r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9f3cf7e36f17a535e53e5213c02cf2b4
e65acbc03135ce135b9e91b4f74b3e1439faa6f6
a2317476862acd0a92fe523454c3991752b07ba14e7667f421dd9624e0233758
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2317476862ACD0A92FE523454C3991752B07BA14E7667F421DD9624E0233758"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5564
Expires: Sun, 18 Dec 2022 10:02:49 GMT
Date: Sun, 18 Dec 2022 08:30:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 460af93786e1eaa666f135e6c3fdc634
bc8aeba36225c79718f5de73d79928fe817c5490
471f4e7ae29bcf6ba1f749c0f5d4ab446cebfac5aa80c3e19c6edf21be456eb5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "471F4E7AE29BCF6BA1F749C0F5D4AB446CEBFAC5AA80C3E19C6EDF21BE456EB5"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3930
Expires: Sun, 18 Dec 2022 09:35:35 GMT
Date: Sun, 18 Dec 2022 08:30:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 18 Dec 2022 07:34:18 GMT
content-type: application/json
age: 3347
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bcade8542361774f13ecd22557ff8fb8
5e67a3753b0856c765f3b17f1742d3ed684ffb6d
647f8d9d3d1170e60a60e15fdfd9b59445feb56a6ce9d9bb2fa4720f0bfc3a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "647F8D9D3D1170E60A60E15FDFD9B59445FEB56A6CE9D9BB2FA4720F0BFC3A14"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5052
Expires: Sun, 18 Dec 2022 09:54:17 GMT
Date: Sun, 18 Dec 2022 08:30:05 GMT
Connection: keep-alive
daisymedia.com/
45.33.18.44200 OK 4.7 kB IP 45.33.18.44:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c2873824ca3d9171b2ec60ffe2ae25a4
f22af4488331957c737ba42ecc9d561ac29d78b5
37db04557ab2bcf2087b7835567f01e7bff61173576463e386859819489c9153
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sun, 18 Dec 2022 08:30:05 GMT
content-type: text/html; charset=utf-8
content-length: 4650
vary: Accept-Language
content-language: en
connection: close
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wirKbjw7NvV8qAlZuC6qv1j7OVneQZsiHcliPxqThefRny4w1HDrFt/XnhJEd5mvN/gjZSw/9Qw=
x-amz-request-id: WK0R8KQAXJWTA24H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 18 Dec 2022 07:52:07 GMT
age: 2278
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 08:30:05 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
daisymedia.com/mtm/async/.eJxdi0sOwjAMBe_iZYkalnzEWZBJ3dZS3ITEhaCqdycFVuxm3ugtMCeGE1gwgGnIFSsl6ilR-soYsl4nFKraIeeXUMfYuiDbxzmKWotSUTuqeIMxenaoHCZbtmVX_lfx5_tl3x4NCw5k8cH9D590i6axzacfYH0Df501fg:1p6p3d:jDveEzq_x80IROH-fB24x_BV-XI/1/
45.33.18.44200 OK 444 B URL HTTP/1.1 daisymedia.com/mtm/async/.eJxdi0sOwjAMBe_iZYkalnzEWZBJ3dZS3ITEhaCqdycFVuxm3ugtMCeGE1gwgGnIFSsl6ilR-soYsl4nFKraIeeXUMfYuiDbxzmKWotSUTuqeIMxenaoHCZbtmVX_lfx5_tl3x4NCw5k8cH9D590i6axzacfYH0Df501fg:1p6p3d:jDveEzq_x80IROH-fB24x_BV-XI/1/
IP 45.33.18.44:0
File type ASCII text, with very long lines (444), with no line terminators
Hash 758c4be5cf6b51d9d618854844e3712f
5ed39aecea9b9282f1633f9614c6e534f0ad1370
e1a0e6dd23256620b7ac3b98bec04373d0ea95ad4a762c0f06ab0c96b6e8a0fa
Analyzer Verdict Alert fortinet Phishing
GET /mtm/async/.eJxdi0sOwjAMBe_iZYkalnzEWZBJ3dZS3ITEhaCqdycFVuxm3ugtMCeGE1gwgGnIFSsl6ilR-soYsl4nFKraIeeXUMfYuiDbxzmKWotSUTuqeIMxenaoHCZbtmVX_lfx5_tl3x4NCw5k8cH9D590i6axzacfYH0Df501fg:1p6p3d:jDveEzq_x80IROH-fB24x_BV-XI/1/ HTTP/1.1
Host: daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://daisymedia.com/
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sun, 18 Dec 2022 08:30:06 GMT
content-type: text/html; charset=utf-8
content-length: 444
x-mtm-path: 7
x-mtm-prov: 300:0.00;308:0.00
x-mtm-rd: 0.00
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJkYWlzeW1lZGlhLmNvbSIsImh0dHA6Ly93d3cxLmRhaXN5bWVkaWEuY29tLz90bT0xJnN1YmlkND0xNjcxMzUyMjA2LjAzNDAwMDAwMDAmS1cxPVNvY2lhbCUyME1lZGlhJTIwQXV0b21hdGlvbiUyME1hcmtldGluZyUyMFNvZnR3YXJlJktXMj1Tb2NpYWwlMjBNZWRpYSUyMEF1dG9tYXRpb24lMjBNYXJrZXRpbmclMjBTb2Z0d2FyZSZLVzM9TG93ZXN0JTIwQ2FyJTIwSW5zdXJhbmNlJTIwUmF0ZXMmS1c0PUIyQiUyMFRyYXZlbCUyMEJvb2tpbmclMjBTeXN0ZW0mS1c1PUIyQiUyMFRyYXZlbCUyMEJvb2tpbmclMjBTeXN0ZW0mS1c2PUxvd2VzdCUyMENhciUyMEluc3VyYW5jZSUyMFJhdGVzJktXNz1FbGl0ZSUyMERhdGluZyUyMFNlcnZpY2UmS1c4PURlZGljYXRlZCUyMEdhbWluZyUyMFNlcnZlcnMmS1c5PUJlc3QlMjBNb3J0Z2FnZSUyMFJlZmluYW5jaW5nJTIwUmF0ZXMmc2VhcmNoYm94PTAmYmFja2ZpbGw9MCIsMSwiMjAyMi0xMi0xOCAwODozMDowNiIsMSwiMTY3MTM1MjIwNi4wMzQwMDAwMDAwIiwzMDgsbnVsbCxudWxsXQ:1p6p3e:HFYiUN8xNuLZ1QrqBHfd2ADp0T4; expires=Sun, 18-Dec-2022 09:30:06 GMT; Max-Age=3600; Path=/
connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 18 Dec 2022 07:33:23 GMT
age: 3403
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2d1752cd6eb7f48e7494373911a5b996
43d9c23c4d03cccce0fc478f0e12c0874dc762fd
aded7fd1d638c001b0b462fdfeee0549d2ed61b51ced88eb83690e2e20ed36d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5829
Cache-Control: max-age=94434
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:06 GMT
Etag: "639d86ab-1d7"
Expires: Mon, 19 Dec 2022 10:44:00 GMT
Last-Modified: Sat, 17 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
76.223.26.96200 OK 6.4 kB URL HTTP/1.1 www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3162)
Hash ddacb86cad9b86751ccdbd91c9724b0a
502848533d4cb94c8d8fa716f93e176fa3fb24f2
1d03b0ee41be05f96c68a0783c273cf3e4ade45b8ed1dc6a5f5d7c3b22736094
GET /?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0 HTTP/1.1
Host: www1.daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://daisymedia.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 08:30:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_YVnoqdgIQV4jqvVh1BpDRXCDmK8G8ji+bsiqpTqtyFoxkHErtGTdU8zTzIba4trrvy6yYWfP4rUVEMKE6nj/Bw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
54.230.245.130200 OK 7.0 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP 54.230.245.130:0
File type ASCII text, with very long lines (316)
Hash 3c7567521347bf95b105ffa7fdc7da86
08739adacbf1300c74d8ae1cf100d00d9fbd0e5f
0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29
GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7006
Connection: keep-alive
Server: nginx
Date: Sun, 18 Dec 2022 02:41:56 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
Accept-Ranges: bytes
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hqAMJ0ZrY0LveVCyR6MEawtqfHjrdYrlhHa5wtJwyNosU1O8SvSlpQ==
Age: 20890
www.google.com/adsense/domains/caf.js
216.58.211.4200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 216.58.211.4:0
File type ASCII text, with very long lines (1885)
Hash 3caf7ec4dc4407dd26c23c27e2ee8441
b78a33cd365345328c1e85616ef3d86f9e52604b
243f55134830ee5256888d500b0f764452eef944911c7fb0a64a9ded6605e8d3
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 18 Dec 2022 08:30:06 GMT
Expires: Sun, 18 Dec 2022 08:30:06 GMT
Cache-Control: private, max-age=3600
ETag: "14181701328128387770"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
c.parkingcrew.net/scripts/sale_form.js
185.53.178.30200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP 185.53.178.30:0
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 08:30:06 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
push.services.mozilla.com/
52.35.190.173101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.190.173:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8O0ZW7y1TzZKJ37heoltZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ORDIJdN3WzXK6bEowHAUGoz1T88=
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
54.230.245.130200 OK 11 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP 54.230.245.130:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 18 Dec 2022 02:14:38 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -xhaEZd6cPTn8bsJ8h3Zvj2T1Vgag-IdkHN6ZtZ2ax9wIP7hbeGrCA==
Age: 22529
www1.daisymedia.com/favicon.ico
76.223.26.96200 OK 0 B URL HTTP/1.1 www1.daisymedia.com/favicon.ico
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 08:30:07 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.daisymedia.com/track.php?domain=daisymedia.com&toggle=browserjs&uid=MTY3MTM1MjIwNi41NDk6ZjA1MGFmYzdmYWJkOWVhZGUwM2RkY2JkYWRjMGU2MmQ3ZGM0ZGMxNTZhNDYxMmZlOTNjNTQ0MDA2ODVmZTgxNDo2MzllY2Y4ZTg2MDkw
76.223.26.96200 OK 20 B URL HTTP/1.1 www1.daisymedia.com/track.php?domain=daisymedia.com&toggle=browserjs&uid=MTY3MTM1MjIwNi41NDk6ZjA1MGFmYzdmYWJkOWVhZGUwM2RkY2JkYWRjMGU2MmQ3ZGM0ZGMxNTZhNDYxMmZlOTNjNTQ0MDA2ODVmZTgxNDo2MzllY2Y4ZTg2MDkw
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=daisymedia.com&toggle=browserjs&uid=MTY3MTM1MjIwNi41NDk6ZjA1MGFmYzdmYWJkOWVhZGUwM2RkY2JkYWRjMGU2MmQ3ZGM0ZGMxNTZhNDYxMmZlOTNjNTQ0MDA2ODVmZTgxNDo2MzllY2Y4ZTg2MDkw HTTP/1.1
Host: www1.daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 08:30:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 953635cff82596ecfcbd7ff83474031a
5ea2fa051d49d203df6582bc273639a90348f8d2
bb63f27f12c917fccddd13680972fc6e12a8e0e4dcb9b9340f7f911c8b1db9ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001280%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Social%20Media%20Automation%20Marketing%20Software%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates%2CB2B%20Travel%20Booking%20System%2CB2B%20Travel%20Booking%20System%2CLowest%20Car%20Insurance%20Rates%2CElite%20Dating%20Service%2CDedicated%20Gaming%20Servers%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404&format=r9%7Cs&nocache=2351671352204081&num=0&output=afd_ads&domain_name=www1.daisymedia.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1671352204083&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=493016327&uio=--&cont=tc&jsid=caf&jsv=493016327&rurl=http%3A%2F%2Fwww1.daisymedia.com%2F%3Ftm%3D1%26subid4%3D1671352206.0340000000%26KW1%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW2%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW3%3DLowest%2520Car%2520Insurance%2520Rates%26KW4%3DB2B%2520Travel%2520Booking%2520System%26KW5%3DB2B%2520Travel%2520Booking%2520System%26KW6%3DLowest%2520Car%2520Insurance%2520Rates%26KW7%3DElite%2520Dating%2520Service%26KW8%3DDedicated%2520Gaming%2520Servers%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fdaisymedia.com%2F&adbw=master-1%3A530
216.58.211.4200 OK 2.4 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001280%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Social%20Media%20Automation%20Marketing%20Software%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates%2CB2B%20Travel%20Booking%20System%2CB2B%20Travel%20Booking%20System%2CLowest%20Car%20Insurance%20Rates%2CElite%20Dating%20Service%2CDedicated%20Gaming%20Servers%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404&format=r9%7Cs&nocache=2351671352204081&num=0&output=afd_ads&domain_name=www1.daisymedia.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1671352204083&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=493016327&uio=--&cont=tc&jsid=caf&jsv=493016327&rurl=http%3A%2F%2Fwww1.daisymedia.com%2F%3Ftm%3D1%26subid4%3D1671352206.0340000000%26KW1%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW2%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW3%3DLowest%2520Car%2520Insurance%2520Rates%26KW4%3DB2B%2520Travel%2520Booking%2520System%26KW5%3DB2B%2520Travel%2520Booking%2520System%26KW6%3DLowest%2520Car%2520Insurance%2520Rates%26KW7%3DElite%2520Dating%2520Service%26KW8%3DDedicated%2520Gaming%2520Servers%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fdaisymedia.com%2F&adbw=master-1%3A530
IP 216.58.211.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8262)
Hash 5b52c5c5e5c7ccbee676b39feca70d9c
7d937aa7116e4dc333a44d2765243b1685d5e149
3085e94343f31e85c71bad7262f0e6c73d3ff3a97779fdc5d9bc11b86b363e3b
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001280%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Social%20Media%20Automation%20Marketing%20Software%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates%2CB2B%20Travel%20Booking%20System%2CB2B%20Travel%20Booking%20System%2CLowest%20Car%20Insurance%20Rates%2CElite%20Dating%20Service%2CDedicated%20Gaming%20Servers%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404&format=r9%7Cs&nocache=2351671352204081&num=0&output=afd_ads&domain_name=www1.daisymedia.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1671352204083&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=493016327&uio=--&cont=tc&jsid=caf&jsv=493016327&rurl=http%3A%2F%2Fwww1.daisymedia.com%2F%3Ftm%3D1%26subid4%3D1671352206.0340000000%26KW1%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW2%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW3%3DLowest%2520Car%2520Insurance%2520Rates%26KW4%3DB2B%2520Travel%2520Booking%2520System%26KW5%3DB2B%2520Travel%2520Booking%2520System%26KW6%3DLowest%2520Car%2520Insurance%2520Rates%26KW7%3DElite%2520Dating%2520Service%26KW8%3DDedicated%2520Gaming%2520Servers%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fdaisymedia.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.daisymedia.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 18 Dec 2022 08:30:07 GMT
expires: Sun, 18 Dec 2022 08:30:07 GMT
cache-control: private, max-age=3600
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2364
x-xss-protection: 0
set-cookie: CONSENT=PENDING+264; expires=Tue, 17-Dec-2024 08:30:07 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e42b680c4b5b79456228702fdbec8b71
b2b948f6514fb1aad861d8860190b0a7b8a3377e
823c3b0ea23e1595c8da827e097babb428fd00401e0979925ec2845781b2417d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www1.daisymedia.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
216.58.207.226200 OK 242 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www1.daisymedia.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
IP 216.58.207.226:0
File type ASCII text, with very long lines (368), with no line terminators
Hash f392e4d6b8454422e798798f11b0f46b
07813af15c5bf534947f71cfb6bade1301703a37
c08cf52c30f60e5f090484c984714ac27737faaada89ae9820ae6ed8e16c2edb
GET /gampad/cookie.js?domain=www1.daisymedia.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.daisymedia.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 18 Dec 2022 08:30:07 GMT
server: cafe
cache-control: private
content-length: 242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 157b62091fad279063f540564a4c72e6
9db33b844db31eed03695c97daf4c84a4d7d265f
92904432175c023613dea4d660d2c9098e00b7f3b628c8519bf5b404cad450a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e42b680c4b5b79456228702fdbec8b71
b2b948f6514fb1aad861d8860190b0a7b8a3377e
823c3b0ea23e1595c8da827e097babb428fd00401e0979925ec2845781b2417d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1266d62a0505a7560e1bca7169ede0f6
d0f1bf98b2a532442eecd96949a1fd1be4d2cd92
9039afbfee400a09f93ed177943a84e57b8eeb295652b450252446146a1ec140
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1266d62a0505a7560e1bca7169ede0f6
d0f1bf98b2a532442eecd96949a1fd1be4d2cd92
9039afbfee400a09f93ed177943a84e57b8eeb295652b450252446146a1ec140
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/adsense/domains/caf.js
216.58.211.4200 OK 54 kB URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 216.58.211.4:0
File type ASCII text, with very long lines (1885)
Hash 2f31eae90919b8a1e85cd5312a7a3b73
b02786c00ea14e8429f7659aaa5de00859226c8c
7417f9e8e646f880110e20c59a711a407c4d10fc7171550eb31ff5a57ecb2388
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 18 Dec 2022 08:30:07 GMT
expires: Sun, 18 Dec 2022 08:30:07 GMT
cache-control: private, max-age=3600
etag: "10662505423787015863"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.97200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 17 Dec 2022 09:51:45 GMT
expires: Sun, 18 Dec 2022 08:51:45 GMT
cache-control: public, max-age=82800
age: 81502
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1266d62a0505a7560e1bca7169ede0f6
d0f1bf98b2a532442eecd96949a1fd1be4d2cd92
9039afbfee400a09f93ed177943a84e57b8eeb295652b450252446146a1ec140
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 08:30:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8669
Expires: Sun, 18 Dec 2022 10:54:36 GMT
Date: Sun, 18 Dec 2022 08:30:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8669
Expires: Sun, 18 Dec 2022 10:54:36 GMT
Date: Sun, 18 Dec 2022 08:30:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada04738696f861648635c9ba98841e4
ce644cd4349d88aa7c24b2503b0b18b444061639
e5cee777efbf1d8a0f95f6cce71199e5f016a91f90cf0afe38bc86654b9d730d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8696
x-amzn-requestid: c897aeed-a082-46a1-965f-39e8c763cb05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10ZH3jIAMF0gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-548ac80840737a20743980f5;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xFbmIbrDz7MnhaF8tqHeTDzjrwbsP7SbmYb_OLLWZPb7poAmecfDew==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 39062
etag: "ce644cd4349d88aa7c24b2503b0b18b444061639"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae5629d0-2146-4184-be4e-96bb9ad63cda.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae5629d0-2146-4184-be4e-96bb9ad63cda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f483fbc04fdbb1b30097fadad516f718
5acc44f724df315d42fad6c3a6147c781285f498
c0709eab8e4a270d6a1ff763953241c6820dfd53f1c45fd73b0a8e2837934b58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae5629d0-2146-4184-be4e-96bb9ad63cda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5290
x-amzn-requestid: 78198cd7-6565-48c4-a017-52522d65d9af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dOAbhGYpoAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639be116-62976f8f1156951a5f8173f8;Sampled=0
x-amzn-remapped-date: Fri, 16 Dec 2022 03:08:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2iWdl5-74fJleg5LpAWNtIhG1xbDtulnFiD_XfzKC5dQS90JsRkDrg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 01:23:35 GMT
age: 25592
etag: "5acc44f724df315d42fad6c3a6147c781285f498"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Dg3c2lWr1FbFUalH5QB05VrQIkpt3LNuUM-VxJZiaXy3nJu-cfd5jg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 39062
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c80a9fa-2fa0-4eaa-8573-26bcb62a1728.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c80a9fa-2fa0-4eaa-8573-26bcb62a1728.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 455fac45ae0c53d1597a541eaf497576
591202053dde2e39766bb8d58898dd58bac94b64
567510fec1be57dc02c7daf4aa2b6ecdfd79c218e02dbab9319ad8cee75034db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c80a9fa-2fa0-4eaa-8573-26bcb62a1728.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12988
x-amzn-requestid: 98254e1f-8c22-46db-9eb3-6dd85a657173
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2Z2FG3IAMFlmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3772-2aa92ecb7ea390b82c1c2665;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:41:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ctRdi7t-KHO1QuclQGGeDghvY-dPCBmNTG03wzwi8Tf7kCcBNgnIjA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 22:12:10 GMT
age: 37077
etag: "591202053dde2e39766bb8d58898dd58bac94b64"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12c4c2232b6d09e9085f0214b3260c1e
a24f8e949a2f2a973fe2dd5af994cd970d37f13a
000475ed7d0aab9a7dab3e25f0a29f82552739fea99f98cbf5131282d0db7d63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10670
x-amzn-requestid: d72e1904-caf4-4c72-a811-d1bde023f4b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT11JGCsIAMFRDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3687-7789040d71253d00378f9162;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NWh-ecaQXJITj6VyK4qutXz95L557E8kCDxs-fNBRmkjUk_ZG0Oygg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 39062
etag: "a24f8e949a2f2a973fe2dd5af994cd970d37f13a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed374d0c34e8b2e15f08a6479a4f45e7
5db9e59699048998f0685e940640eae19ef11c8e
9933854830be796a87cfe44b6b8336294e2d3dbbe3205f267720aca6968c3a21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12125
x-amzn-requestid: e44faa15-1dfd-4bc0-bdfb-307c3de2755d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2QPFZAIAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3734-33d636210a1e24742ee71187;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JHDfcd35b-bHZm6oayBIN5NDt6ZeGygBfvu7IKU18wFiLHMGEPQPkQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 22:02:19 GMT
etag: "5db9e59699048998f0685e940640eae19ef11c8e"
content-type: image/jpeg
age: 37668
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
76.223.26.96200 OK 6.4 kB URL HTTP/1.1 www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3138)
Hash a0493875c6e5240a6fdc5afaee00d7b5
0ff55df48ccef2a4a6bfe3fdc5986b7cb5109911
9732d9a5b5e3c7b0110b82d54f8138c61f39a542261198861c4ec4f08176c3fc
GET /?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0 HTTP/1.1
Host: www1.daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __gsas=ID=17685f9125d24787:T=1671352207:S=ALNI_MaDuIXJUIXTj5qj7E4InABePIUX9A
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 08:30:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_YVnoqdgIQV4jqvVh1BpDRXCDmK8G8ji+bsiqpTqtyFoxkHErtGTdU8zTzIba4trrvy6yYWfP4rUVEMKE6nj/Bw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
54.230.245.130304 Not Modified 0 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP 54.230.245.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/
If-Modified-Since: Tue, 15 Nov 2022 15:10:24 GMT
If-None-Match: "6373abe0-1b5e"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Sun, 18 Dec 2022 02:41:56 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5kBf6T1xJdj9ubp9ela9RsGCullX_RfIaCB7ItaQliFFeTYulFj7Jw==
Age: 20892
www.google.com/adsense/domains/caf.js
216.58.211.4200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 216.58.211.4:0
File type ASCII text, with very long lines (1885)
Hash 22ce40fa25b267317f5305474d920dd9
83a90f3159a11f3498a6e370e8f8fabb28b741e1
5a9d652c0bdc8dbae605437e6be57941ac1925a900b078d109b832e4d7d044d9
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/
If-None-Match: "14181701328128387770"
Cache-Control: max-age=0
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 18 Dec 2022 08:30:08 GMT
Expires: Sun, 18 Dec 2022 08:30:08 GMT
Cache-Control: private, max-age=3600
ETag: "17818827353311541688"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
54.230.245.130304 Not Modified 0 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP 54.230.245.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/
If-Modified-Since: Thu, 23 Jun 2022 10:44:43 GMT
If-None-Match: "62b4441b-2c6f"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Sun, 18 Dec 2022 02:14:38 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: __-KKNUhzykOu0tDbg_tiGhWq_UgwXezrb-zNRuGmrt4uduLfTcKRQ==
Age: 22530
www1.daisymedia.com/track.php?domain=daisymedia.com&toggle=browserjs&uid=MTY3MTM1MjIwOC4wNzUzOjY2MDE5MzU5NGYxZDA4ZmVkNGU4MzI4NWFmMDU2MDFhZjUyZmYwODBmNmE4OGYwYmY2NmNjZTcyYWNlZWNjYTc6NjM5ZWNmOTAxMjYyOA%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 www1.daisymedia.com/track.php?domain=daisymedia.com&toggle=browserjs&uid=MTY3MTM1MjIwOC4wNzUzOjY2MDE5MzU5NGYxZDA4ZmVkNGU4MzI4NWFmMDU2MDFhZjUyZmYwODBmNmE4OGYwYmY2NmNjZTcyYWNlZWNjYTc6NjM5ZWNmOTAxMjYyOA%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=daisymedia.com&toggle=browserjs&uid=MTY3MTM1MjIwOC4wNzUzOjY2MDE5MzU5NGYxZDA4ZmVkNGU4MzI4NWFmMDU2MDFhZjUyZmYwODBmNmE4OGYwYmY2NmNjZTcyYWNlZWNjYTc6NjM5ZWNmOTAxMjYyOA%3D%3D HTTP/1.1
Host: www1.daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=17685f9125d24787:T=1671352207:S=ALNI_MaDuIXJUIXTj5qj7E4InABePIUX9A
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 08:30:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.daisymedia.com/ls.php
76.223.26.96201 Created 0 B URL HTTP/1.1 www1.daisymedia.com/ls.php
IP 76.223.26.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
POST /ls.php HTTP/1.1
Host: www1.daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 3090
Origin: http://www1.daisymedia.com
Connection: keep-alive
Referer: http://www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=17685f9125d24787:T=1671352207:S=ALNI_MaDuIXJUIXTj5qj7E4InABePIUX9A; GoogleAdServingTest=Good
Cache-Control: max-age=0
HTTP/1.1 201 Created
Date: Sun, 18 Dec 2022 08:30:09 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 639ecf91ecef61798f4dca90
Charset: utf-8
Access-Control-Allow-Origin: http://www1.daisymedia.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Hl3KkfgHm9J279zlls3Dw/DzBQMvxEjPFqxIHT7tDg6yFlyoY7Fyqs3g8oRTPFeuzFBWxgg3go6NmlYBMCRb2w==
www1.daisymedia.com/track.php?domain=daisymedia.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MTM1MjIwOC4wNzUzOjY2MDE5MzU5NGYxZDA4ZmVkNGU4MzI4NWFmMDU2MDFhZjUyZmYwODBmNmE4OGYwYmY2NmNjZTcyYWNlZWNjYTc6NjM5ZWNmOTAxMjYyOA%3D%3D
76.223.26.96200 OK 20 B URL HTTP/1.1 www1.daisymedia.com/track.php?domain=daisymedia.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MTM1MjIwOC4wNzUzOjY2MDE5MzU5NGYxZDA4ZmVkNGU4MzI4NWFmMDU2MDFhZjUyZmYwODBmNmE4OGYwYmY2NmNjZTcyYWNlZWNjYTc6NjM5ZWNmOTAxMjYyOA%3D%3D
IP 76.223.26.96:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=daisymedia.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MTM1MjIwOC4wNzUzOjY2MDE5MzU5NGYxZDA4ZmVkNGU4MzI4NWFmMDU2MDFhZjUyZmYwODBmNmE4OGYwYmY2NmNjZTcyYWNlZWNjYTc6NjM5ZWNmOTAxMjYyOA%3D%3D HTTP/1.1
Host: www1.daisymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.daisymedia.com/?tm=1&subid4=1671352206.0340000000&KW1=Social%20Media%20Automation%20Marketing%20Software&KW2=Social%20Media%20Automation%20Marketing%20Software&KW3=Lowest%20Car%20Insurance%20Rates&KW4=B2B%20Travel%20Booking%20System&KW5=B2B%20Travel%20Booking%20System&KW6=Lowest%20Car%20Insurance%20Rates&KW7=Elite%20Dating%20Service&KW8=Dedicated%20Gaming%20Servers&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=17685f9125d24787:T=1671352207:S=ALNI_MaDuIXJUIXTj5qj7E4InABePIUX9A
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 08:30:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip