d5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.com/ddm/fls/i/src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664;~oref=https://covidtravel.clinicallabs.com.au/

142.250.74.34

200 OK

285 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664;~oref=https://covidtravel.clinicallabs.com.au/
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (539), with no line terminators
Size
285 B (285 bytes)
Hash
cf9f7c5b2417bca0504850b4fac788c8
8810f17f2e1c7740014244c75420f99748ac4acd
93fc09453dd418552c7390e355c4c98cf8317e43d15217fc6a5d87065f8e4714

HTTP Headers

GET /ddm/fls/i/src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664;~oref=https://covidtravel.clinicallabs.com.au/ HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11359170.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 06:27:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2183fdf183ed33f2cd4342abd7bcadbe
007fe0bb01b7d77fbaaff5346fd7582041c978c8
8f0381d12ab5a76be5137b365e811e75db681eb0f6ad04d7ce28ad73101c33d5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9d7d54937b70d60ca299d07980bc1e1e
42ee245e31b6c480419253d420a75159e107cc65
fd8c0e9b7ce1332347da031c471053f5acaab963f5aafd0e29bb94b90bcf9293

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664;~oref=https://covidtravel.clinicallabs.com.au/

216.58.207.194

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664;~oref=https://covidtravel.clinicallabs.com.au/
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=11359170;type=invmedia;cat=clini005;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=3405643743120.5664;~oref=https://covidtravel.clinicallabs.com.au/ HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 06:27:30 GMT
expires: Mon, 06 Feb 2023 06:27:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9d7d54937b70d60ca299d07980bc1e1e
42ee245e31b6c480419253d420a75159e107cc65
fd8c0e9b7ce1332347da031c471053f5acaab963f5aafd0e29bb94b90bcf9293

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 06:27:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

insight.adsrvr.org/track/pxl/?adv=byq8uk2&ct=0:u7opbuj&fmt=3

15.197.193.217

200 OK

157 kB

URL HTTP/2
insight.adsrvr.org/track/pxl/?adv=byq8uk2&ct=0:u7opbuj&fmt=3
IP
15.197.193.217:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
157 kB (156550 bytes)
Hash
c96f0fd397bc196f32f652880648feb4
d6dd33a4a7482d2d47a11abce3d07d9ace1cede7
cb65bdc2187952a4a1316564d4945e4bf1a61b07a0df3ff6c71e03d0ee012cba

HTTP Headers

GET /track/pxl/?adv=byq8uk2&ct=0:u7opbuj&fmt=3 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/app/main.bb5b9abe6071f2a343e8.bundle.js

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/app/main.bb5b9abe6071f2a343e8.bundle.js
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /app/main.bb5b9abe6071f2a343e8.bundle.js HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:27 GMT
content-type: application/javascript
content-encoding: gzip
cache-control: max-age=126230400, public
accept-ranges: bytes
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/public/properties/square-config

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/public/properties/square-config
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/public/properties/square-config HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/airlines

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/airlines
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/airlines HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/states

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/states
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/states HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/package-tests/active

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/package-tests/active
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/package-tests/active HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/collection-centers

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/collection-centers
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/collection-centers HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

insight.adsrvr.org/track/up?adv=byq8uk2&ref=https%3A%2F%2Fcovidtravel.clinicallabs.com.au%2Frequest-form%2Fnew&upid=xdm9u1j&upv=1.1.0

15.197.193.217

200 OK

0 B

URL HTTP/2
insight.adsrvr.org/track/up?adv=byq8uk2&ref=https%3A%2F%2Fcovidtravel.clinicallabs.com.au%2Frequest-form%2Fnew&upid=xdm9u1j&upv=1.1.0
IP
15.197.193.217:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /track/up?adv=byq8uk2&ref=https%3A%2F%2Fcovidtravel.clinicallabs.com.au%2Frequest-form%2Fnew&upid=xdm9u1j&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/content/global.46f6932359da192a6b85.css

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/content/global.46f6932359da192a6b85.css
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /content/global.46f6932359da192a6b85.css HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:27 GMT
content-type: text/css
content-encoding: gzip
cache-control: max-age=126230400, public
accept-ranges: bytes
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Sat, 26 Nov 2022 03:03:17 GMT
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/announcement/1

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/announcement/1
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/announcement/1 HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/lookups/get-by-name/test_name

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/lookups/get-by-name/test_name
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/lookups/get-by-name/test_name HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/countries

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/countries
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/countries HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

covidtravel.clinicallabs.com.au/api/nationalities

3.104.10.184

200 OK

0 B

URL HTTP/2
covidtravel.clinicallabs.com.au/api/nationalities
IP
3.104.10.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/nationalities HTTP/1.1
Host: covidtravel.clinicallabs.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://covidtravel.clinicallabs.com.au/request-form/new
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 06:27:30 GMT
content-type: application/json
content-encoding: gzip
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-ancestors https://www.xtramilesolutions.com.au;frame-src 'self' data: https://*.fls.doubleclick.net https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adsrvr.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://pci-connect.squareup.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://*.adsrvr.org;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://*.squareup.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://insight.adsrvr.org;img-src 'self' data: https://*.squarecdn.com https://*.squareup.com https://*.s3.ap-southeast-2.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com https://*.adsrvr.org;font-src 'self' data: https://fonts.gstatic.com https://*.squarecdn.com https://*.squareup.com https://*.cloudfront.net
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML