Overview

URLqrcollars.net/shareholder/value/on/
IP 34.102.136.180 (United States)
ASN#15169 GOOGLE
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-02 21:58:21 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (15)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
qrcollars.net (1) 0 2021-01-23 17:11:15 UTC 2022-12-02 10:19:58 UTC 34.102.136.180 Unknown ranking
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-02 17:12:21 UTC 34.117.237.239
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-02 17:27:45 UTC 34.102.187.140
ocsp.godaddy.com (2) 698 2012-05-20 19:28:57 UTC 2020-05-02 20:58:10 UTC 192.124.249.36
partner.googleadservices.com (1) 798 2012-10-03 01:04:21 UTC 2022-12-02 17:15:28 UTC 142.250.74.34
afs.googleusercontent.com (2) 12123 2013-05-07 00:37:08 UTC 2020-04-20 08:38:35 UTC 142.250.74.97
www.google.com (1) 7 2016-03-22 03:56:07 UTC 2022-12-02 17:23:42 UTC 142.250.74.132
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ocsp.pki.goog (7) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 216.58.211.3
api.aws.parking.godaddy.com (4) 36127 No data No data 100.26.85.29
img1.wsimg.com (2) 9893 2012-06-20 14:42:31 UTC 2020-04-15 04:54:15 UTC 23.36.79.16
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.38.198.114

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-02 2 qrcollars.net/shareholder/value/on/ Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 34.102.136.180
Date UQ / IDS / BL URL IP
2023-01-31 17:24:10 +0000 0 - 0 - 1 tulipasgarden.com/ 34.102.136.180
2023-01-31 16:48:12 +0000 0 - 0 - 1 rayssen.ca/RTfbZ/XcliZ/OOekZ/KTnOZ/UaMkZ/c90c (...) 34.102.136.180
2023-01-31 16:42:12 +0000 0 - 0 - 1 spurvirtual.com/ 34.102.136.180
2023-01-31 15:39:35 +0000 0 - 0 - 1 academyabroad.com/555 34.102.136.180
2023-01-31 15:32:44 +0000 0 - 0 - 1 backyardhoneycompany.com/ 34.102.136.180


Last 5 reports on ASN: GOOGLE
Date UQ / IDS / BL URL IP
2023-01-31 21:03:12 +0000 0 - 0 - 2 northamerica-northeast1-carbon-mediator-37181 (...) 216.239.36.54
2023-01-31 20:59:15 +0000 0 - 1 - 0 www.waterloohydrogeologic.com/downloads/AquaC (...) 35.209.39.35
2023-01-31 20:59:07 +0000 0 - 1 - 0 www.waterloohydrogeologic.com/downloads/VMODF (...) 35.209.39.35
2023-01-31 20:58:38 +0000 0 - 1 - 0 www.waterloohydrogeologic.com/downloads/VMODF (...) 35.209.39.35
2023-01-31 20:58:13 +0000 0 - 1 - 0 www.waterloohydrogeologic.com/downloads/Hydro (...) 35.209.39.35


Last 5 reports on domain: qrcollars.net
Date UQ / IDS / BL URL IP
2023-01-19 10:19:37 +0000 0 - 0 - 1 qrcollars.net/ 34.102.136.180
2022-12-26 10:19:24 +0000 0 - 0 - 1 qrcollars.net/ 34.102.136.180
2022-12-02 21:58:21 +0000 0 - 0 - 1 qrcollars.net/shareholder/value/on/ 34.102.136.180
2022-11-22 10:27:28 +0000 0 - 0 - 1 qrcollars.net/ 34.102.136.180
2022-10-24 09:08:33 +0000 0 - 0 - 1 qrcollars.net/ 34.102.136.180


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-30 03:59:59 +0000 0 - 0 - 1 pandorasound.com/ 34.102.136.180
2023-01-29 14:45:03 +0000 0 - 0 - 1 fooderang.com/wp-admin/secure.php 34.102.136.180
2023-01-29 09:41:06 +0000 0 - 0 - 1 pinkmachinegun.com/login.php 34.102.136.180
2023-01-29 07:30:57 +0000 0 - 0 - 1 sjsherry.com/t-online/telecom%20de/login.php 34.102.136.180
2023-01-29 03:18:20 +0000 0 - 0 - 1 procloudservices.com/ntf/r/305d50482f90d06/lo (...) 34.102.136.180

JavaScript

Executed Scripts (8)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (40)


Request Response
                                        
                                            GET /shareholder/value/on/ HTTP/1.1 
Host: qrcollars.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         34.102.136.180
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: openresty
Date: Fri, 02 Dec 2022 21:58:10 GMT
Content-Length: 2551
Last-Modified: Sat, 22 Oct 2022 15:35:03 GMT
ETag: "63540da7-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_iEvQGprZQ1FCZg9/cuNRU3PzcDgN/5syUgzWzH2+M5guRcKXINdZxn3zFFzphP0QUJtw/JCXxCbDHlaUSu2Myw
Set-Cookie: system=PW;Path=/;Max-Age=86400; caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400; country=NO;Path=/;Max-Age=86400; city="";Path=/;Max-Age=86400; traffic_target=gd;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Size:   2551
Md5:    6e0e72649d50296f15557e931c1e05e9
Sha1:   a86f0f6aa222653013fe3c36d434f67057c85e64
Sha256: 895c0f60e59fdd84e53ab7ddb8866c8f49e45386632dca017efedd48313c9e0c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9632
Expires: Sat, 03 Dec 2022 00:38:42 GMT
Date: Fri, 02 Dec 2022 21:58:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5172
Cache-Control: max-age=136757
Date: Fri, 02 Dec 2022 21:58:10 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:57:27 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 21:18:12 GMT
cache-control: public,max-age=3600
age: 2398
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7256
Expires: Fri, 02 Dec 2022 23:59:06 GMT
Date: Fri, 02 Dec 2022 21:58:10 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: uQink5xHNDl1dMAUIs9EPPAe0G4/vzOVbednDcOQmtzBYx8Nu67SBKyW/Mw/+bKHf0uxeN7R/jU=
x-amz-request-id: 9PYNVDNPZ3AKPB1E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 21:46:17 GMT
age: 713
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 02 Dec 2022 21:58:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /parking-lander/static/js/main.4e219663.chunk.js HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://qrcollars.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: ePBtPNltighZ03JBS/Xu3LYeSA7F1yzEuIL6FXs/YdArb0qYS2ZncKxSX45UyFn4EY1mPti8L0Y=
x-amz-request-id: Q5Y8PK0VHGD0XQRS
last-modified: Fri, 16 Sep 2022 16:45:04 GMT
etag: "87b518e8e45487e774f8d47f2dc0026f"
x-amz-server-side-encryption: AES256
x-amz-version-id: 2Wom95JLG5jhnN_DEOMzqRfOKsQDbi7Z
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 02 Dec 2023 21:58:10 GMT
date: Fri, 02 Dec 2022 21:58:10 GMT
content-length: 58202
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65459)
Size:   58202
Md5:    feb46b3c6b7556a8bf123a5e87ffd2b5
Sha1:   aff2efba814012e9fe1586055599069f77e6a062
Sha256: 6f8d46c42987c0d7b471b54065e6b8fd6e965452ccc5c2fcd12f25e5362b5fd7
                                        
                                            GET /parking-lander/static/js/2.5940ae1c.chunk.js HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://qrcollars.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: Ft4hH0fy+dFAnl68G4QyXJ3pS5VY+/K35zEViDI+w7z+sTosafl2fAW4g9NrUhyUgJ7JKbozLe8=
x-amz-request-id: FBDK3VS1K6HF0NCR
last-modified: Fri, 16 Sep 2022 17:52:00 GMT
etag: "04bb6e8d9135d976f28e9ba68fbc6f67"
x-amz-server-side-encryption: AES256
x-amz-version-id: 4zafttojs22R6rxiZs_M0ICLL.vyZxyd
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 02 Dec 2023 21:58:10 GMT
date: Fri, 02 Dec 2022 21:58:10 GMT
content-length: 135541
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65462)
Size:   135541
Md5:    ed301c77cb4cfefcf054b77502912c41
Sha1:   0139ede39adaa61fdae8dfb9c7f6f8600025599b
Sha256: 10ebdcf812a393d96af2bf99a2e5ddf8381f37b2fa85698c4c25e7c03350712c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 21:58:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 21:58:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 21:08:57 GMT
cache-control: public,max-age=3600
age: 2953
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5168
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 21:58:11 GMT
Last-Modified: Fri, 02 Dec 2022 20:32:03 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.36
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 21:58:10 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 20:06:56 GMT
Expires: Sat, 03 Dec 2022 20:06:56 GMT
ETag: "50cf0ebc762f6ff3211e9377b0af85482f54166b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    89a37d9f36550581d020350fce2681ab
Sha1:   50cf0ebc762f6ff3211e9377b0af85482f54166b
Sha256: c3d773e9f0af69b5a676393c02fb287f78a43700a7101405543ff30aa51c86ad
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.36
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 21:58:10 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Dec 2022 20:06:56 GMT
Expires: Sat, 03 Dec 2022 20:06:56 GMT
ETag: "50cf0ebc762f6ff3211e9377b0af85482f54166b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    89a37d9f36550581d020350fce2681ab
Sha1:   50cf0ebc762f6ff3211e9377b0af85482f54166b
Sha256: c3d773e9f0af69b5a676393c02fb287f78a43700a7101405543ff30aa51c86ad
                                        
                                            OPTIONS /v1/parking/landers/qrcollars.net?trafficTarget=gd HTTP/1.1 
Host: api.aws.parking.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-request-id
Referer: http://qrcollars.net/
Origin: http://qrcollars.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         100.26.85.29
HTTP/2 200 OK
                                        
date: Fri, 02 Dec 2022 21:58:11 GMT
content-length: 0
set-cookie: AWSALB=G+6C7gDt7NstSHHZUb8WBSc04YeQB3efaxOM8o328t1i8FhXBfwCF0df9/ETXgdlvHAy7QsSXcX/VWO4fMvoSbPzsCpw9PJvZtzW/LhWH8mSI1WkZzFHmsAWci0x; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/ AWSALBCORS=G+6C7gDt7NstSHHZUb8WBSc04YeQB3efaxOM8o328t1i8FhXBfwCF0df9/ETXgdlvHAy7QsSXcX/VWO4fMvoSbPzsCpw9PJvZtzW/LhWH8mSI1WkZzFHmsAWci0x; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: X-Request-Id
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: http://qrcollars.net
access-control-max-age: 600
x-request-id: 5u6NKS-P
X-Firefox-Spdy: h2

                                        
                                            GET /v1/parking/landers/qrcollars.net?trafficTarget=gd HTTP/1.1 
Host: api.aws.parking.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://qrcollars.net/
X-Request-Id: a6215d16-7d2f-429e-bccc-8c2c206b83d8
Origin: http://qrcollars.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         100.26.85.29
HTTP/2 200 OK
content-type: application/json
                                        
date: Fri, 02 Dec 2022 21:58:11 GMT
content-length: 828
set-cookie: AWSALB=bWxB4B3Vc/MN6CHWbIOQoe7UQB2pM0/vOFqzM6S1jk3gJX2DKKlpKWSq9zjNGeV7KMkBJwCQLFSY5+SV6OLczfUG7gIsiG1YF+ZyeJMWpRrCY4m/Nle2lZjNv4sO; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/ AWSALBCORS=bWxB4B3Vc/MN6CHWbIOQoe7UQB2pM0/vOFqzM6S1jk3gJX2DKKlpKWSq9zjNGeV7KMkBJwCQLFSY5+SV6OLczfUG7gIsiG1YF+ZyeJMWpRrCY4m/Nle2lZjNv4sO; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-origin: http://qrcollars.net
access-control-max-age: 600
x-request-id: a6215d16-7d2f-429e-bccc-8c2c206b83d8
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (827)
Size:   828
Md5:    f754d1f1a12e412232d76addf7afb166
Sha1:   f692cb9a11cb769c0d9c28b05e2957ecc4d9d489
Sha256: 87865ca35898d11777b015022f5cb93822c1153b1bab07f271f886393cab7fca
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m8wL+WPAPrZO8DTWWtXOeg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.38.198.114
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Le4dasPpnpGJ7Q4wJRPGwMC9Eq0=

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 21:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gampad/cookie.js?domain=qrcollars.net&client=dp-godaddy1_xml&product=SAS&callback=__sasCookie HTTP/1.1 
Host: partner.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://qrcollars.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.34
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 02 Dec 2022 21:58:11 GMT
server: cafe
cache-control: private
content-length: 181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   181
Md5:    862a0f14963348e1f92b3810ce1f9e08
Sha1:   58f358e381c3790bc6caa2c4e84ee59537c4504b
Sha256: 11c77475e69b37c6bf7cb9f7ead0bbe97cde2fa777d82657d4fb0c3decaa3464
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 21:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 21:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 21:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.97
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 14:00:44 GMT
expires: Sat, 03 Dec 2022 13:00:44 GMT
cache-control: public, max-age=82800
age: 28647
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size:   272
Md5:    bbbac37f0b6e29a6099e4aa7cb19d6ca
Sha1:   0acafe95e2141f0af6109203efeb2d98e6b926c6
Sha256: a3d7b37475de5a3a350d4dc4790f14a6a5f4045726d2eae4cbe9bd59aeba2fe2
                                        
                                            GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.97
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 18:59:49 GMT
expires: Sat, 03 Dec 2022 17:59:49 GMT
cache-control: public, max-age=82800
age: 10702
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size:   174
Md5:    4de8b85c8915995b571bde50e231be7c
Sha1:   29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
Sha256: 2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
                                        
                                            OPTIONS /v1/parkingEvents HTTP/1.1 
Host: api.aws.parking.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://qrcollars.net/
Origin: http://qrcollars.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         100.26.85.29
HTTP/2 200 OK
content-type: text/plain
                                        
date: Fri, 02 Dec 2022 21:58:11 GMT
content-length: 0
set-cookie: AWSALB=SJfTFDpg5GxBKt4nc8947U7xt/DfzR8Umfua/gb6Ii1GX12kArmRSCd8Y6d8gGBOudw7BHB25eylIo1YFmItQqq0i49NZd9xRxolQlN/GE2QqqMQbmzcNiwgeHUI; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/ AWSALBCORS=SJfTFDpg5GxBKt4nc8947U7xt/DfzR8Umfua/gb6Ii1GX12kArmRSCd8Y6d8gGBOudw7BHB25eylIo1YFmItQqq0i49NZd9xRxolQlN/GE2QqqMQbmzcNiwgeHUI; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/; SameSite=None; Secure
access-control-allow-methods: POST
access-control-allow-headers: content-type
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Dec 2022 21:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /v1/parkingEvents HTTP/1.1 
Host: api.aws.parking.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://qrcollars.net/
Content-Type: application/json
Origin: http://qrcollars.net
Content-Length: 668
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         100.26.85.29
HTTP/2 200 OK
content-type: text/plain
                                        
date: Fri, 02 Dec 2022 21:58:11 GMT
content-length: 0
set-cookie: AWSALB=Njp6nhq+X2Qq5cniL6c+Y4htt4CJIU+pKuaPETiUNe+AoenPo2B+oe/sEc2BuPGbf6nNqVCKGuVBRX6qujKzs/+wkx5037ro2ZmRmyAPDBRrxsfH9mEVpbcHLyS2; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/ AWSALBCORS=Njp6nhq+X2Qq5cniL6c+Y4htt4CJIU+pKuaPETiUNe+AoenPo2B+oe/sEc2BuPGbf6nNqVCKGuVBRX6qujKzs/+wkx5037ro2ZmRmyAPDBRrxsfH9mEVpbcHLyS2; Expires=Fri, 09 Dec 2022 21:58:11 GMT; Path=/; SameSite=None; Secure
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4516
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:58:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4516
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:58:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4516
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:58:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4516
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:58:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4516
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:58:12 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: V8gPBeq9EOtaMA3xqsKI8dQlkyh2UcBpFFchunWrJBPe1YINpR923Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:48:02 GMT
age: 610
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6564
Md5:    58a28fc1cbcacdb07b3ca175281982b5
Sha1:   9bc47ee49fc070d0997e49a719bd9758685ad583
Sha256: d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff41bace1-a7a5-42ae-b255-862c9cbac9de.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10437
x-amzn-requestid: 2a8183c4-47ec-42bb-8e67-3e742dc3750c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YpEeooAMFfvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-2014fd4d49dcd4087bf1db4d;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wQc8gdA6brp46QVd0ee9cBtnmA9q1j3nUO2ou9MDIhecNINtmphq0Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:15:09 GMT
age: 85383
etag: "99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10437
Md5:    291127b670135b42b6e9687aa2a13237
Sha1:   99b5ef2d6a4d1a1251a06d9d9f989b01d089a8d1
Sha256: 49b082a738bcd15a0bb4e9f96a180797ffcfa368977ac1927df882a0343664d3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ArJSu5jI0RrZj3QtJp6oI6Yvf9LCWrYqU0HRIl8U8xJjdeOaJEe2yg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:20:07 GMT
age: 85085
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11443
Md5:    d08081e2dd562ef50e4e98ebc0136698
Sha1:   b5118bca37feda2ada3001199dc1d80ac6d2aacc
Sha256: 5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:09:50 GMT
age: 31702
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8863
Md5:    156e9ea97b774cbd8361072e4041b6c8
Sha1:   fc71ae3cae92ed6011904bb2367f23bf4e69fab4
Sha256: 58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 00:54:54 GMT
age: 75798
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6174
Md5:    b986f9fcbeca91ed5c8d58fbfaf47d19
Sha1:   6e6c8bd2bce144cc4da1cd7be375b046b60dca79
Sha256: 07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jM-fTqLsmU3c_gc9Wle-lvCwXelA9Sid9axtzJQDsfOHv23yUbKsBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 23:43:28 GMT
age: 80084
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4803
Md5:    cc0a257323f882caff067adb86d906e4
Sha1:   cedf2f21be7cd366bd46055b62b5513db3011dfc
Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://qrcollars.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.132
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 02 Dec 2022 21:58:10 GMT
expires: Fri, 02 Dec 2022 21:58:10 GMT
cache-control: private, max-age=3600
etag: "16357369056098493250"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---