Report - fieldrep101.com/wp-admin/uq/index.html

Report Overview

Submitted URL
fieldrep101.com/wp-admin/uq/index.html
IP
192.232.216.140
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-01-31 15:20:09
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.dcocsp.cn	33518	2018-11-07T14:15:36Z	2023-03-13T06:54:43Z	338 B	951 B	79.133.176.228
www.made-in-china.com	95945	2012-05-30T17:33:15Z	2023-03-13T05:31:05Z	484 B	1.5 kB	104.18.30.240
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	706 B	1.7 kB	142.250.74.98
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	481 B	578 B	142.250.74.67
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	612 B	349 B	157.240.205.35
fieldrep101.com	unknown	2015-06-12T10:50:17Z	2023-01-31T14:15:17Z	3.4 kB	116 kB	192.232.216.140
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	2.0 kB	3.8 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	63 kB	34.120.237.76
fa.micstatic.com	153248	2020-03-25T06:07:14Z	2023-03-13T05:31:05Z	5.8 kB	1.7 kB	104.18.25.206
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	1.2 kB	21 kB	216.58.207.206
bat.bing.com	387	2014-04-08T11:23:16Z	2023-03-13T05:09:15Z	1.5 kB	13 kB	13.107.21.200
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	373 B	29 kB	157.240.205.11
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	603 B	594 B	173.194.73.154
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
region1.analytics.google.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:11:52Z	799 B	446 B	216.239.34.36
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.164.184.133
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.4 kB	4.9 kB	142.250.74.131
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	686 B	641 B	142.250.74.164
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-13T07:25:00Z	394 B	917 B	188.114.98.234
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
www.micstatic.com	120170	2015-07-22T23:43:48Z	2023-03-13T05:31:05Z	2.7 kB	189 kB	104.18.21.229
stackpath.bootstrapcdn.com	2467	2018-06-15T22:36:43Z	2023-03-13T07:25:30Z	397 B	917 B	104.18.10.207
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	fieldrep101.com/wp-admin/uq/index.html	Made-In-China

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	fieldrep101.com/wp-admin/uq/index.html	Phishing
2023-01-31	medium	fieldrep101.com/wp-admin/uq/js/jquery-3.3.1.js	Malware
2023-01-31	medium	fieldrep101.com/wp-admin/uq/js/jquery-3.2.1.slim.min.js	Malware
2023-01-31	medium	fieldrep101.com/wp-admin/uq/js/popper.min.js	Malware
2023-01-31	medium	fieldrep101.com/wp-admin/uq/js/jquery.min.js	Malware
2023-01-31	medium	fieldrep101.com/wp-admin/uq/js/jquery-3.1.1.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	fieldrep101.com/wp-admin/uq/js/jquery-3.1.1.min.js	87 kB	2023-03-07	2024-04-18
Pretty URL fieldrep101.com/wp-admin/uq/js/jquery-3.1.1.min.js IP 192.232.216.140 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-18 07:48:53 Times Seen420 Hash c0824025d4496be6a20e1ee0e465b15e 543cc3ba239e701d1e7aa91dee559c67e25763ef e65e86fddc1b72935d9b37afd5e5589ca9ee4eecf1878acb3ab8a6074ffdf64d Loading...

	fieldrep101.com/wp-admin/uq/index.html	4.2 kB	2023-03-07	2024-04-18
Pretty URL fieldrep101.com/wp-admin/uq/index.html IP 192.232.216.140 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-18 07:48:52 Times Seen210 Hash 249cd4ac7d9f2218d937a6df51656f1c 10cca701fe98e14448b3fb0bfe1bd56b7c7860d4 4967494754818ef2e325bd555b126362ae96d6ee5f46fb502ce2f3c41aa1fcce Loading...

	bat.bing.com/bat.js	39 kB	2023-03-13	2023-03-13
Pretty URL bat.bing.com/bat.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:50:15 Last Seen2023-03-13 21:23:27 Times Seen1 Hash 3ff865664fc44419d669771710881ad2 95d761ecc052c417338a0ec1aa671bfddbb8a895 098e64c7f58e7ca907a6f4cb7a3f3a8d1422204409932406f51d56ec4ec27e1f Loading...

	bat.bing.com/p/action/13001299.js	0 B	2023-03-07	2024-04-23
Pretty URL bat.bing.com/p/action/13001299.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 10:56:42 Times Seen37018707 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	51 kB	2023-03-07	2024-04-23
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-23 10:54:06 Times Seen243063 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	www.made-in-china.com/faw-store.html	1.3 kB	2023-03-07	2023-04-05
Pretty URL www.made-in-china.com/faw-store.html IP 104.18.30.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2023-04-05 02:01:11 Times Seen31 Hash b9499081fdda5abcccaf45ded37dea11 0e4a72d1fa8e1f868df6c11cd68ab904d59653dd 2c52a305241ca743835be48315d9913e2d3857e826a9c5a8a74bec0157907e21 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-T39J99&r=1634120031144	272 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-T39J99&r=1634120031144 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:24:07 Last Seen2023-03-13 13:24:07 Times Seen1 Hash 160be23af4b28b9af99c7ba1e123c6c5 e5336a00442324ecadd31c3acea1aadb6ef28a7c c285b3fafca40d810429a2688255c7fc3d4acae1f5036bb33eee7db037af1f8a Loading...

	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-13	2023-11-17
Pretty URL connect.facebook.net/en_US/fbevents.js IP 157.240.205.11 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:47:19 Last Seen2023-11-17 16:32:25 Times Seen5 Hash beca88e7d9125b63f58be285031b0930 08cda009ebdf601f0ffe06b0ee3065fff2fb105b c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-23
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 188.114.98.234 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-23 08:20:17 Times Seen136293 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	www.googletagmanager.com/gtag/js?id=G-VEFCZRQMG4&l=dataLayer&cx=c	238 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-VEFCZRQMG4&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:24:07 Last Seen2023-03-13 13:24:07 Times Seen1 Hash 0071d3b9cf1c88205fa6a2b8dcef20e6 8576626ae160bec0709cee0b5903f4245b0af595 91b32b460b2ee729f17e358ecf16f91fd7c75a7b7edaa0413b31fa187f951ebe Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/731984560/?random=1675178418262&cv=11&fst=1675178418262&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&auid=1249950847.1675178418&rfmt=3&fmt=4	2.0 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/731984560/?random=1675178418262&cv=11&fst=1675178418262&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&auid=1249950847.1675178418&rfmt=3&fmt=4 IP 142.250.74.98 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:24:07 Last Seen2023-03-13 13:24:07 Times Seen1 Hash 34dbf9382021456e8fcd5c1142267909 942ac1e8e7ed119138d339be1f2655ec31a58eae 0fb85b4cf8ae9db1d18ae79c2f119e5455338c310a1dbde8dfbc4691da462f91 Loading...

	connect.facebook.net/signals/config/2037053586588160?v=2.9.95&r=stable	386 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/signals/config/2037053586588160?v=2.9.95&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:24:07 Last Seen2023-03-13 15:25:52 Times Seen1 Hash 0d8aba6f2e0a663f9ed478a7221f78c6 e3bd69bba5f72c5cef0e9027e804079b13f5998d d32f9b3ccd39198c63f87837083187577c04679d02d3a5ff6634637e0ca0b00c Loading...

	fieldrep101.com/wp-admin/uq/index.html	3.9 kB	2023-03-07	2023-04-05
Pretty URL fieldrep101.com/wp-admin/uq/index.html IP 192.232.216.140 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2023-04-05 02:01:11 Times Seen23 Hash f34e88cd7daba7171812c4fd33b47e94 3eed4cdbf99a78d068e0096e515210508fc1079a c28bb3aa503150dce87c87496492a4840a03730909bff6195d20daa57fce4ad3 Loading...

	fieldrep101.com/wp-admin/uq/js/jquery-3.2.1.slim.min.js	110 kB	2023-03-13	2023-03-13
Pretty URL fieldrep101.com/wp-admin/uq/js/jquery-3.2.1.slim.min.js IP 192.232.216.140 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:24:07 Last Seen2023-03-13 13:24:07 Times Seen1 Hash 22ae49a3eb9da671251856775733c9d6 ac6cdebe210be2b700678a2865bc1a7adc84da9d 316f4439524402e17d6a81d673dce62b14a9eac4297eb1ff267ad6c1ba2b814d Loading...

	fieldrep101.com/wp-admin/uq/index.html	627 B	2023-03-07	2024-04-21
Pretty URL fieldrep101.com/wp-admin/uq/index.html IP 192.232.216.140 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-21 18:23:38 Times Seen504 Hash f8ecd4d7fd8da5baf55337d6790e0fac d6e502a27fe637b7f06df2d4ca39670e0a5c4bc0 5ab917714cb496bdba1ad47213a9aabd9147bba19c7eff0ddf7e46b4aa1ec1e7 Loading...

	www.micstatic.com/common/js/libs/faw/faw.1.0.0.js?r=1634120031144	12 kB	2023-03-07	2024-04-18
Pretty URL www.micstatic.com/common/js/libs/faw/faw.1.0.0.js?r=1634120031144 IP 104.18.21.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-18 07:48:52 Times Seen339 Hash 95467c965832dc00267d2a325d82c001 29bf7b62fa29d3ecbde481d61b756367dddfec5d a1c95b6fb809e633322e011fe013c565faeb61264527ce028d53387fba3b4924 Loading...

	pylon.micstatic.com/gb/js/assets/probe/probe.min.js?r=1634120031144	38 kB	2023-03-09	2023-03-13
Pretty URL pylon.micstatic.com/gb/js/assets/probe/probe.min.js?r=1634120031144 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:33:51 Last Seen2023-03-13 18:54:06 Times Seen1 Hash b831237fffa5ea8137b63bcf29bbb567 dda3021bbcf58b3c7fe009155f017e5ee2b44236 5a19aa650fcd2a79f503b6dd8dec11a6fa4bd70d94822bc0d0b8bc02253b78ff Loading...

	www.micstatic.com/common/js/libs/sensors/sensorsdata.min-1.15.13_faw.js?r=1634120031144	85 kB	2023-03-07	2024-04-18
Pretty URL www.micstatic.com/common/js/libs/sensors/sensorsdata.min-1.15.13_faw.js?r=1634120031144 IP 104.18.21.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-18 07:48:53 Times Seen155 Hash c727cdcf1f851383293dfa1bff462722 ada0c63651e642891f4fd5905eefcf28d3ad4baf 40707e9d2cf9581ad9fcc531e1626245a63ae9d25e8e9df268b9bc2106683653 Loading...

	fieldrep101.com/wp-admin/uq/index.html	423 B	2023-03-07	2024-04-18
Pretty URL fieldrep101.com/wp-admin/uq/index.html IP 192.232.216.140 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-18 07:48:52 Times Seen209 Hash 8a09c565a275efe2ce5842ab478db31e 99b6847a2eb4bbda95e8e012628c0d7c0f616124 906d76ac0dcec17f85e4b663f14d199e7ddd704bbf3c30cd01b7e766db0ef2e7 Loading...

	www.micstatic.com/common/js/business/global/sensors_track.js?r=1634120031144&r=1634120031144	43 kB	2023-03-07	2023-08-21
Pretty URL www.micstatic.com/common/js/business/global/sensors_track.js?r=1634120031144&r=1634120031144 IP 104.18.21.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2023-08-21 13:26:16 Times Seen97 Hash 822ea3240b208f1f999f7b310a5822a5 45770ed738c820889f01b765d69ddb7fa11e0150 2d5936bdf065891a6b78defc315eaefd9c44360668642651b69341b23d13433f Loading...

	fieldrep101.com/wp-admin/uq/js/jquery.min.js	86 kB	2023-03-07	2024-04-22
Pretty URL fieldrep101.com/wp-admin/uq/js/jquery.min.js IP 192.232.216.140 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-22 18:59:57 Times Seen886 Hash bceabde9d4ba653fd1f4bb171bff0c01 c8cdd4f8e91a77cddbc6d9ce8d5f302c52d74b6f 7496a1a9d658f14a47f7ee8dfa70840e47efa61b55b02cda8b316b0fc8dcc2c5 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 216.58.207.206 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4d12a11d93617efa27441f47869d156d	401 B	2023-03-07	2024-04-22
Pretty Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-22 18:59:57 Times Seen623 Hash 4d12a11d93617efa27441f47869d156d 70dd822485874fe16f334468bfffe5dad153abbd 91c16639d04eaf68a0a87c022519be74068014b8ace744930ec7727afa2fa41d Loading...

	#2 Eval - 8e535fdc93d8214dc44f3555fb9b7430	232 B	2023-03-07	2023-06-26
Pretty Observations First Seen2023-03-07 12:02:41 Last Seen2023-06-26 03:19:43 Times Seen99 Hash 8e535fdc93d8214dc44f3555fb9b7430 656c3b48682e3158985a8c4101ebe29158ec0e79 deaf1dce980857d82e49407063fc48aad4b2fb87e45f46b4c81aaf02fff1075a Loading...

	#3 Eval - 8c6111627570105b72c66ae4a136ad6c	232 B	2023-03-07	2023-06-26
Pretty Observations First Seen2023-03-07 12:02:41 Last Seen2023-06-26 03:19:43 Times Seen99 Hash 8c6111627570105b72c66ae4a136ad6c 6b7122f256493ff4b4288c01b1766b772797be96 e1ecbf397014aadd393ea098a3d9c9e4f2e75fc8d2466ee3823302b0855e3afd Loading...

	#4 Eval - 5f06f61cf6ac55db29f1bfd302257331	232 B	2023-03-07	2023-06-26
Pretty Observations First Seen2023-03-07 12:02:41 Last Seen2023-06-26 03:19:43 Times Seen99 Hash 5f06f61cf6ac55db29f1bfd302257331 78de01e817370cb8310801e2f66be0d33099f82c 7d700ca9f03f467b4a3f58a598871f71c4bc8ae368b6a986e41b3e6584670165 Loading...

HTTP Transactions (69)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6205
Expires: Tue, 31 Jan 2023 17:03:23 GMT
Date: Tue, 31 Jan 2023 15:19:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18718
Expires: Tue, 31 Jan 2023 20:31:56 GMT
Date: Tue, 31 Jan 2023 15:19:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 14:43:17 GMT
content-type: application/json
age: 2201
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4981
Expires: Tue, 31 Jan 2023 16:42:59 GMT
Date: Tue, 31 Jan 2023 15:19:58 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: UUibIB0NgaWaiGp9BjIe/n2z0SVGVWhoxh2SRjwIj8Gnff7QjklG+jxyjozNlZt24/2EB2Hspys=
x-amz-request-id: 892YMQNTR82JRV7D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 14:51:12 GMT
age: 1726
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 15:19:58 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4b7b3057ac2a630cb21e3a802099f94c
e0415bfe06f9c38ea7d0045c6f0f11f2a1da5dfd
fe5638d4038321de99e7a9a5d9b0a6742af4f36feae33a5da988e4c567170e0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE5638D4038321DE99E7A9A5D9B0A6742AF4F36FEAE33A5DA988E4C567170E0D"
Last-Modified: Mon, 30 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 31 Jan 2023 21:19:58 GMT
Date: Tue, 31 Jan 2023 15:19:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 14:49:04 GMT
age: 1854
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

fieldrep101.com/wp-admin/uq/index.html

192.232.216.140

200 OK

5.8 kB

URL HTTP/2
fieldrep101.com/wp-admin/uq/index.html
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (4278), with CRLF line terminators
Size
5.8 kB (5786 bytes)
Hash
3a21a349051115675eaa982f7fc4c059
960a0db04b6f3d70f3d7a9132398fc6ec3d24fbe
c270d59e56b7de95323e857b8934680a915c38856049372e7853096edb74d677

Detections

Analyzer	Verdict	Alert
openphish	Made-In-China
fortinet	Phishing

HTTP Headers

GET /wp-admin/uq/index.html HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
last-modified: Tue, 31 Jan 2023 01:03:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5786
content-type: text/html
date: Tue, 31 Jan 2023 15:19:58 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16196
Expires: Tue, 31 Jan 2023 19:49:55 GMT
Date: Tue, 31 Jan 2023 15:19:59 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3075
Cache-Control: max-age=130818
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:19:59 GMT
Etag: "63d8819e-118"
Expires: Thu, 02 Feb 2023 03:40:17 GMT
Last-Modified: Tue, 31 Jan 2023 02:49:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6451
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:19:59 GMT
Last-Modified: Tue, 31 Jan 2023 13:32:28 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3075
Cache-Control: max-age=130818
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:19:59 GMT
Etag: "63d8819e-118"
Expires: Thu, 02 Feb 2023 03:40:17 GMT
Last-Modified: Tue, 31 Jan 2023 02:49:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6451
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:19:59 GMT
Last-Modified: Tue, 31 Jan 2023 13:32:28 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280

push.services.mozilla.com/

35.164.184.133

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.164.184.133:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YjG3ZOrSr0IsxdEGeHP5jA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ke7783jErlhkQxk8G1RYKM/GNWU=

fieldrep101.com/wp-admin/uq/js/jquery-3.3.1.js

192.232.216.140

200 OK

8.6 kB

URL HTTP/2
fieldrep101.com/wp-admin/uq/js/jquery-3.3.1.js
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11315), with CRLF line terminators
Size
8.6 kB (8630 bytes)
Hash
f147c47f24cea57ba71b885e54d15468
2beab8e912354f4c5e0d009045fb6a46dfc2b8d2
41f563229752489979f175e323dbad4c10627af635b82fae3fb8612fd2443e6c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-admin/uq/js/jquery-3.3.1.js HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/wp-admin/uq/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 31 Jan 2023 01:03:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8630
content-type: application/javascript
date: Tue, 31 Jan 2023 15:19:59 GMT
server: Apache
X-Firefox-Spdy: h2

fieldrep101.com/wp-admin/uq/js/jquery-3.2.1.slim.min.js

192.232.216.140

200 OK

20 kB

URL HTTP/2
fieldrep101.com/wp-admin/uq/js/jquery-3.2.1.slim.min.js
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, Unicode text, UTF-8 text, with very long lines (14507), with CRLF, LF line terminators
Size
20 kB (20481 bytes)
Hash
5be431a5aa50d702ec38c393b5ec1e82
77f75898b50cf59e90aee6293eb6526cc6919985
1d77c4deedc750f17171c0909a41d26ed8b6593ec1b34de0dcb9e378f5938119

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-admin/uq/js/jquery-3.2.1.slim.min.js HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/wp-admin/uq/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 20481
content-type: text/html; charset=UTF-8
date: Tue, 31 Jan 2023 15:19:59 GMT
server: Apache
X-Firefox-Spdy: h2

fieldrep101.com/wp-admin/uq/images/sign-default-buyer.jpg

192.232.216.140

200 OK

59 kB

URL HTTP/2
fieldrep101.com/wp-admin/uq/images/sign-default-buyer.jpg
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3\012- data
Size
59 kB (59332 bytes)
Hash
aad747a416ac43e97070741668013b7d
545d66347ffafc166225f72072fb915ae52b970e
844419cc2fe07888ab11bb6dd264a3d66225851ad62645dfc3044657e9963af3

HTTP Headers

GET /wp-admin/uq/images/sign-default-buyer.jpg HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/wp-admin/uq/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 31 Jan 2023 01:03:35 GMT
accept-ranges: bytes
content-length: 59332
content-type: image/jpeg
date: Tue, 31 Jan 2023 15:19:59 GMT
server: Apache
X-Firefox-Spdy: h2

fieldrep101.com/wp-admin/uq/js/popper.min.js

192.232.216.140

200 OK

20 kB

URL HTTP/2
fieldrep101.com/wp-admin/uq/js/popper.min.js
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, Unicode text, UTF-8 text, with very long lines (14507), with CRLF, LF line terminators
Size
20 kB (20481 bytes)
Hash
5be431a5aa50d702ec38c393b5ec1e82
77f75898b50cf59e90aee6293eb6526cc6919985
1d77c4deedc750f17171c0909a41d26ed8b6593ec1b34de0dcb9e378f5938119

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-admin/uq/js/popper.min.js HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/wp-admin/uq/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 20481
content-type: text/html; charset=UTF-8
date: Tue, 31 Jan 2023 15:19:59 GMT
server: Apache
X-Firefox-Spdy: h2

www.micstatic.com/common/img/logo-2019/logo_d0822075.png?v=2

104.18.21.229

200 OK

4.6 kB

URL HTTP/2
www.micstatic.com/common/img/logo-2019/logo_d0822075.png?v=2
IP
104.18.21.229:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 257 x 47, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4621 bytes)
Hash
b173e18fb61eb3d489bfad3b2ea570fe
71703d796c502703619ec696e447c937f700b605
488ea251bdaf29ab45c94699fef89ad3368bfef0c0f24b671dcbefd4e474679d

HTTP Headers

GET /common/img/logo-2019/logo_d0822075.png?v=2 HTTP/1.1
Host: www.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:00 GMT
content-type: image/png
content-length: 4621
last-modified: Wed, 16 Jun 2021 11:14:07 GMT
etag: "60c9dcff-120d"
expires: Fri, 28 Jan 2033 15:20:00 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 328655
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79236dc81bc6b4f1-OSL
X-Firefox-Spdy: h2

www.micstatic.com/common/font/Roboto/400-regular/Roboto-Regular_c0bdb222.woff2

104.18.21.229

200 OK

20 kB

URL HTTP/2
www.micstatic.com/common/font/Roboto/400-regular/Roboto-Regular_c0bdb222.woff2
IP
104.18.21.229:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 19832, version 2.8978\012- data
Size
20 kB (19832 bytes)
Hash
ed2022705048507e5995ee72717e7fd4
570864c3bccc3e0e203fdd67be3cf850387faefb
e7f4f778ddb41b7be2d20810bb560acee79da55ed5d3eeac12f2bb8948f4453a

HTTP Headers

GET /common/font/Roboto/400-regular/Roboto-Regular_c0bdb222.woff2 HTTP/1.1
Host: www.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fieldrep101.com
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:00 GMT
content-type: font/woff2
content-length: 19832
last-modified: Wed, 16 Jun 2021 11:14:08 GMT
etag: "60c9dd00-4d78"
expires: Fri, 28 Jan 2033 15:20:00 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79236dc80bbeb4f1-OSL
X-Firefox-Spdy: h2

www.micstatic.com/common/font/micon/micon-2/micon_3425a96d.woff2?v=20201103

104.18.21.229

200 OK

26 kB

URL HTTP/2
www.micstatic.com/common/font/micon/micon-2/micon_3425a96d.woff2?v=20201103
IP
104.18.21.229:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 25720, version 1.0\012- data
Size
26 kB (25720 bytes)
Hash
90c821175fe52b5e89497d4249dce3b6
0bbacc3050dcf88f37fd6042a6719f83ba6ad83a
18a097b5625eaee94db4a26223016d2f31b7b5f5529bc599ea183f551e5c13d3

HTTP Headers

GET /common/font/micon/micon-2/micon_3425a96d.woff2?v=20201103 HTTP/1.1
Host: www.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fieldrep101.com
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:00 GMT
content-type: font/woff2
content-length: 25720
last-modified: Tue, 07 Jun 2022 11:17:37 GMT
etag: "629f33d1-6478"
expires: Fri, 28 Jan 2033 15:20:00 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79236dc81bc9b4f1-OSL
X-Firefox-Spdy: h2

www.micstatic.com/common/js/libs/faw/faw.1.0.0.js?r=1634120031144

104.18.21.229

200 OK

24 kB

URL HTTP/2
www.micstatic.com/common/js/libs/faw/faw.1.0.0.js?r=1634120031144
IP
104.18.21.229:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
24 kB (23873 bytes)
Hash
8d3c533d286ea292a4ca21d396b9cae1
495ab17a70655400e42a7265d770c0e476602321
ca047a30d120588641693c9ff4a0baf1534bf7cd7cf966de9014b57848cef0b2

HTTP Headers

GET /common/js/libs/faw/faw.1.0.0.js?r=1634120031144 HTTP/1.1
Host: www.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:00 GMT
content-type: application/javascript
last-modified: Fri, 10 Sep 2021 13:44:55 GMT
etag: W/"613b6157-3042"
expires: Fri, 28 Jan 2033 15:20:00 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 4203
vary: Accept-Encoding
server: cloudflare
cf-ray: 79236dc80bbfb4f1-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11873
Expires: Tue, 31 Jan 2023 18:37:53 GMT
Date: Tue, 31 Jan 2023 15:20:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11873
Expires: Tue, 31 Jan 2023 18:37:53 GMT
Date: Tue, 31 Jan 2023 15:20:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11873
Expires: Tue, 31 Jan 2023 18:37:53 GMT
Date: Tue, 31 Jan 2023 15:20:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9987 bytes)
Hash
2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gif_csWkacU59D_hnOrJpK6u2aPI8Ylf2JyQEJZ2RLNMCrXSmmMa9w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:56:35 GMT
age: 48205
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5903 bytes)
Hash
42a648f9d34d8fb703f0b80a52e0deec
7ccefd66211d249ae5266c3b6ae3375a19e5cb6d
a57f8792e8caa2a31045a141d019f53f51b633d5d04baebdae97387740c6639d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5903
x-amzn-requestid: f6fca787-17c1-4edd-9ab0-a00e2fccc7a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboufGeSoAMF-1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d487f6-58be6bdc5e3e767e1ea47b86;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tAR5c5rQD0h5YZ6TU8pZKhUFUf5d0-l794EaYnwwkts3QXPhdYm6vA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:03:25 GMT
age: 65795
etag: "7ccefd66211d249ae5266c3b6ae3375a19e5cb6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11129 bytes)
Hash
2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:50:52 GMT
age: 41348
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13853 bytes)
Hash
d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUGjUSIkoacdmaO1jnMwIuNMONhjyVfAIcTQ3B5d5da_g9eEnCtW7g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:17 GMT
age: 63103
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6844 bytes)
Hash
976dda397f9292a498ca9db5599c0378
dad9e9c3462907a2475046aee36d57f8309cd44e
7ed9ccf2ff75ca53f5ba56a1d2127e0f09b0ae941cad8b042e8df01ad01e614b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6844
x-amzn-requestid: 0542cf46-5045-459f-a35f-f6c0d3f5f7b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flZsxH0YIAMF9ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86feb-692d50f710a131df2ee49aa8;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oLMUuQVwUyKMuYAvTkA4wlVDb3-kZjStTJFfUZRb7JwKcK11waY0kQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:42:39 GMT
age: 49041
etag: "dad9e9c3462907a2475046aee36d57f8309cd44e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8558 bytes)
Hash
e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R29JYq4Z8V_Xuq2no0bKxk1K6h2PmTO5OSxzMa4zppDVk3j9rO9aTw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:24:36 GMT
age: 42924
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.dcocsp.cn/

79.133.176.228

200 OK

471 B

URL HTTP/1.1
ocsp.dcocsp.cn/
IP
79.133.176.228:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
a0b7d2ad43b37795c160829827a0a590
fa043ae150e0ca2d1164cb0b829a55dc2c5d3395
ff4a4e2599452ef5e3bd6642d244fd19f1310f9ddfd3d91d3ac24f70fc72578d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Tue, 31 Jan 2023 15:09:00 GMT
Ali-Swift-Global-Savetime: 1675177740
Via: cache21.l2de2[0,0,200-0,H], cache12.l2de2[0,0], cache3.gb1[0,0,200-0,H], cache3.gb1[1,0]
Age: 660
X-Cache: HIT TCP_MEM_HIT dirn:10:331323572
X-Swift-SaveTime: Tue, 31 Jan 2023 15:11:42 GMT
X-Swift-CacheTime: 3438
Timing-Allow-Origin: *
EagleId: 4f85b09716751784007542621e

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.micstatic.com/common/js/libs/sensors/sensorsdata.min-1.15.13_faw.js?r=1634120031144

104.18.21.229

200 OK

113 kB

URL HTTP/2
www.micstatic.com/common/js/libs/sensors/sensorsdata.min-1.15.13_faw.js?r=1634120031144
IP
104.18.21.229:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
113 kB (112740 bytes)
Hash
23ba27bd52f84fed5a05240835303339
b70fe6eb4236e3cd5850f82613962a87602741f7
1fa6235b67ae0ae3778533d8e0ba92bc47ee42cba107d3327b856a0237dd66f7

HTTP Headers

GET /common/js/libs/sensors/sensorsdata.min-1.15.13_faw.js?r=1634120031144 HTTP/1.1
Host: www.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:00 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 09:19:47 GMT
etag: W/"612f45b3-1461f"
expires: Fri, 28 Jan 2033 15:20:00 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 291167
vary: Accept-Encoding
server: cloudflare
cf-ray: 79236dcd1bf0b4f1-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d3ed942c34fca403c3b0ba0cc6e945ba
c591aab8dd289349ecf12159c2e2bae572491e83
dc7a2b9c7134c12fb997792cb851be14838c846cfc84fd3d05eee8ba401b365d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC7A2B9C7134C12FB997792CB851BE14838C846CFC84FD3D05EEE8BA401B365D"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Tue, 31 Jan 2023 16:05:30 GMT
Date: Tue, 31 Jan 2023 15:20:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d3ed942c34fca403c3b0ba0cc6e945ba
c591aab8dd289349ecf12159c2e2bae572491e83
dc7a2b9c7134c12fb997792cb851be14838c846cfc84fd3d05eee8ba401b365d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC7A2B9C7134C12FB997792CB851BE14838C846CFC84FD3D05EEE8BA401B365D"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Tue, 31 Jan 2023 16:05:30 GMT
Date: Tue, 31 Jan 2023 15:20:00 GMT
Connection: keep-alive

fa.micstatic.com/probe/map.gif?v=211112&t=a&d=%7Bpub%3A%7Bpuid%3A%221go46k796bbe%22%2Clinkid%3A%221go46k796bbe%22%2Curl%3A%22fieldrep101.com%252Fwp-admin%252Fuq%252Findex.html%22%2Creferrer%3A%22%22%2Cpdr%3A%221%22%2Ctz%3A%220%22%2Clan%3A%22en-US%22%2Cbn%3A%22Firefox%22%2Cnv%3A%22105.0%22%2Con%3A%22Windows%22%2Cov%3A%2210%22%7D%2Ccookies%3A%7B%7D%2Ccore%3A%7Ba%3A%22-1%22%2Cb%3A%22169%22%2Cc%3A%22540%22%2Cd%3A%220%22%2Ce%3A%22188%22%2Cf%3A%222%22%2Cst%3A%22-1%22%2Cg%3A%22939%22%2Ch%3A%221778%22%2Ci%3A%221951%22%2Cj%3A%22-1%22%2Cl%3A%2220%22%2Co%3A%220%22%2Clcp%3A%22-1%22%2Cfcp%3A%221872%22%2Cm%3A%220%22%2Ck%3A%222781%22%2Cp%3A%22362%22%2Cx%3A%7B%7D%2Cs%3A%221280*1024%7C1280*939%22%7D%7D

104.18.25.206

204 No Content

0 B

URL HTTP/2
fa.micstatic.com/probe/map.gif?v=211112&t=a&d=%7Bpub%3A%7Bpuid%3A%221go46k796bbe%22%2Clinkid%3A%221go46k796bbe%22%2Curl%3A%22fieldrep101.com%252Fwp-admin%252Fuq%252Findex.html%22%2Creferrer%3A%22%22%2Cpdr%3A%221%22%2Ctz%3A%220%22%2Clan%3A%22en-US%22%2Cbn%3A%22Firefox%22%2Cnv%3A%22105.0%22%2Con%3A%22Windows%22%2Cov%3A%2210%22%7D%2Ccookies%3A%7B%7D%2Ccore%3A%7Ba%3A%22-1%22%2Cb%3A%22169%22%2Cc%3A%22540%22%2Cd%3A%220%22%2Ce%3A%22188%22%2Cf%3A%222%22%2Cst%3A%22-1%22%2Cg%3A%22939%22%2Ch%3A%221778%22%2Ci%3A%221951%22%2Cj%3A%22-1%22%2Cl%3A%2220%22%2Co%3A%220%22%2Clcp%3A%22-1%22%2Cfcp%3A%221872%22%2Cm%3A%220%22%2Ck%3A%222781%22%2Cp%3A%22362%22%2Cx%3A%7B%7D%2Cs%3A%221280*1024%7C1280*939%22%7D%7D
IP
104.18.25.206:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /probe/map.gif?v=211112&t=a&d=%7Bpub%3A%7Bpuid%3A%221go46k796bbe%22%2Clinkid%3A%221go46k796bbe%22%2Curl%3A%22fieldrep101.com%252Fwp-admin%252Fuq%252Findex.html%22%2Creferrer%3A%22%22%2Cpdr%3A%221%22%2Ctz%3A%220%22%2Clan%3A%22en-US%22%2Cbn%3A%22Firefox%22%2Cnv%3A%22105.0%22%2Con%3A%22Windows%22%2Cov%3A%2210%22%7D%2Ccookies%3A%7B%7D%2Ccore%3A%7Ba%3A%22-1%22%2Cb%3A%22169%22%2Cc%3A%22540%22%2Cd%3A%220%22%2Ce%3A%22188%22%2Cf%3A%222%22%2Cst%3A%22-1%22%2Cg%3A%22939%22%2Ch%3A%221778%22%2Ci%3A%221951%22%2Cj%3A%22-1%22%2Cl%3A%2220%22%2Co%3A%220%22%2Clcp%3A%22-1%22%2Cfcp%3A%221872%22%2Cm%3A%220%22%2Ck%3A%222781%22%2Cp%3A%22362%22%2Cx%3A%7B%7D%2Cs%3A%221280*1024%7C1280*939%22%7D%7D HTTP/1.1
Host: fa.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Tue, 31 Jan 2023 15:20:01 GMT
timing-allow-origin: *, *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79236dce2afbb512-OSL
X-Firefox-Spdy: h2

104.18.25.206

200 OK

43 B

URL HTTP/2
fa.micstatic.com/sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJGZpcnN0X3Zpc2l0X3RpbWUiOiIyMDIzLTAxLTMxIDE1OjIwOjE4LjExNCIsIiRmaXJzdF9yZWZlcnJlciI6IiIsIiRmaXJzdF9icm93c2VyX2xhbmd1YWdlIjoiZW4tVVMiLCIkZmlyc3RfYnJvd3Nlcl9jaGFyc2V0IjoiR0JLIiwiJGZpcnN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkZmlyc3Rfc2VhcmNoX2tleXdvcmQiOiLpj4jugYTlvYfpjZLmnb%2Figqzns63pkKnlrZjluLTpjrXmkrPntJEifSwiYW5vbnltb3VzX2lkIjoiMTg2MDg2YTFmYmE0MTUtMGE3YzU3NTIwZmFjY2MtYzUwNTQyNS0xMzEwNzIwLTE4NjA4NmExZmJiNDExIiwidHlwZSI6InByb2ZpbGVfc2V0X29uY2UiLCJfdHJhY2tfaWQiOjcxMzY2ODExNX0%3D&ext=crc%3D-1154198569
IP
104.18.25.206:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJGZpcnN0X3Zpc2l0X3RpbWUiOiIyMDIzLTAxLTMxIDE1OjIwOjE4LjExNCIsIiRmaXJzdF9yZWZlcnJlciI6IiIsIiRmaXJzdF9icm93c2VyX2xhbmd1YWdlIjoiZW4tVVMiLCIkZmlyc3RfYnJvd3Nlcl9jaGFyc2V0IjoiR0JLIiwiJGZpcnN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkZmlyc3Rfc2VhcmNoX2tleXdvcmQiOiLpj4jugYTlvYfpjZLmnb%2Figqzns63pkKnlrZjluLTpjrXmkrPntJEifSwiYW5vbnltb3VzX2lkIjoiMTg2MDg2YTFmYmE0MTUtMGE3YzU3NTIwZmFjY2MtYzUwNTQyNS0xMzEwNzIwLTE4NjA4NmExZmJiNDExIiwidHlwZSI6InByb2ZpbGVfc2V0X29uY2UiLCJfdHJhY2tfaWQiOjcxMzY2ODExNX0%3D&ext=crc%3D-1154198569 HTTP/1.1
Host: fa.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:01 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 28 Sep 1970 05:00:00 GMT
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79236dce2b02b512-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
aec352657815f12ffe0688a87de78b38
b1567e7c98a2fa6f5ac301ca5cbb3c3a3c887c8e
7c4140541f1afab3e549aaa11ce0014d01d16036e69da9c41a92b8dd8da7b314

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5319
Cache-Control: max-age=145313
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:01 GMT
Etag: "63d8b17b-1d7"
Expires: Thu, 02 Feb 2023 07:41:54 GMT
Last-Modified: Tue, 31 Jan 2023 06:13:15 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

216.58.207.206

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.58.207.206:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 31 Jan 2023 13:46:59 GMT
expires: Tue, 31 Jan 2023 15:46:59 GMT
cache-control: public, max-age=7200
age: 5582
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bat.bing.com/bat.js

13.107.21.200

200 OK

12 kB

URL HTTP/2
bat.bing.com/bat.js
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (39395), with no line terminators
Size
12 kB (11552 bytes)
Hash
4f378a725368a42971cd69e29f75db89
2a1cdf193b346d9281c6e04a9b3775e7fc1ae11e
6a2a9d238501343cb3f25e0f54f4ecc4ec2c4e0fa6b228cc72dc3fff90502078

HTTP Headers

GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11552
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ranges: bytes
etag: "076bc30652fd91:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F3EC7C6E387F41378DA073A42B522248 Ref B: OSL30EDGE0321 Ref C: 2023-01-31T15:20:01Z
date: Tue, 31 Jan 2023 15:20:01 GMT
X-Firefox-Spdy: h2

www.made-in-china.com/faw-store.html

104.18.30.240

200 OK

1.1 kB

URL HTTP/2
www.made-in-china.com/faw-store.html
IP
104.18.30.240:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.1 kB (1075 bytes)
Hash
39211775b5fef44b9362d7c5d5f7359b
3c93a34502760de83f99440bb237673ece2f96c9
dfa81071851ffbc5faf86acab054af5779b37574ac582acddfcf052ec7f05e13

HTTP Headers

GET /faw-store.html HTTP/1.1
Host: www.made-in-china.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:00 GMT
content-type: text/html
last-modified: Thu, 28 Oct 2021 09:16:24 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 27436
expires: Tue, 31 Jan 2023 19:20:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 79236dccdfafb509-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/731984560/?random=1675178418262&cv=11&fst=1675178418262&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&auid=1249950847.1675178418&rfmt=3&fmt=4

142.250.74.98

200 OK

937 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/731984560/?random=1675178418262&cv=11&fst=1675178418262&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&auid=1249950847.1675178418&rfmt=3&fmt=4
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1950), with no line terminators
Size
937 B (937 bytes)
Hash
95cc30cae491ae25aecca7748b24982e
9e66b157c139612c1bb6975bd55d64c0a888061b
071f2ccc1dc55c3abb74af4b3ef49a5a6eae0a53b82583e786b78b96194d8349

HTTP Headers

GET /pagead/viewthroughconversion/731984560/?random=1675178418262&cv=11&fst=1675178418262&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&auid=1249950847.1675178418&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:20:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 937
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 15:35:01 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

connect.facebook.net/en_US/fbevents.js

157.240.205.11

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
157.240.205.11:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27843 bytes)
Hash
dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: g3b0+OpHO+KSts196+PXtr+WX+jL0fclEX5DVy9z92uTIbjx0xKDRzNd6iXxr3iccW5kXgvOgNd60Gz+gm55Sw==
content-length: 27843
x-fb-trip-id: 1679558926
date: Tue, 31 Jan 2023 15:20:01 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VEFCZRQMG4&cid=917110132.1675178418&gtm=2oe1p0&aip=1&z=1628652087

142.250.74.67

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VEFCZRQMG4&cid=917110132.1675178418&gtm=2oe1p0&aip=1&z=1628652087
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VEFCZRQMG4&cid=917110132.1675178418&gtm=2oe1p0&aip=1&z=1628652087 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:20:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fa.micstatic.com/sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJHRpbWV6b25lX29mZnNldCI6MCwiJHNjcmVlbl9oZWlnaHQiOjEwMjQsIiRzY3JlZW5fd2lkdGgiOjEyODAsIiRsaWIiOiJqcyIsIiRsaWJfdmVyc2lvbiI6IjEuMTUuMTMiLCIkbGF0ZXN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkbGF0ZXN0X3NlYXJjaF9rZXl3b3JkIjoi6Y%2BI7oGE5b2H6Y2S5p2%2F4oKs57Ot6ZCp5a2Y5bi06Y615pKz57SRIiwiJGxhdGVzdF9yZWZlcnJlciI6IiIsInB2X2lkIjoiMWdvNDZrNzQ5NGRmIiwicGxhdGZvcm1fdHlwZSI6IjEiLCJsYW5ndWFnZSI6IjEiLCJsb2dpbl9pZCI6IiIsIiRyZWZlcnJlciI6IiIsIiR1cmwiOiJodHRwczovL2ZpZWxkcmVwMTAxLmNvbS93cC1hZG1pbi91cS9pbmRleC5odG1sIiwiJHVybF9wYXRoIjoiL3dwLWFkbWluL3VxL2luZGV4Lmh0bWwiLCIkdGl0bGUiOiJNZXNzYWdlcyB8IE1hZGUgbG4gQ2hsbmEiLCIkaXNfZmlyc3RfZGF5Ijp0cnVlLCIkaXNfZmlyc3RfdGltZSI6dHJ1ZSwiJHJlZmVycmVyX2hvc3QiOiIiLCIkbGF0ZXN0X3JlZmVycmVyX2hvc3QiOiIifSwiYW5vbnltb3VzX2lkIjoiMTg2MDg2YTFmYmE0MTUtMGE3YzU3NTIwZmFjY2MtYzUwNTQyNS0xMzEwNzIwLTE4NjA4NmExZmJiNDExIiwidHlwZSI6InRyYWNrIiwiZXZlbnQiOiIkcGFnZXZpZXciLCJfdHJhY2tfaWQiOjg4OTE0ODExN30%3D&ext=crc%3D297368572

104.18.25.206

200 OK

43 B

URL HTTP/2
fa.micstatic.com/sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJHRpbWV6b25lX29mZnNldCI6MCwiJHNjcmVlbl9oZWlnaHQiOjEwMjQsIiRzY3JlZW5fd2lkdGgiOjEyODAsIiRsaWIiOiJqcyIsIiRsaWJfdmVyc2lvbiI6IjEuMTUuMTMiLCIkbGF0ZXN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkbGF0ZXN0X3NlYXJjaF9rZXl3b3JkIjoi6Y%2BI7oGE5b2H6Y2S5p2%2F4oKs57Ot6ZCp5a2Y5bi06Y615pKz57SRIiwiJGxhdGVzdF9yZWZlcnJlciI6IiIsInB2X2lkIjoiMWdvNDZrNzQ5NGRmIiwicGxhdGZvcm1fdHlwZSI6IjEiLCJsYW5ndWFnZSI6IjEiLCJsb2dpbl9pZCI6IiIsIiRyZWZlcnJlciI6IiIsIiR1cmwiOiJodHRwczovL2ZpZWxkcmVwMTAxLmNvbS93cC1hZG1pbi91cS9pbmRleC5odG1sIiwiJHVybF9wYXRoIjoiL3dwLWFkbWluL3VxL2luZGV4Lmh0bWwiLCIkdGl0bGUiOiJNZXNzYWdlcyB8IE1hZGUgbG4gQ2hsbmEiLCIkaXNfZmlyc3RfZGF5Ijp0cnVlLCIkaXNfZmlyc3RfdGltZSI6dHJ1ZSwiJHJlZmVycmVyX2hvc3QiOiIiLCIkbGF0ZXN0X3JlZmVycmVyX2hvc3QiOiIifSwiYW5vbnltb3VzX2lkIjoiMTg2MDg2YTFmYmE0MTUtMGE3YzU3NTIwZmFjY2MtYzUwNTQyNS0xMzEwNzIwLTE4NjA4NmExZmJiNDExIiwidHlwZSI6InRyYWNrIiwiZXZlbnQiOiIkcGFnZXZpZXciLCJfdHJhY2tfaWQiOjg4OTE0ODExN30%3D&ext=crc%3D297368572
IP
104.18.25.206:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJHRpbWV6b25lX29mZnNldCI6MCwiJHNjcmVlbl9oZWlnaHQiOjEwMjQsIiRzY3JlZW5fd2lkdGgiOjEyODAsIiRsaWIiOiJqcyIsIiRsaWJfdmVyc2lvbiI6IjEuMTUuMTMiLCIkbGF0ZXN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkbGF0ZXN0X3NlYXJjaF9rZXl3b3JkIjoi6Y%2BI7oGE5b2H6Y2S5p2%2F4oKs57Ot6ZCp5a2Y5bi06Y615pKz57SRIiwiJGxhdGVzdF9yZWZlcnJlciI6IiIsInB2X2lkIjoiMWdvNDZrNzQ5NGRmIiwicGxhdGZvcm1fdHlwZSI6IjEiLCJsYW5ndWFnZSI6IjEiLCJsb2dpbl9pZCI6IiIsIiRyZWZlcnJlciI6IiIsIiR1cmwiOiJodHRwczovL2ZpZWxkcmVwMTAxLmNvbS93cC1hZG1pbi91cS9pbmRleC5odG1sIiwiJHVybF9wYXRoIjoiL3dwLWFkbWluL3VxL2luZGV4Lmh0bWwiLCIkdGl0bGUiOiJNZXNzYWdlcyB8IE1hZGUgbG4gQ2hsbmEiLCIkaXNfZmlyc3RfZGF5Ijp0cnVlLCIkaXNfZmlyc3RfdGltZSI6dHJ1ZSwiJHJlZmVycmVyX2hvc3QiOiIiLCIkbGF0ZXN0X3JlZmVycmVyX2hvc3QiOiIifSwiYW5vbnltb3VzX2lkIjoiMTg2MDg2YTFmYmE0MTUtMGE3YzU3NTIwZmFjY2MtYzUwNTQyNS0xMzEwNzIwLTE4NjA4NmExZmJiNDExIiwidHlwZSI6InRyYWNrIiwiZXZlbnQiOiIkcGFnZXZpZXciLCJfdHJhY2tfaWQiOjg4OTE0ODExN30%3D&ext=crc%3D297368572 HTTP/1.1
Host: fa.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:01 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 28 Sep 1970 05:00:00 GMT
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79236dcf6c8db512-OSL
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j99&a=1371064363&t=pageview&_s=1&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&ul=en-us&de=GBK&dt=Messages%20%7C%20Made%20ln%20Chlna&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAEABAAAAACAAI~&jid=200696555&gjid=966180729&cid=917110132.1675178418&tid=UA-37452587-1&_gid=1882750315.1675178419&_r=1&_slc=1&gtm=2wg1p0T39J99&z=1403160184

216.58.207.206

200 OK

4 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1371064363&t=pageview&_s=1&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&ul=en-us&de=GBK&dt=Messages%20%7C%20Made%20ln%20Chlna&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAEABAAAAACAAI~&jid=200696555&gjid=966180729&cid=917110132.1675178418&tid=UA-37452587-1&_gid=1882750315.1675178419&_r=1&_slc=1&gtm=2wg1p0T39J99&z=1403160184
IP
216.58.207.206:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

HTTP Headers

POST /j/collect?v=1&_v=j99&a=1371064363&t=pageview&_s=1&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&ul=en-us&de=GBK&dt=Messages%20%7C%20Made%20ln%20Chlna&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAEABAAAAACAAI~&jid=200696555&gjid=966180729&cid=917110132.1675178418&tid=UA-37452587-1&_gid=1882750315.1675178419&_r=1&_slc=1&gtm=2wg1p0T39J99&z=1403160184 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://fieldrep101.com
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://fieldrep101.com
date: Tue, 31 Jan 2023 15:20:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
aec352657815f12ffe0688a87de78b38
b1567e7c98a2fa6f5ac301ca5cbb3c3a3c887c8e
7c4140541f1afab3e549aaa11ce0014d01d16036e69da9c41a92b8dd8da7b314

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2462
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:01 GMT
Last-Modified: Tue, 31 Jan 2023 14:38:59 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
73d6f94eec5f7bf78dc11951011af215
2d7941713a82a83c174bf782b618a6f86a8ab2d7
9de1920abadb3501bcf9f787608807f13a266efea69f12fc811bc7cac14a3552

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bat.bing.com/p/action/13001299.js

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/p/action/13001299.js
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/13001299.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C241DE2AD44C490F8BD3B96B25A2FEF0 Ref B: OSL30EDGE0321 Ref C: 2023-01-31T15:20:01Z
date: Tue, 31 Jan 2023 15:20:01 GMT
X-Firefox-Spdy: h2

bat.bing.com/action/0?ti=13001299&tm=gtm002&Ver=2&mid=7ce1a73b-48ec-4bab-8d25-ef69945c10c8&sid=c55c26c0a17a11ed8f1aa1e0751c3b6a&vid=c55c3770a17a11ed880c19849c451029&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Messages%20%7C%20Made%20ln%20Chlna&p=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&r=&lt=2783&evt=pageLoad&sv=1&rn=843065

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/action/0?ti=13001299&tm=gtm002&Ver=2&mid=7ce1a73b-48ec-4bab-8d25-ef69945c10c8&sid=c55c26c0a17a11ed8f1aa1e0751c3b6a&vid=c55c3770a17a11ed880c19849c451029&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Messages%20%7C%20Made%20ln%20Chlna&p=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&r=&lt=2783&evt=pageLoad&sv=1&rn=843065
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=13001299&tm=gtm002&Ver=2&mid=7ce1a73b-48ec-4bab-8d25-ef69945c10c8&sid=c55c26c0a17a11ed8f1aa1e0751c3b6a&vid=c55c3770a17a11ed880c19849c451029&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Messages%20%7C%20Made%20ln%20Chlna&p=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&r=&lt=2783&evt=pageLoad&sv=1&rn=843065 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2FBF70A1836E69820A65620B8239686D; domain=.bing.com; expires=Sun, 25-Feb-2024 15:20:01 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 02495F422D0E4784982D8B31ED1476EE Ref B: OSL30EDGE0321 Ref C: 2023-01-31T15:20:01Z
date: Tue, 31 Jan 2023 15:20:01 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a327176edf538c07784f9b0da660c22d
4a56cfcac291dfe1cc177bd3eff976f106731834
aae92a95f747be0bca6982ed7e3e58af8ac74ff69c799b55046ab38474e149dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37452587-1&cid=917110132.1675178418&jid=200696555&gjid=966180729&_gid=1882750315.1675178419&_u=YADAAEAAAAAAACAAI~&z=848061471

173.194.73.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37452587-1&cid=917110132.1675178418&jid=200696555&gjid=966180729&_gid=1882750315.1675178419&_u=YADAAEAAAAAAACAAI~&z=848061471
IP
173.194.73.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37452587-1&cid=917110132.1675178418&jid=200696555&gjid=966180729&_gid=1882750315.1675178419&_u=YADAAEAAAAAAACAAI~&z=848061471 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://fieldrep101.com
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://fieldrep101.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 31 Jan 2023 15:20:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/731984560/?random=1675178418262&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&fmt=3&is_vtc=1&random=1383355197&rmt_tld=0&ipr=y

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/731984560/?random=1675178418262&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&fmt=3&is_vtc=1&random=1383355197&rmt_tld=0&ipr=y
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/731984560/?random=1675178418262&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=v7ktCOKJmaMBELDlhN0C&frm=0&url=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&tiba=Messages%20%7C%20Made%20ln%20Chlna&fmt=3&is_vtc=1&random=1383355197&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:20:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a5ff07b9b81cdf319f4a57d8d6dbbd6d
736ae15d0ed2068580d35a7cff8b33c0ec87af52
24406eda914ef8f78e1f60d6b54237ea6311f2fdf54b2b63647d84b397b41de0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 15:20:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.analytics.google.com/g/collect?v=2&tid=G-VEFCZRQMG4&gtm=2oe1p0&_p=1371064363&_gaz=1&cid=917110132.1675178418&ul=en-us&sr=1280x1024&uaW=1&_eu=BA&_s=1&sid=1675178418&sct=1&seg=0&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&dt=Messages%20%7C%20Made%20ln%20Chlna&en=page_view&_fv=1&_ss=1&ep.Page_Hostname=fieldrep101.com&ep.page_URL=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-VEFCZRQMG4&gtm=2oe1p0&_p=1371064363&_gaz=1&cid=917110132.1675178418&ul=en-us&sr=1280x1024&uaW=1&_eu=BA&_s=1&sid=1675178418&sct=1&seg=0&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&dt=Messages%20%7C%20Made%20ln%20Chlna&en=page_view&_fv=1&_ss=1&ep.Page_Hostname=fieldrep101.com&ep.page_URL=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-VEFCZRQMG4&gtm=2oe1p0&_p=1371064363&_gaz=1&cid=917110132.1675178418&ul=en-us&sr=1280x1024&uaW=1&_eu=BA&_s=1&sid=1675178418&sct=1&seg=0&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&dt=Messages%20%7C%20Made%20ln%20Chlna&en=page_view&_fv=1&_ss=1&ep.Page_Hostname=fieldrep101.com&ep.page_URL=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fieldrep101.com
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://fieldrep101.com
date: Tue, 31 Jan 2023 15:20:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fa.micstatic.com/sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJHRpbWV6b25lX29mZnNldCI6MCwiJHNjcmVlbl9oZWlnaHQiOjEwMjQsIiRzY3JlZW5fd2lkdGgiOjEyODAsIiRsaWIiOiJqcyIsIiRsaWJfdmVyc2lvbiI6IjEuMTUuMTMiLCIkbGF0ZXN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkbGF0ZXN0X3NlYXJjaF9rZXl3b3JkIjoi6Y%2BI7oGE5b2H6Y2S5p2%2F4oKs57Ot6ZCp5a2Y5bi06Y615pKz57SRIiwiJGxhdGVzdF9yZWZlcnJlciI6IiIsInB2X2lkIjoiMWdvNDZrNzQ5NGRmIiwicGxhdGZvcm1fdHlwZSI6IjEiLCJsYW5ndWFnZSI6IjEiLCJsb2dpbl9pZCI6IiIsIiRpc19maXJzdF9kYXkiOnRydWUsIiRsYXRlc3RfcmVmZXJyZXJfaG9zdCI6IiIsIiR1cmwiOiJodHRwczovL2ZpZWxkcmVwMTAxLmNvbS93cC1hZG1pbi91cS9pbmRleC5odG1sIn0sImFub255bW91c19pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsInR5cGUiOiJ0cmFjayIsImV2ZW50IjoiZm9ybUFjdGlvbiIsIl90cmFja19pZCI6OTc5NTgxMjR9&ext=crc%3D910722131

104.18.25.206

200 OK

43 B

URL HTTP/2
fa.micstatic.com/sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJHRpbWV6b25lX29mZnNldCI6MCwiJHNjcmVlbl9oZWlnaHQiOjEwMjQsIiRzY3JlZW5fd2lkdGgiOjEyODAsIiRsaWIiOiJqcyIsIiRsaWJfdmVyc2lvbiI6IjEuMTUuMTMiLCIkbGF0ZXN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkbGF0ZXN0X3NlYXJjaF9rZXl3b3JkIjoi6Y%2BI7oGE5b2H6Y2S5p2%2F4oKs57Ot6ZCp5a2Y5bi06Y615pKz57SRIiwiJGxhdGVzdF9yZWZlcnJlciI6IiIsInB2X2lkIjoiMWdvNDZrNzQ5NGRmIiwicGxhdGZvcm1fdHlwZSI6IjEiLCJsYW5ndWFnZSI6IjEiLCJsb2dpbl9pZCI6IiIsIiRpc19maXJzdF9kYXkiOnRydWUsIiRsYXRlc3RfcmVmZXJyZXJfaG9zdCI6IiIsIiR1cmwiOiJodHRwczovL2ZpZWxkcmVwMTAxLmNvbS93cC1hZG1pbi91cS9pbmRleC5odG1sIn0sImFub255bW91c19pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsInR5cGUiOiJ0cmFjayIsImV2ZW50IjoiZm9ybUFjdGlvbiIsIl90cmFja19pZCI6OTc5NTgxMjR9&ext=crc%3D910722131
IP
104.18.25.206:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /sc/sa.gif?project=MICEN&data=eyJkaXN0aW5jdF9pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsImxpYiI6eyIkbGliIjoianMiLCIkbGliX21ldGhvZCI6ImNvZGUiLCIkbGliX3ZlcnNpb24iOiIxLjE1LjEzIn0sInByb3BlcnRpZXMiOnsiJHRpbWV6b25lX29mZnNldCI6MCwiJHNjcmVlbl9oZWlnaHQiOjEwMjQsIiRzY3JlZW5fd2lkdGgiOjEyODAsIiRsaWIiOiJqcyIsIiRsaWJfdmVyc2lvbiI6IjEuMTUuMTMiLCIkbGF0ZXN0X3RyYWZmaWNfc291cmNlX3R5cGUiOiLpkKnlrZjluLTlqLTkvoDlmboiLCIkbGF0ZXN0X3NlYXJjaF9rZXl3b3JkIjoi6Y%2BI7oGE5b2H6Y2S5p2%2F4oKs57Ot6ZCp5a2Y5bi06Y615pKz57SRIiwiJGxhdGVzdF9yZWZlcnJlciI6IiIsInB2X2lkIjoiMWdvNDZrNzQ5NGRmIiwicGxhdGZvcm1fdHlwZSI6IjEiLCJsYW5ndWFnZSI6IjEiLCJsb2dpbl9pZCI6IiIsIiRpc19maXJzdF9kYXkiOnRydWUsIiRsYXRlc3RfcmVmZXJyZXJfaG9zdCI6IiIsIiR1cmwiOiJodHRwczovL2ZpZWxkcmVwMTAxLmNvbS93cC1hZG1pbi91cS9pbmRleC5odG1sIn0sImFub255bW91c19pZCI6IjE4NjA4NmExZmJhNDE1LTBhN2M1NzUyMGZhY2NjLWM1MDU0MjUtMTMxMDcyMC0xODYwODZhMWZiYjQxMSIsInR5cGUiOiJ0cmFjayIsImV2ZW50IjoiZm9ybUFjdGlvbiIsIl90cmFja19pZCI6OTc5NTgxMjR9&ext=crc%3D910722131 HTTP/1.1
Host: fa.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:01 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 28 Sep 1970 05:00:00 GMT
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79236dd15f5db512-OSL
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=2037053586588160&ev=PageView&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&rl=&if=false&ts=1675178419033&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=30&fbp=fb.1.1675178419032.521999351&it=1675178418792&coo=false&rqm=GET

157.240.205.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=2037053586588160&ev=PageView&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&rl=&if=false&ts=1675178419033&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=30&fbp=fb.1.1675178419032.521999351&it=1675178418792&coo=false&rqm=GET
IP
157.240.205.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=2037053586588160&ev=PageView&dl=https%3A%2F%2Ffieldrep101.com%2Fwp-admin%2Fuq%2Findex.html&rl=&if=false&ts=1675178419033&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=30&fbp=fb.1.1675178419032.521999351&it=1675178418792&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Tue, 31 Jan 2023 15:20:01 GMT
X-Firefox-Spdy: h2

fa.micstatic.com/probe/map.gif?v=211112&t=w&d=%7Bpub%3A%7Bpuid%3A%221go46k796bbe%22%2Clinkid%3A%221go46k796bbe%22%2Curl%3A%22fieldrep101.com%252Fwp-admin%252Fuq%252Findex.html%22%2Creferrer%3A%22%22%2Cpdr%3A%221%22%2Ctz%3A%220%22%2Clan%3A%22en-US%22%7D%2Ccore%3A%7Bw%3A%228799%22%2Crobot%3A%220%22%2Clcp%3A%22-1%22%7D%7D

104.18.25.206

204 No Content

0 B

URL HTTP/2
fa.micstatic.com/probe/map.gif?v=211112&t=w&d=%7Bpub%3A%7Bpuid%3A%221go46k796bbe%22%2Clinkid%3A%221go46k796bbe%22%2Curl%3A%22fieldrep101.com%252Fwp-admin%252Fuq%252Findex.html%22%2Creferrer%3A%22%22%2Cpdr%3A%221%22%2Ctz%3A%220%22%2Clan%3A%22en-US%22%7D%2Ccore%3A%7Bw%3A%228799%22%2Crobot%3A%220%22%2Clcp%3A%22-1%22%7D%7D
IP
104.18.25.206:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /probe/map.gif?v=211112&t=w&d=%7Bpub%3A%7Bpuid%3A%221go46k796bbe%22%2Clinkid%3A%221go46k796bbe%22%2Curl%3A%22fieldrep101.com%252Fwp-admin%252Fuq%252Findex.html%22%2Creferrer%3A%22%22%2Cpdr%3A%221%22%2Ctz%3A%220%22%2Clan%3A%22en-US%22%7D%2Ccore%3A%7Bw%3A%228799%22%2Crobot%3A%220%22%2Clcp%3A%22-1%22%7D%7D HTTP/1.1
Host: fa.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Tue, 31 Jan 2023 15:20:06 GMT
timing-allow-origin: *, *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79236df32d9cb512-OSL
X-Firefox-Spdy: h2

fieldrep101.com/wp-admin/uq/css/logon_40922b23.css

192.232.216.140

200 OK

0 B

URL HTTP/2
fieldrep101.com/wp-admin/uq/css/logon_40922b23.css
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-admin/uq/css/logon_40922b23.css HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/wp-admin/uq/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 31 Jan 2023 01:03:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 31 Jan 2023 15:19:59 GMT
server: Apache
X-Firefox-Spdy: h2

fieldrep101.com/wp-admin/uq/js/jquery.min.js

192.232.216.140

200 OK

0 B

URL HTTP/2
fieldrep101.com/wp-admin/uq/js/jquery.min.js
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-admin/uq/js/jquery.min.js HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/wp-admin/uq/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 31 Jan 2023 01:03:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 31 Jan 2023 15:19:59 GMT
server: Apache
X-Firefox-Spdy: h2

www.micstatic.com/common/js/business/global/sensors_track.js?r=1634120031144&r=1634120031144

104.18.21.229

200 OK

0 B

URL HTTP/2
www.micstatic.com/common/js/business/global/sensors_track.js?r=1634120031144&r=1634120031144
IP
104.18.21.229:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /common/js/business/global/sensors_track.js?r=1634120031144&r=1634120031144 HTTP/1.1
Host: www.micstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:20:01 GMT
content-type: application/javascript
last-modified: Fri, 19 Nov 2021 07:38:32 GMT
etag: W/"61975478-a860"
expires: Fri, 28 Jan 2033 15:20:01 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 103894
vary: Accept-Encoding
server: cloudflare
cf-ray: 79236dce3d9ab4f1-OSL
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

0 B

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:19:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 18222247
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79236dc2bd03b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

188.114.98.234

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
188.114.98.234:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 15:19:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 08/04/2021 00:04:37
cdn-edgestorageid: 601
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-proxyver: 1.0
cdn-status: 200
cdn-requestid: 1a094ec5f566140ad8ed25d8ea736316
cdn-cache: HIT
cf-cache-status: HIT
age: 18222146
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79236dc2a8490b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fieldrep101.com/wp-admin/uq/js/jquery-3.1.1.min.js

192.232.216.140

200 OK

0 B

URL HTTP/2
fieldrep101.com/wp-admin/uq/js/jquery-3.1.1.min.js
IP
192.232.216.140:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-admin/uq/js/jquery-3.1.1.min.js HTTP/1.1
Host: fieldrep101.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fieldrep101.com/wp-admin/uq/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 31 Jan 2023 01:03:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 31 Jan 2023 15:19:59 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML