r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2039a1dda99e075b82840608771d2326
e89713a35b312f3b87fbeaad98f03fddecbf77ce
aae78c754635e9833fa6c231d775bddc82add02f9ce3197a0b260a0806e708c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AAE78C754635E9833FA6C231D775BDDC82ADD02F9CE3197A0B260A0806E708C3"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2173
Expires: Sun, 18 Dec 2022 14:59:43 GMT
Date: Sun, 18 Dec 2022 14:23:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9f3cf7e36f17a535e53e5213c02cf2b4
e65acbc03135ce135b9e91b4f74b3e1439faa6f6
a2317476862acd0a92fe523454c3991752b07ba14e7667f421dd9624e0233758
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2317476862ACD0A92FE523454C3991752B07BA14E7667F421DD9624E0233758"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3779
Expires: Sun, 18 Dec 2022 15:26:29 GMT
Date: Sun, 18 Dec 2022 14:23:30 GMT
Connection: keep-alive
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
302 Found 478 B URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 213a68c4697c1dbcbe6f1e762b8e3a29
858609b4d03a5dc55eefc3db1295ecac37457487
3963c59294e6b2971e7587fcb9bdf9523d9cc1a197256451274bce3481aafbed
Analyzer Verdict Alert openphish AT&T Inc.
fortinet Phishing
GET / HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Sun, 18 Dec 2022 14:23:29 GMT
Location: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Set-Cookie: publishedsite-xsrf=eyJpdiI6IlgwdmdsSkp4RWpYYU1JbmZQc2Y5aEE9PSIsInZhbHVlIjoiT0NxTzExMVp5bHdOcHZRb1RVSlA0UVFoODFHOWo0ZlRMSlV2QjlMSHNvMURuaElkZXAzbGdHVWRqWWJySHhObThuejc1SmJ4KytNRndncEFKalN2eVk0QWJLSnFLajdzTkNzN09QWVVkM28yS09ZR21qa0RCSVwvdGhEZWFZMmlJIiwibWFjIjoiYzM2ZjdjMjlkOTUzZmJhYjg0NDZhOWFjMzQ4Nzk5MmVjZWIxNGI1MGRkNTU1YmY4MzUzNGUyMDk2NzM4NDVhNSJ9; expires=Sun, 01-Jan-2023 14:23:29 GMT; Max-Age=1209600; path=/
XSRF-TOKEN=eyJpdiI6Iks0d3JiS1JQZFpcL01lVDg1Q29ha1hRPT0iLCJ2YWx1ZSI6Ikt5VitaNW5QUUJPMjk0YzVpeUtpUVhuNEtYa3IwRlQ1Njk3WEZ0cDR1anRcL0xHYldxRm9EUG5DYWY4bVQ5WlFuYjVpY1lXK2UwSEQ3bWp6eTl2d29UZGc4SnNiMVkraFZSZnM1WjJpN3J6MFZjYkRMUXo0S3JRRm0ycDZjbWQwZSIsIm1hYyI6IjNlNmVkOThiZDllNzgwNWM0ZmFmMTM3NThjY2U5NzIxYWIzNTg2YTRhNGJmZGMwZDhkOTRkMzFjMDQ2YjEwMDIifQ%3D%3D; expires=Sun, 01-Jan-2023 14:23:29 GMT; Max-Age=1209600; path=/
PublishedSiteSession=eyJpdiI6InBXNFE4b0JIUzRpN1RTZEpDSVdOQXc9PSIsInZhbHVlIjoiWXRBc0Q0YmZ5a0h0ZFAxZnowQmtrcEZuUnRcL3lwOG1rU2Ftc0JrQW9uXC9yNFFnNVwvXC94dVVnemhJMUFMXC9PXC94Zk9TMVZ1cTdLWmRMU21SY2MxODI2eGMyZ1ZCODJ4d3BXNFBmQUppa1ExdUd6VSs3dHBzbXV2dlBwRW1mZWhpQ1EiLCJtYWMiOiJlNjA5ODJhMWZjNDUyOGE4MDBiNDEyNDIwZDMzNzZkOWYxYjY1MWVkOTQwZjE3MGMxMmQ3ODQ5NWU1MzRkM2MzIn0%3D; expires=Sun, 01-Jan-2023 14:23:29 GMT; Max-Age=1209600; path=/; httponly
X-Host: grn149.sf2p.intern.weebly.net
X-Revision: 6ce0983f7341d24103fdccd0a09bf8f09ae88c22
X-Request-ID: e730df1ac270eb0af7a96d32aa54aba5
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bcade8542361774f13ecd22557ff8fb8
5e67a3753b0856c765f3b17f1742d3ed684ffb6d
647f8d9d3d1170e60a60e15fdfd9b59445feb56a6ce9d9bb2fa4720f0bfc3a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "647F8D9D3D1170E60A60E15FDFD9B59445FEB56A6CE9D9BB2FA4720F0BFC3A14"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3253
Expires: Sun, 18 Dec 2022 15:17:43 GMT
Date: Sun, 18 Dec 2022 14:23:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 18 Dec 2022 13:45:28 GMT
content-type: application/json
age: 2282
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jOZcygbB0nL/+V/LXyHVA3abogXjz8HLw3GXZRfPwxvceqv0g2GTuMmGN0gJggqodUdW+mW0SfK61rnzce462g==
x-amz-request-id: TY5QRX677E9Y0PNM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 18 Dec 2022 13:54:08 GMT
age: 1762
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 14:23:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash 535933d3b5b4a827ed4f168f8c39d11b
f57cbe838b86f48098fd6cb11d5f7e8d1a7c1ff5
0f2e2d352801a3f4ecf77d57b197642332fbd20aabfcd2ab83afb17b9faa2d76
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "0F2E2D352801A3F4ECF77D57B197642332FBD20AABFCD2AB83AFB17B9FAA2D76"
Last-Modified: Sun, 18 Dec 2022 10:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2984
Expires: Sun, 18 Dec 2022 15:13:14 GMT
Date: Sun, 18 Dec 2022 14:23:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 18 Dec 2022 14:08:00 GMT
age: 930
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 0bc27cdcd6c42d7f8eece6c074bc452f
ff1234b58f7381f51f9082c1ef4894b1ac5700ff
672fc3b7ba7ee7a8b376c73a86a5bab00b1a1aead54c3ca64c0bff83d831348e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 644
Cache-Control: max-age=154445
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:23:30 GMT
Etag: "639ed82b-1d7"
Expires: Tue, 20 Dec 2022 09:17:35 GMT
Last-Modified: Sun, 18 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
200 OK 9.0 kB URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (19947)
Hash 3dc340683f6150130fce91d07bcfdf95
b4bcf3775956f792577dce00c9ebef6c880c2e47
431cc69a85384d5382c73020907ee62d5767f589d7828cbd590e007ef8a4029b
Analyzer Verdict Alert openphish AT&T Inc.
fortinet Phishing
GET / HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sun, 18 Dec 2022 14:23:30 GMT
Set-Cookie: publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; expires=Sun, 01-Jan-2023 14:23:30 GMT; Max-Age=1209600; path=/
XSRF-TOKEN=eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0%3D; expires=Sun, 01-Jan-2023 14:23:30 GMT; Max-Age=1209600; path=/
PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; expires=Sun, 01-Jan-2023 14:23:30 GMT; Max-Age=1209600; path=/; httponly
X-Host: blu64.sf2p.intern.weebly.net
X-Revision: 6ce0983f7341d24103fdccd0a09bf8f09ae88c22
X-Request-ID: d001219e1a1398509d21d8066cb4e081
Content-Encoding: gzip
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q3
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q3
IP
Hash 4e6244dec851e8e2132a3450be16a246
d4718044575af2804b73d27a382fa8497c55fb39
b4f5aa89faa494e48bc84fd1f701f75cd25f32153237bf7e842a8e0ff5e6eff6
POST /ca/gsatlasr3dvtlsca2022q3 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:23:31 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F0A4FC505888BA1EC6C231922C61ECCF7EA5952D"
Expires: Mon, 19 Dec 2022 01:00:00 GMT
Last-Modified: Sun, 18 Dec 2022 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2220
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77b88e8b1abcb511-OSL
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q3
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q3
IP
Hash 4e6244dec851e8e2132a3450be16a246
d4718044575af2804b73d27a382fa8497c55fb39
b4f5aa89faa494e48bc84fd1f701f75cd25f32153237bf7e842a8e0ff5e6eff6
POST /ca/gsatlasr3dvtlsca2022q3 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:23:31 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F0A4FC505888BA1EC6C231922C61ECCF7EA5952D"
Expires: Mon, 19 Dec 2022 01:00:00 GMT
Last-Modified: Sun, 18 Dec 2022 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2220
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77b88e8b181fb500-OSL
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZEzVouVaB8MNCl1xGDGfEQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ggVaG/UMQ3Vd83Lt+7nwf9SUTD0=
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 65f181f01ffc262fde9e1d805a9bf973
bf696ccdb1f18e480508e6fef5a207b82773c179
8f77de968fd0d506f7027da606b27cd4b198a539ff12a1ed5b6efd2d3608ca69
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100692
Date: Sun, 18 Dec 2022 14:23:31 GMT
Etag: "639dffa6-1d7"
Expires: Mon, 19 Dec 2022 18:21:43 GMT
Last-Modified: Sat, 17 Dec 2022 17:43:02 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AkkKp3peCGHnpRf0QAVTtYj6z1QlfqY2HFe16mgPSKLKLPPgwGZUGQ==
Age: 2321
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 65f181f01ffc262fde9e1d805a9bf973
bf696ccdb1f18e480508e6fef5a207b82773c179
8f77de968fd0d506f7027da606b27cd4b198a539ff12a1ed5b6efd2d3608ca69
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100692
Date: Sun, 18 Dec 2022 14:23:31 GMT
Etag: "639dffa6-1d7"
Expires: Mon, 19 Dec 2022 18:21:43 GMT
Last-Modified: Sat, 17 Dec 2022 17:43:02 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CGb1xHn8L-WohVoDM3raNySDOPv2oc5beqChu8Y0yK7xZBZa4kAyTg==
Age: 2321
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
200 OK 0 B URL HTTP/2 ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:23:31 GMT
content-length: 0
server: nginx
access-control-allow-origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 600
X-Firefox-Spdy: h2
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
200 OK 2 B URL HTTP/2 ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 2016
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: sp=f0bca798-7201-43a3-93d7-b31b13a96a7c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:23:31 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
server: nginx
set-cookie: sp=f0bca798-7201-43a3-93d7-b31b13a96a7c; Expires=Mon, 18 Dec 2023 14:23:31 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
access-control-allow-credentials: true
X-Firefox-Spdy: h2
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getSquareStoreConfig]
200 OK 894 B URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getSquareStoreConfig]
IP
File type JSON data\012- , ASCII text, with very long lines (894), with no line terminators
Hash e14b833d4cb1453362260154e384986e
18638910d783cbf32526c3efc0329395cd32f394
ea08d3430a023272e79a58b450fa73f8fd94d20dd502d4c86dd9eff1aa1bd590
POST /ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getSquareStoreConfig] HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-XSRF-TOKEN: eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0=
Content-Length: 78
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373411.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:23:31 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu46.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 894
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive
Content-Type: application/json
sentry.io/api/1263158/envelope/?sentry_key=13e49d785d8d4f828038b6136f3b48ba&sentry_version=7
200 OK 2 B URL HTTP/1.1 sentry.io/api/1263158/envelope/?sentry_key=13e49d785d8d4f828038b6136f3b48ba&sentry_version=7
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/1263158/envelope/?sentry_key=13e49d785d8d4f828038b6136f3b48ba&sentry_version=7 HTTP/1.1
Host: sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Content-Type: text/plain;charset=UTF-8
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Content-Length: 429
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:23:32 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
vary: Origin
x-envoy-upstream-service-time: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7767
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:23:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7767
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:23:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7767
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:23:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7767
Expires: Sun, 18 Dec 2022 16:32:59 GMT
Date: Sun, 18 Dec 2022 14:23:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada04738696f861648635c9ba98841e4
ce644cd4349d88aa7c24b2503b0b18b444061639
e5cee777efbf1d8a0f95f6cce71199e5f016a91f90cf0afe38bc86654b9d730d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8696
x-amzn-requestid: c897aeed-a082-46a1-965f-39e8c763cb05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10ZH3jIAMF0gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-548ac80840737a20743980f5;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xFbmIbrDz7MnhaF8tqHeTDzjrwbsP7SbmYb_OLLWZPb7poAmecfDew==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 60267
etag: "ce644cd4349d88aa7c24b2503b0b18b444061639"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed374d0c34e8b2e15f08a6479a4f45e7
5db9e59699048998f0685e940640eae19ef11c8e
9933854830be796a87cfe44b6b8336294e2d3dbbe3205f267720aca6968c3a21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12125
x-amzn-requestid: e44faa15-1dfd-4bc0-bdfb-307c3de2755d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2QPFZAIAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3734-33d636210a1e24742ee71187;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JHDfcd35b-bHZm6oayBIN5NDt6ZeGygBfvu7IKU18wFiLHMGEPQPkQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 22:02:19 GMT
etag: "5db9e59699048998f0685e940640eae19ef11c8e"
content-type: image/jpeg
age: 58873
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12c4c2232b6d09e9085f0214b3260c1e
a24f8e949a2f2a973fe2dd5af994cd970d37f13a
000475ed7d0aab9a7dab3e25f0a29f82552739fea99f98cbf5131282d0db7d63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e098e9f-4d93-4282-beb5-b37a17658134.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10670
x-amzn-requestid: d72e1904-caf4-4c72-a811-d1bde023f4b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT11JGCsIAMFRDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3687-7789040d71253d00378f9162;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NWh-ecaQXJITj6VyK4qutXz95L557E8kCDxs-fNBRmkjUk_ZG0Oygg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 60267
etag: "a24f8e949a2f2a973fe2dd5af994cd970d37f13a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Dg3c2lWr1FbFUalH5QB05VrQIkpt3LNuUM-VxJZiaXy3nJu-cfd5jg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:39:05 GMT
age: 60267
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 578392bee48563d778885698790a124b
597892da925c3a363878e81ff02032a316303512
d30fe2470e1f63c5249fd42d7cd804bbf326cf9a703c61e31b5322ebdb26fca6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9925
x-amzn-requestid: 15eb2112-b947-458a-8544-51bac721773d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2k9HNjIAMFTTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e37b9-7c5b94866d266af252f133b3;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:42:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0nlTTVMgZIa6HUmL4bx0L-menIA1szAYPKbL-2p3jcX9XDGOAHL5eg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:51:24 GMT
etag: "597892da925c3a363878e81ff02032a316303512"
content-type: image/jpeg
age: 59528
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf66930-95e3-4a55-8010-b1b6ca56bb72.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf66930-95e3-4a55-8010-b1b6ca56bb72.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72e6e854c47d50c6eb07f491ac9ecc3b
067e0a350aaf1a509e8263f38191394e2fa1ee8f
cc6c3dff5dd6da8b61a4891a4c8ebb441fb37bd45af06520bc32d025d276a0f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf66930-95e3-4a55-8010-b1b6ca56bb72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11961
x-amzn-requestid: 58d907ec-0831-48ff-bd18-92b1f364190f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2PeF__oAMF2lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e372f-1c97663c43ee7c5552e3a6f9;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:39:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A_2HCy8X0ARYItr1vXoDcYpM18DHeoFfX1LZ_Npuujcgw_nQtqgYGQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:51:24 GMT
etag: "067e0a350aaf1a509e8263f38191394e2fa1ee8f"
content-type: image/jpeg
age: 59528
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/uploads/b/572acd90-7e59-11ed-9618-63082ee62253/icon_180x180_ios_OTQ4Nj.png?width=180
200 OK 668 B URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/uploads/b/572acd90-7e59-11ed-9618-63082ee62253/icon_180x180_ios_OTQ4Nj.png?width=180
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cc514fabf127484b4cd6d593a08b9b70
2278bf01623f3b309e1068dee8fd25c67353a7c7
90effe76e7e46c94dfe81c30855daed5a1d448e53348819185ccb1dd34f00461
GET /uploads/b/572acd90-7e59-11ed-9618-63082ee62253/icon_180x180_ios_OTQ4Nj.png?width=180 HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373411.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:23:32 GMT
Content-Type: image/webp
Content-Length: 668
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Etag: "tVT9lfqEUbbFeYF2p47UVLsbGDzn0CnxoGYij7z5Aek"
Fastly-Io-Info: ifsz=1240 idim=180x180 ifmt=png ofsz=668 odim=180x180 ofmt=webp
Fastly-Stats: io=1
X-Amz-Request-Id: tx00000000000004b5b1e8d-00639f038d-c696eea-sfo1
X-Rgw-Object-Type: Normal
X-Storage-Bucket: z9604
X-Storage-Object: 9604157861c687cf1450f7518b3a4c6923de70998eaba1ea6f988a2106f081d5
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Age: 440
X-Served-By: cache-sjc10058-SJC, cache-pao17430-PAO
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1671373412.443257,VS0,VE9
Vary: Accept
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: grn152.sf2p.intern.weebly.net
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/app/website/cms/api/v1/users/144223484/customers/coordinates
200 OK 70 B URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/app/website/cms/api/v1/users/144223484/customers/coordinates
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 0202fec5c18173b1ccef517d7a8fb076
ed3c42952ab998b5f8f4570735caccb08bbbfbba
a496539bedf56d084f7654fb244367daf638da6ab09f7812b81c743baa995e26
Analyzer Verdict Alert openphish AT&T Inc.
fortinet Phishing
GET /app/website/cms/api/v1/users/144223484/customers/coordinates HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-XSRF-TOKEN: eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0=
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373411.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sun, 18 Dec 2022 14:23:32 GMT
Set-Cookie: websitespring-xsrf=eyJpdiI6IjFuS1ZNaUFiMHRQU3duSFhlZDNvMUE9PSIsInZhbHVlIjoiWno2MjFNdkR2cGZINEwwZ3JuVkZLeVFyQlRkTDZVXC90MjVyTld1ZkNzTWJFcFF0RzMrUFBtTk9OREg5VUVpV0tyUzFGZHdyWWxjQStNd2ZJY3FjRG5zRjJNem5WRzdVNjRKb2lxVUIreERnXC9sYStqaWluWnVydmlEYUtTTjlVRSIsIm1hYyI6ImNiMjUzM2JkMjI5NTU1OTVjNTVmNjI1NDNhMjFjNTBiYWQzOGFkZDI0ZWJjN2U5MmYzOWFjMmYyODAyMzA3ZDkifQ%3D%3D; expires=Sun, 01-Jan-2023 14:23:32 GMT; Max-Age=1209600; path=/
XSRF-TOKEN=eyJpdiI6IkNuWVJBZjh3MjlcL2ljNnFuTEdaUFZ3PT0iLCJ2YWx1ZSI6Im1HWUZJbElnVkFrZnN5WDFXMTVCRDI5WUxZU2txMFwvWVdJUzlMckxackt0WFVXRmx2QVpnRUJmQVRLQWdEb2ZCUkFZNWZxSWIycVZnU3pcL2JCMERIZWhMRlZtXC9TODdXSW9zeVQ4XC9hU1AxQjVlYmFzQWZLOFRrR3VjNDBmbHp5bCIsIm1hYyI6IjdjM2VjOTAyMjJlNzYyY2M3NjBkMmJhNTZiMTI1YjY1MjBkZjM4OTllMTdhM2FmNjgyZmYxMDU3OTNmMGI1OTUifQ%3D%3D; expires=Sun, 01-Jan-2023 14:23:32 GMT; Max-Age=1209600; path=/
X-Host: grn150.sf2p.intern.weebly.net
X-Revision: 6ce0983f7341d24103fdccd0a09bf8f09ae88c22
X-Request-ID: 2d3bd1bebe309fe8a264645cec62d19e
Content-Encoding: gzip
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[ABTestSegmentation::getTestSegments]
200 OK 201 B URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[ABTestSegmentation::getTestSegments]
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash bbf985fd86ef8add09a38860a98def2f
2804fa968da1e1b8be4b6f150438e45f4150d3c0
236153652c6f09415db4ee8f8b9a98827da5987a001a136d94d87f401ef6f160
POST /ajax/api/JsonRPC/Commerce/?Commerce/[ABTestSegmentation::getTestSegments] HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-XSRF-TOKEN: eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0=
Content-Length: 83
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373411.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:23:32 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu33.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 201
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive
Content-Type: application/json
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/square.ico
200 OK 6.5 kB URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/square.ico
IP
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash d810985ef4dc1c0bd5811e36d13c8ca3
2b45bb77c68c937af6a2d9854dc82301526473aa
770e0889aefd823056c7cdbb066a445be0f0754c1b4d4cba877e120fdbcb63e6
Analyzer Verdict Alert openphish AT&T Inc.
fortinet Phishing
GET /square.ico HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjliTlpPVUNuYkYxdXh3TVJaTEJpOUE9PSIsInZhbHVlIjoiZHROd1d0aTR3dHVYb00zSHY0RkhRWFdUWUlQUEE4TTJCd0swVTJMN0lXVjlmT2lTRTRieVl6YTQ1andDdkFoc2hoMWU5Y0xIa2NUeHJyQzN1UXZ3c2lzeG1QRWdEY0RLTmMxd21oYUNTSmN2OUJoWW5HQzZVWHk3VGpxQnZTVXQiLCJtYWMiOiIxNDczZTFhNGZjMGM5Nzc3N2E1OWZkYzM3MWZlZGFhMjc0ZWEyYjQzOTI4YTlhM2ZiMWRkYjMxNDFmNTFkZmY2In0%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373411.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:23:32 GMT
Content-Type: image/x-icon
Content-Length: 6518
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2019 14:51:59 GMT
x-rgw-object-type: Normal
ETag: "d810985ef4dc1c0bd5811e36d13c8ca3"
x-amz-request-id: tx000000000000001ae6532-00628473fc-b9fbc63-sfo1
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: grn63.sf2p.intern.weebly.net
X-Revision: 6ce0983f7341d24103fdccd0a09bf8f09ae88c22
X-Request-ID: 3f9bb28402af1291faa91de7b3b6c98a
ocsp.digicert.com/
200 OK 471 B IP
Hash 33a98b7075f1e9454829559db308a026
f27826dd9eceea8bf7198afc5801ce088f360024
c956468fbea36006fc7a37946106a94d49d550f156a1a224002a8d65e6268898
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5268
Cache-Control: max-age=153658
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 14:23:32 GMT
Etag: "639ec30a-1d7"
Expires: Tue, 20 Dec 2022 09:04:30 GMT
Last-Modified: Sun, 18 Dec 2022 07:36:42 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
200 OK 2 B URL HTTP/2 ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 2456
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: sp=f0bca798-7201-43a3-93d7-b31b13a96a7c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:23:33 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
server: nginx
set-cookie: sp=f0bca798-7201-43a3-93d7-b31b13a96a7c; Expires=Mon, 18 Dec 2023 14:23:33 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
access-control-allow-credentials: true
X-Firefox-Spdy: h2
rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-6ce0983&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=2f2a0062-edf4-4066-8bd9-ae5b1d56462e&batch_time=1671373412703
202 Accepted 53 B URL HTTP/2 rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-6ce0983&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=2f2a0062-edf4-4066-8bd9-ae5b1d56462e&batch_time=1671373412703
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 72b429b1d117f5361ed84844dab1d0ed
014647f4e9af134b77c6f81ba514e31aac1fa74a
bd97eeb91b771ab935e29f89fae4115dafb28ff075d89418debd476b01524c52
POST /api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-6ce0983&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=2f2a0062-edf4-4066-8bd9-ae5b1d56462e&batch_time=1671373412703 HTTP/1.1
Host: rum.browser-intake-datadoghq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15539
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 202 Accepted
date: Sun, 18 Dec 2022 14:23:33 GMT
content-type: application/json
content-length: 53
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=15724800;
X-Firefox-Spdy: h2
rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-6ce0983&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=10de3cee-36c3-471c-9b09-35c2280167b5&batch_time=1671373413189
202 Accepted 53 B URL HTTP/2 rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-6ce0983&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=10de3cee-36c3-471c-9b09-35c2280167b5&batch_time=1671373413189
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5971f33c5464c5e89f9f3960c61f5efe
1cd6fa12f2754342068e818066aaa0f69bb8d201
a437cc8da5e66b1e197cd1775e8f7c54c50325d0e1155248864edd2b6b88d984
POST /api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-6ce0983&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=10de3cee-36c3-471c-9b09-35c2280167b5&batch_time=1671373413189 HTTP/1.1
Host: rum.browser-intake-datadoghq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15905
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 202 Accepted
date: Sun, 18 Dec 2022 14:23:33 GMT
content-type: application/json
content-length: 53
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=15724800;
X-Firefox-Spdy: h2
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
200 OK 2 B URL HTTP/2 ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 1914
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: sp=f0bca798-7201-43a3-93d7-b31b13a96a7c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Dec 2022 14:23:33 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
server: nginx
set-cookie: sp=f0bca798-7201-43a3-93d7-b31b13a96a7c; Expires=Mon, 18 Dec 2023 14:23:33 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
access-control-allow-credentials: true
X-Firefox-Spdy: h2
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::hasCouponsAvailable]
200 OK 79 B URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::hasCouponsAvailable]
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 26e70d9925604cbe0c7e866fc54d87f4
ef5b3fb91cf2534cbf57806d14b21f0a5ae5c259
c0e7b562566962eced45cdf3319b692c55f3df7c3c6d39436a9d21bae2d2e049
POST /ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::hasCouponsAvailable] HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Client-Application-Name: website
X-XSRF-TOKEN: eyJpdiI6IkNuWVJBZjh3MjlcL2ljNnFuTEdaUFZ3PT0iLCJ2YWx1ZSI6Im1HWUZJbElnVkFrZnN5WDFXMTVCRDI5WUxZU2txMFwvWVdJUzlMckxackt0WFVXRmx2QVpnRUJmQVRLQWdEb2ZCUkFZNWZxSWIycVZnU3pcL2JCMERIZWhMRlZtXC9TODdXSW9zeVQ4XC9hU1AxQjVlYmFzQWZLOFRrR3VjNDBmbHp5bCIsIm1hYyI6IjdjM2VjOTAyMjJlNzYyY2M3NjBkMmJhNTZiMTI1YjY1MjBkZjM4OTllMTdhM2FmNjgyZmYxMDU3OTNmMGI1OTUifQ==
Content-Length: 77
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IkNuWVJBZjh3MjlcL2ljNnFuTEdaUFZ3PT0iLCJ2YWx1ZSI6Im1HWUZJbElnVkFrZnN5WDFXMTVCRDI5WUxZU2txMFwvWVdJUzlMckxackt0WFVXRmx2QVpnRUJmQVRLQWdEb2ZCUkFZNWZxSWIycVZnU3pcL2JCMERIZWhMRlZtXC9TODdXSW9zeVQ4XC9hU1AxQjVlYmFzQWZLOFRrR3VjNDBmbHp5bCIsIm1hYyI6IjdjM2VjOTAyMjJlNzYyY2M3NjBkMmJhNTZiMTI1YjY1MjBkZjM4OTllMTdhM2FmNjgyZmYxMDU3OTNmMGI1OTUifQ%3D%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373413.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661; websitespring-xsrf=eyJpdiI6IjFuS1ZNaUFiMHRQU3duSFhlZDNvMUE9PSIsInZhbHVlIjoiWno2MjFNdkR2cGZINEwwZ3JuVkZLeVFyQlRkTDZVXC90MjVyTld1ZkNzTWJFcFF0RzMrUFBtTk9OREg5VUVpV0tyUzFGZHdyWWxjQStNd2ZJY3FjRG5zRjJNem5WRzdVNjRKb2lxVUIreERnXC9sYStqaWluWnVydmlEYUtTTjlVRSIsIm1hYyI6ImNiMjUzM2JkMjI5NTU1OTVjNTVmNjI1NDNhMjFjNTBiYWQzOGFkZDI0ZWJjN2U5MmYzOWFjMmYyODAyMzA3ZDkifQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:23:33 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: grn42.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 79
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive
Content-Type: application/json
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getCurrentOrder]
200 OK 182 B URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getCurrentOrder]
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 6f6b6b81dd3714cd388808342e960a10
f34bc92a2c7a4dfe56bd6f069ad601e6a61e3b61
2eb22bb7b96aaee11236fcf99e822ede29d3a2ddf2d6f019bb70005b5a1540ef
POST /ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getCurrentOrder] HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Client-Application-Name: website
X-XSRF-TOKEN: eyJpdiI6IkNuWVJBZjh3MjlcL2ljNnFuTEdaUFZ3PT0iLCJ2YWx1ZSI6Im1HWUZJbElnVkFrZnN5WDFXMTVCRDI5WUxZU2txMFwvWVdJUzlMckxackt0WFVXRmx2QVpnRUJmQVRLQWdEb2ZCUkFZNWZxSWIycVZnU3pcL2JCMERIZWhMRlZtXC9TODdXSW9zeVQ4XC9hU1AxQjVlYmFzQWZLOFRrR3VjNDBmbHp5bCIsIm1hYyI6IjdjM2VjOTAyMjJlNzYyY2M3NjBkMmJhNTZiMTI1YjY1MjBkZjM4OTllMTdhM2FmNjgyZmYxMDU3OTNmMGI1OTUifQ==
Content-Length: 89
Origin: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IkNuWVJBZjh3MjlcL2ljNnFuTEdaUFZ3PT0iLCJ2YWx1ZSI6Im1HWUZJbElnVkFrZnN5WDFXMTVCRDI5WUxZU2txMFwvWVdJUzlMckxackt0WFVXRmx2QVpnRUJmQVRLQWdEb2ZCUkFZNWZxSWIycVZnU3pcL2JCMERIZWhMRlZtXC9TODdXSW9zeVQ4XC9hU1AxQjVlYmFzQWZLOFRrR3VjNDBmbHp5bCIsIm1hYyI6IjdjM2VjOTAyMjJlNzYyY2M3NjBkMmJhNTZiMTI1YjY1MjBkZjM4OTllMTdhM2FmNjgyZmYxMDU3OTNmMGI1OTUifQ%3D%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373413.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661; websitespring-xsrf=eyJpdiI6IjFuS1ZNaUFiMHRQU3duSFhlZDNvMUE9PSIsInZhbHVlIjoiWno2MjFNdkR2cGZINEwwZ3JuVkZLeVFyQlRkTDZVXC90MjVyTld1ZkNzTWJFcFF0RzMrUFBtTk9OREg5VUVpV0tyUzFGZHdyWWxjQStNd2ZJY3FjRG5zRjJNem5WRzdVNjRKb2lxVUIreERnXC9sYStqaWluWnVydmlEYUtTTjlVRSIsIm1hYyI6ImNiMjUzM2JkMjI5NTU1OTVjNTVmNjI1NDNhMjFjNTBiYWQzOGFkZDI0ZWJjN2U5MmYzOWFjMmYyODAyMzA3ZDkifQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 18 Dec 2022 14:23:33 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu33.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 182
Keep-Alive: timeout=10, max=74
Connection: Keep-Alive
Content-Type: application/json
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/uploads/b/e83c5175f3b8f0fc8a4c7ff24b550a78ff0246a08dc18703c4dd66b9303c5b01/AT&T_logo__1671315907.png?width=400
200 OK 18 kB URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/uploads/b/e83c5175f3b8f0fc8a4c7ff24b550a78ff0246a08dc18703c4dd66b9303c5b01/AT&T_logo__1671315907.png?width=400
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5cb8f91502c287a1593b10c1ca9c7faa
a134f5528f64f4a49fff84c18abc9b060dedb1f4
2a47130d8f87f415f8343a8f9773c6a257b027b94a2588bd96816b8a4b11d070
Analyzer Verdict Alert openphish AT&T Inc.
GET /uploads/b/e83c5175f3b8f0fc8a4c7ff24b550a78ff0246a08dc18703c4dd66b9303c5b01/AT&T_logo__1671315907.png?width=400 HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IkNuWVJBZjh3MjlcL2ljNnFuTEdaUFZ3PT0iLCJ2YWx1ZSI6Im1HWUZJbElnVkFrZnN5WDFXMTVCRDI5WUxZU2txMFwvWVdJUzlMckxackt0WFVXRmx2QVpnRUJmQVRLQWdEb2ZCUkFZNWZxSWIycVZnU3pcL2JCMERIZWhMRlZtXC9TODdXSW9zeVQ4XC9hU1AxQjVlYmFzQWZLOFRrR3VjNDBmbHp5bCIsIm1hYyI6IjdjM2VjOTAyMjJlNzYyY2M3NjBkMmJhNTZiMTI1YjY1MjBkZjM4OTllMTdhM2FmNjgyZmYxMDU3OTNmMGI1OTUifQ%3D%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373413.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661; websitespring-xsrf=eyJpdiI6IjFuS1ZNaUFiMHRQU3duSFhlZDNvMUE9PSIsInZhbHVlIjoiWno2MjFNdkR2cGZINEwwZ3JuVkZLeVFyQlRkTDZVXC90MjVyTld1ZkNzTWJFcFF0RzMrUFBtTk9OREg5VUVpV0tyUzFGZHdyWWxjQStNd2ZJY3FjRG5zRjJNem5WRzdVNjRKb2lxVUIreERnXC9sYStqaWluWnVydmlEYUtTTjlVRSIsIm1hYyI6ImNiMjUzM2JkMjI5NTU1OTVjNTVmNjI1NDNhMjFjNTBiYWQzOGFkZDI0ZWJjN2U5MmYzOWFjMmYyODAyMzA3ZDkifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:23:33 GMT
Content-Type: image/webp
Content-Length: 17996
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Etag: "MxsqQAoImGNeZdVnmYYQD8k0HCPl9uPX3dxXxS0yRn4"
Fastly-Io-Info: ifsz=100581 idim=2560x1052 ifmt=png ofsz=17996 odim=400x164 ofmt=webp
Fastly-Stats: io=1
X-Amz-Request-Id: tx000000000000004bea0e3-0063286a8d-c695612-sfo1
X-Rgw-Object-Type: Normal
X-Storage-Bucket: zc790
X-Storage-Object: c790d51967a818f8290a9d48d50ff01a7343008baf72940a141261e493d60977
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Age: 481
X-Served-By: cache-sjc10045-SJC, cache-pao17427-PAO
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1671373413.421894,VS0,VE1
Vary: Accept
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: blu49.sf2p.intern.weebly.net
attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/app/website/square.ico
200 OK 6.5 kB URL HTTP/1.1 attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/app/website/square.ico
IP
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash d810985ef4dc1c0bd5811e36d13c8ca3
2b45bb77c68c937af6a2d9854dc82301526473aa
770e0889aefd823056c7cdbb066a445be0f0754c1b4d4cba877e120fdbcb63e6
Analyzer Verdict Alert openphish AT&T Inc.
fortinet Phishing
GET /app/website/square.ico HTTP/1.1
Host: attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://attrtdxtrdtdtrdtr34567wsdfgvh4567sdfgh.square.site/
Cookie: _ga_DNQ3ZPYMQW=GS1.1.1654494733.1.0.1654494733.0; _ga=GA1.1.1202189608.1654494733; publishedsite-xsrf=eyJpdiI6InZOQ3Y2TVlQb1k1Zk4rTVp5RmtCVVE9PSIsInZhbHVlIjoielRSMitYRVVneldRdTNQQXA2eEx0K2U1QklHV0E0TlBNakJGc2tOWGpFZGxadHVobzZkbDlvdVBPZHRtZmVldit0RVRkeFwvVlN4MExYZlwvNUhNQzdTMHQwZnQ5Z0NzZlwvU1wvaFZIclwvXC9weE4zXC9rXC9GS3pKUVErNUJiVWloUzNuOSIsIm1hYyI6ImIwNjU0YWNmYTc0NGZkNmFjZTI4ODdkOTExZjEyOWJlODIyYmI1MjA2MDM2NWE2M2UwYTMwODY5ODQxMzViOGUifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IkNuWVJBZjh3MjlcL2ljNnFuTEdaUFZ3PT0iLCJ2YWx1ZSI6Im1HWUZJbElnVkFrZnN5WDFXMTVCRDI5WUxZU2txMFwvWVdJUzlMckxackt0WFVXRmx2QVpnRUJmQVRLQWdEb2ZCUkFZNWZxSWIycVZnU3pcL2JCMERIZWhMRlZtXC9TODdXSW9zeVQ4XC9hU1AxQjVlYmFzQWZLOFRrR3VjNDBmbHp5bCIsIm1hYyI6IjdjM2VjOTAyMjJlNzYyY2M3NjBkMmJhNTZiMTI1YjY1MjBkZjM4OTllMTdhM2FmNjgyZmYxMDU3OTNmMGI1OTUifQ%3D%3D; PublishedSiteSession=eyJpdiI6IkRcL3Z5MVg3WUFDUGRkRHRtYXh0YjZBPT0iLCJ2YWx1ZSI6IlMxZDZwU24yVE81QzZNZm4rMzQ5cjRXMmd2VnFERGtyYTU5MmtQVDdzYW9FZE8wSWJvV05DYnkzclAwN1hJSXQxZUtsSk5iM01uK2FFeWRkdTdFOWJmQ2R0cWhpRmhVUTdBR3NcL0ZCdWRxZHJ6VmQ0MjdsVFlET1pCNUQ1cVZFZCIsIm1hYyI6IjUyYmU0MmFkMWIxM2YwMzVhM2I4OGYwN2I2NzBlNmU1MDE0N2QyOTQ0MmRlODk4NjczMzUwN2U1Y2RhNzEyMjEifQ%3D%3D; _snow_ses.acd3=*; _snow_id.acd3=3e61eb43-2560-4a1d-ac38-2f1fb5ac4898.1671373411.1.1671373413.1671373411.2d366f55-6f60-4ed0-b389-81404a3b0a51; _dd_s=rum=1&id=367a6116-38d5-45f6-b7ba-d1a8fe513b66&created=1671373411661&expire=1671374311661; websitespring-xsrf=eyJpdiI6IjFuS1ZNaUFiMHRQU3duSFhlZDNvMUE9PSIsInZhbHVlIjoiWno2MjFNdkR2cGZINEwwZ3JuVkZLeVFyQlRkTDZVXC90MjVyTld1ZkNzTWJFcFF0RzMrUFBtTk9OREg5VUVpV0tyUzFGZHdyWWxjQStNd2ZJY3FjRG5zRjJNem5WRzdVNjRKb2lxVUIreERnXC9sYStqaWluWnVydmlEYUtTTjlVRSIsIm1hYyI6ImNiMjUzM2JkMjI5NTU1OTVjNTVmNjI1NDNhMjFjNTBiYWQzOGFkZDI0ZWJjN2U5MmYzOWFjMmYyODAyMzA3ZDkifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Dec 2022 14:23:33 GMT
Content-Type: image/x-icon
Content-Length: 6518
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2019 14:51:59 GMT
x-rgw-object-type: Normal
ETag: "d810985ef4dc1c0bd5811e36d13c8ca3"
x-amz-request-id: tx000000000000001ae6532-00628473fc-b9fbc63-sfo1
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: blu127.sf2p.intern.weebly.net
X-Revision: 6ce0983f7341d24103fdccd0a09bf8f09ae88c22
X-Request-ID: 9d2a7677b71533b4badb2ba24d74f6a5
199.34.228.39
104.110.10.32
93.184.220.29
104.18.20.226