www.newsandpromotions.com/tracking/8825
35.227.209.77307 Temporary Redirect 0 B URL HTTP/1.1 www.newsandpromotions.com/tracking/8825
IP 35.227.209.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tracking/8825 HTTP/1.1
Host: www.newsandpromotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: _xTID=8539
Upgrade-Insecure-Requests: 1
HTTP/1.1 307 Temporary Redirect
Date: Wed, 18 Jan 2023 20:05:30 GMT
Server: Apache
Set-Cookie: _xTID=8825; expires=Wed, 18-Jan-2023 20:10:30 GMT; Max-Age=300; path=/; domain=newsandpromotions.com
_xSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=newsandpromotions.com
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location: http://track.ecampaignstats.com/lprd/trk.php?TID=8825
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Via: 1.1 google
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 648bf42163c5d645d8a33cd0a9afebd0
9b9ac85435c4e90647e8379bca54c689058a8929
060757fb4857858d4d01a715824ea6771d0137e73a24bf75e2844d0f346380fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060757FB4857858D4D01A715824EA6771D0137E73A24BF75E2844D0F346380FA"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2381
Expires: Wed, 18 Jan 2023 20:45:11 GMT
Date: Wed, 18 Jan 2023 20:05:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13701
Expires: Wed, 18 Jan 2023 23:53:51 GMT
Date: Wed, 18 Jan 2023 20:05:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 18 Jan 2023 19:34:26 GMT
content-type: application/json
age: 1864
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17546
Expires: Thu, 19 Jan 2023 00:57:56 GMT
Date: Wed, 18 Jan 2023 20:05:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 02SMcHiDmbuDuq1UEDNVD6PwKWufxSzmrw+wB4c8ezNhMAZY8FE6flamTkeN2Jo8uU4cX+OALKw=
x-amz-request-id: Y9D276XVSYHGX3BE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 18 Jan 2023 19:45:32 GMT
age: 1198
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 18 Jan 2023 20:05:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 18 Jan 2023 19:17:25 GMT
age: 2885
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 79af32d8e279b4cfec147ab51cb6fcb3
d726903292bd1e08a6d9fe0719d2cd5b33dc5fe6
bfcb2d8f14d89736ac6b771f1618a8fc5e707691d60807a574fb719c8e9393ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 57
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:31 GMT
Last-Modified: Wed, 18 Jan 2023 20:04:34 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
track.ecampaignstats.com/lprd/trk.php?TID=8825
209.148.95.13302 Found 0 B URL HTTP/1.1 track.ecampaignstats.com/lprd/trk.php?TID=8825
IP 209.148.95.13:0
ASN #394844 ROOT-LEVEL-TECHNOLOGY
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /lprd/trk.php?TID=8825 HTTP/1.1
Host: track.ecampaignstats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: _xTID=8539
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 18 Jan 2023 20:05:30 GMT
Server: Apache/2.4.52 (Debian)
Set-Cookie: _xTID=8825; expires=Wed, 18-Jan-2023 20:20:30 GMT; Max-Age=900
Location: https://www.cardealsnearyou.com?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content=&utm_term=
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
54.149.156.115101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.156.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MAdCP2Wjoz0zMLwf50DB1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NWT2AISwMDsJWFfQ5qrZB2MrIrU=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 888a7b17faddf50d33ae62a7c387c605
f3ca7a44b7555dc6a4254d60a84954a6a9ec7fde
041eb53395baa2056cb4d8ba25bcb0176735d6dd0c489b6175894b60524c004f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "041EB53395BAA2056CB4D8BA25BCB0176735D6DD0C489B6175894B60524C004F"
Last-Modified: Wed, 18 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 19 Jan 2023 02:05:32 GMT
Date: Wed, 18 Jan 2023 20:05:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6cfc390c95e65230e6798520be7df960
084d7efc24649c68fb6a0da6929585873796ec2a
ca8ad2a520681efa3bd19dc19b9414ae238d6ec5cf8d443103cabd16099c2117
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8AD2A520681EFA3BD19DC19B9414AE238D6EC5CF8D443103CABD16099C2117"
Last-Modified: Tue, 17 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5882
Expires: Wed, 18 Jan 2023 21:43:34 GMT
Date: Wed, 18 Jan 2023 20:05:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6cfc390c95e65230e6798520be7df960
084d7efc24649c68fb6a0da6929585873796ec2a
ca8ad2a520681efa3bd19dc19b9414ae238d6ec5cf8d443103cabd16099c2117
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8AD2A520681EFA3BD19DC19B9414AE238D6EC5CF8D443103CABD16099C2117"
Last-Modified: Tue, 17 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5882
Expires: Wed, 18 Jan 2023 21:43:34 GMT
Date: Wed, 18 Jan 2023 20:05:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6cfc390c95e65230e6798520be7df960
084d7efc24649c68fb6a0da6929585873796ec2a
ca8ad2a520681efa3bd19dc19b9414ae238d6ec5cf8d443103cabd16099c2117
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8AD2A520681EFA3BD19DC19B9414AE238D6EC5CF8D443103CABD16099C2117"
Last-Modified: Tue, 17 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5882
Expires: Wed, 18 Jan 2023 21:43:34 GMT
Date: Wed, 18 Jan 2023 20:05:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6cfc390c95e65230e6798520be7df960
084d7efc24649c68fb6a0da6929585873796ec2a
ca8ad2a520681efa3bd19dc19b9414ae238d6ec5cf8d443103cabd16099c2117
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8AD2A520681EFA3BD19DC19B9414AE238D6EC5CF8D443103CABD16099C2117"
Last-Modified: Tue, 17 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5882
Expires: Wed, 18 Jan 2023 21:43:34 GMT
Date: Wed, 18 Jan 2023 20:05:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce2d78c9-2134-471e-bdb1-875c1b61ff8b.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce2d78c9-2134-471e-bdb1-875c1b61ff8b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ec6c49f056e786896d54fe22c242391
cc6b64ff3f09853843b62e555456a1ad9f0909fb
42f0571efba18630c8deee17e98c6939a7050b04f613ad10515caf503e496b4d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce2d78c9-2134-471e-bdb1-875c1b61ff8b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5663
x-amzn-requestid: 9a1c75a4-1c8d-4bd2-b6ca-7fccb8b43c12
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A0gF5goAMFveA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c714e9-1d274e8074771db651e80979;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:36:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sAxuQECVKx0dfc2UM_E_70nKN8za1SBN4opMWr_74gT5ScurgZGVLw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 21:46:36 GMT
age: 80336
etag: "cc6b64ff3f09853843b62e555456a1ad9f0909fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99a6337c-ea71-4474-ba67-803997f0f17d.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99a6337c-ea71-4474-ba67-803997f0f17d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8069887e5e81584380ef3f819bcfab6e
3794126935a3e08de469ea37d29cba7be412d408
934e0982c1d49f06c64f524698b93fb1abf3b8833785d633bad104d052dd3ef0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99a6337c-ea71-4474-ba67-803997f0f17d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7871
x-amzn-requestid: 212d220f-c590-4c72-9508-e481cd5045ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A1UGmeoAMFzpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c714ee-273c8bb54acc0f2b6d12b567;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zGNahizGhnMhpQxlxsexepYOI7y_40It8BrZjAd041J8Ws-jBYL0Ng==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 21:59:12 GMT
age: 79580
etag: "3794126935a3e08de469ea37d29cba7be412d408"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
54.230.111.75200 OK 15 kB URL HTTP/2 api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
IP 54.230.111.75:0
Hash a89545a7b4bfd1d86a1d26a9f8fcda9c
66c4936a4053deec7a6f265cba6a10d6b2b8de7f
ee6bef6ce9bcc9b80b05e76cfbfa995b67ea5803d14971b347a87090566b3e14
GET /scripts/v2/pushnami-sw/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 18 Jan 2023 20:01:52 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZNfGXDDy8pqMSJAJPe5jQ-ctRkxf3UJ3qexy8QKmvGlDzSBzKWa6OA==
age: 220
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F873f34de-bef8-46f1-9dc4-d277bf6c1c65.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F873f34de-bef8-46f1-9dc4-d277bf6c1c65.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f491398239265c63ac162d47ab006ce6
c95e1bba76e910100e86f8abf789e5b5c1a2baa6
cdada2d9608e9d3f8e03cf9ced211550b6f7c8f7e0b5ee027a96f45af38523f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F873f34de-bef8-46f1-9dc4-d277bf6c1c65.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7741
x-amzn-requestid: 9af04340-5be9-42b0-96be-0264661c6dae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A6LEMtoAMFW_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c7150d-2348c8846249175e74efc226;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:37:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _7YOm38n8-T2LAL-cRA7R8KvEUBhXEM0dOXjOZ6HyPRNfMu6Z0Fh3g==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 22:17:05 GMT
age: 78507
etag: "c95e1bba76e910100e86f8abf789e5b5c1a2baa6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a78cd6d-1eab-47b0-b5c7-f2d1f91acc3a.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a78cd6d-1eab-47b0-b5c7-f2d1f91acc3a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3f112ea3865f38cbbcc8400b58320fa0
dacc584338546bf60f26b2a0bec48e9b584640dc
7feb3c0691f40354701d1cb0bf3c834d1eeead4a7297fac3afc0f4a7ca2c94cb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a78cd6d-1eab-47b0-b5c7-f2d1f91acc3a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8853
x-amzn-requestid: ff98ec33-294a-4a13-b064-3cd4744cd2b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e0LLKHPnIAMF0vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4bf14-233cbc6407c6b138144d7abb;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 03:05:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QZZaGtGl3Z-4G4DxO4R_gjfDdQVgJc30Ur9EyLAvbGFhv4LfaXziPQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 04:00:29 GMT
age: 57903
etag: "dacc584338546bf60f26b2a0bec48e9b584640dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d4770a8-c74a-4d56-b999-a0f191af3bf2.webp
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d4770a8-c74a-4d56-b999-a0f191af3bf2.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9200e43ca808b9ecec74828e03853d4c
3070340147ced46e5fdf73408272aa39391976fb
abdaedfc2da45180c463607686b20afd82113b78cfa78b0f28ab169b9858469b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d4770a8-c74a-4d56-b999-a0f191af3bf2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6454
x-amzn-requestid: 79329eb3-8d89-423f-8626-32c5e2e2831a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A0gHpeoAMF-Jw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c714e9-5e859dc121cd322c6b684eee;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:36:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TKl5JNASQseZsuX_yJtVaUT2TCY5lKIxjJ8QvhDIXDAkC8GwIRilYg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 22:01:08 GMT
age: 79464
etag: "3070340147ced46e5fdf73408272aa39391976fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content=&utm_term=
8.38.122.197301 Moved Permanently 0 B URL HTTP/2 www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content=&utm_term=
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content=&utm_term= HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
x-b-cache: BYPASS
x-redirect-by: WordPress
location: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 18 Jan 2023 20:05:32 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/service-worker.js
8.38.122.197200 OK 112 B URL HTTP/2 www.cardealsnearyou.com/service-worker.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with no line terminators
Hash b0c4c2d74788c70c694c480595afb46f
beeec0be7ae7d24edb68398a43de20911de87562
06809e1de85a920f3658d8eecbc84164304f556accfb0090706bf6448d944c1e
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Jan 2023 20:05:30 GMT
etag: "6a-5f28f5698b8a7-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:32 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 112
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:32 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 607bf9684e4803d817fdd1120427dcdd
886fa77396c792751868f05806793937a4f11be6
d17df5470015b9c3be3fc1e9c8fa5f2b732231eed453b689e94897f6f1da3911
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.googleapis.com/maps/api/js?key=AIzaSyDr1xM6IU4fHaTYM8RxC9hoou0Ig_58ITc&libraries=places%2Cdrawing%2Cgeometry&language=en&ver=2.0.1
142.250.74.106200 OK 59 kB URL HTTP/2 maps.googleapis.com/maps/api/js?key=AIzaSyDr1xM6IU4fHaTYM8RxC9hoou0Ig_58ITc&libraries=places%2Cdrawing%2Cgeometry&language=en&ver=2.0.1
IP 142.250.74.106:0
File type ASCII text, with very long lines (2448)
Hash 0c2aa204d8c973642cebb06e0bf00df0
03eb4534827d369c32fb75d49f86a4a3fdf3f1aa
2ec8721030ef4fbb630d2394afc74a367371aa98988da8b04e80f33bc59a1d62
GET /maps/api/js?key=AIzaSyDr1xM6IU4fHaTYM8RxC9hoou0Ig_58ITc&libraries=places%2Cdrawing%2Cgeometry&language=en&ver=2.0.1 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 58979
x-xss-protection: 0
x-frame-options: SAMEORIGIN
date: Wed, 18 Jan 2023 20:01:50 GMT
expires: Wed, 18 Jan 2023 20:31:50 GMT
cache-control: public, max-age=1800
content-type: text/javascript; charset=UTF-8
age: 223
server-timing: gfet4t7; dur=1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/css/animations.css?ver=2.7.10
8.38.122.197200 OK 1.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/css/animations.css?ver=2.7.10
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 590881ddb2faca501eb64a1cae756d2a
095a054091ac2d12de37d460b54fac424f406fc1
e4ac349500702dcd738cde2fb9eb760d6d11d762e25997a39e3cb9db23ad40a3
GET /wp-content/plugins/dynamic-content-for-elementor/assets/css/animations.css?ver=2.7.10 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:02 GMT
etag: "3cfb-5e9dce3792e80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1551
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/css/classic-themes.min.css?ver=1
8.38.122.197200 OK 189 B URL HTTP/2 www.cardealsnearyou.com/wp-includes/css/classic-themes.min.css?ver=1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:56 GMT
etag: "d9-5f00b60704f55-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 189
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/css/dist/block-library/style.min.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/css/dist/block-library/style.min.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (47826)
Hash 8fa87dd23394a22621248ec378d2af59
9305bc637a89b1700d7f56a19a80bd32b0feb2f7
c162f7de24fa2d4e93e0da254ef287ff72f4a3e03f42443265097968351388dc
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:56 GMT
etag: "172a9-5f00b6071512b-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12518
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0
8.38.122.197200 OK 974 B URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with CRLF line terminators
Hash 876b4c2a82d0b3bfbf20b72764e9cdc4
e1473ec06389429443a395b3c8dbce60be8eb1a3
f2ca09c44d9d0bbc790a75ad28320da3ee5b5e5e7875836c2910ca2ec4636ab2
GET /wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 20:13:47 GMT
etag: "1240-5f00bb94e4d1d-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 974
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/owl.carousel.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 899 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/owl.carousel.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (3630), with no line terminators
Hash 0fd6cde7646e79e085a7bcd4e54454e1
6af9258308691fc18f233b3a716bab3d0ef49426
4ba6f1bcf100600b7f2e008c46cc8597916f14c8db378fa507f2daaa3560740d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/owl.carousel.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "e2e-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 899
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/grid.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 1.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/grid.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (540)
Hash 010ba361ace5fbb7d07bd66b3a48cf2a
c60c40f4e72c63363b68ba02a2a19b682041a10f
f3edb316d73bcd98551b4d90fb059d3ebf5307852a046a507915fb0d8a7a60b8
GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/grid.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "2b33-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1444
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/lightgallery.min.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 3.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/frontend/lightgallery.min.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (20660), with no line terminators
Hash b8f5fb406b5dde0528079b1f2957f623
cd9e95a4c9121e714058ccd4b4bb20abfabc9080
d906fb4ec194f825b3a60ba2367400588fee92446204b49fdab907258b0e68c1
GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/lightgallery.min.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "50b4-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3790
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1674072333
8.38.122.197200 OK 13 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1674072333
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (59158)
Hash d7913fc87c4606f82b4ee77a8d47fc2f
62a54acf7535ae53425b44dadfe5fdabf3d8300a
bb05c88bb0b82e2f14f1efb94b4c3511292f74c3bb7cb0b104d300a42a49492f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1674072333 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:15:37 GMT
etag: "e7d0-5d9e13369e440-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12869
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
8.38.122.197200 OK 110 kB URL HTTP/2 www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Size 110 kB (110426 bytes)
Hash eb1f4598a90960455c31ad414ebca810
9fcbe56971b462fdd280c3fd8ab0a5b6ec2c5e38
7f041b25e2fe6bd8c3e12d30fd3e189cb1e7fb79e5868cb631827894da5d421e
GET /?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
x-b-cache: BYPASS
link: <https://www.cardealsnearyou.com/wp-json/>; rel="https://api.w.org/", <https://www.cardealsnearyou.com/wp-json/wp/v2/pages/1360>; rel="alternate"; type="application/json", <https://www.cardealsnearyou.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/html; charset=UTF-8
date: Wed, 18 Jan 2023 20:05:32 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 2b02c407fd912449a1b278f0bf3d8574
817bcff5b7c0444426b19027c772bddce84cf130
67ceddcf2eef43f1c11fc85c1398c39b5ff875a93dafbf9c4526e6d3bc5eb52a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 96932e7ee122dfbe89a87a0265f8bf94
a260e5fb88fa73efaedcd7880f4bfea7acf44fbb
e806134fe3187494ab16df5a777bb4d7b8d0a8c400b542a5414b63c7ef3ac3e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 2b02c407fd912449a1b278f0bf3d8574
817bcff5b7c0444426b19027c772bddce84cf130
67ceddcf2eef43f1c11fc85c1398c39b5ff875a93dafbf9c4526e6d3bc5eb52a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/css/megamenu.css?ver=2.3.1
8.38.122.197200 OK 29 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/css/megamenu.css?ver=2.3.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (545)
Hash 45f6eab951ca317ec475b529f46417b4
fce41b7dd131001beb3f1dc96a1793452f624b44
a231e34d708b1f7663ec942c27dd9eec1fcdf574b8f9431522d3c360afbf32a2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm-megamenu/assets/css/megamenu.css?ver=2.3.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:17:22 GMT
etag: "a149c-5d9e139ac1080-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 29438
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/service-icons.css?ver=5.1.2
8.38.122.197200 OK 977 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/service-icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 641140f1223ff5df29ee18f8c8f70aba
ee0c640727fd652e863fd635d520b173e8b40d13
b5bc1943b25ef3c81c37dfb34d070364f53739ca18660bb96809c5a3225541aa
GET /wp-content/themes/motors/assets/css/service-icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "fad-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 977
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 43904744042cec16f81766250b8ebf49
8393568a2e9c86dafc36563c76703704c7cd86c6
d2359c7cce5176a68cd627ba7e39dfceff78036c6840cd468994df8519f1fb27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/magazine/magazine-icon-style.css?ver=5.1.2
8.38.122.197200 OK 421 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/magazine/magazine-icon-style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 5c1a960d788c02bad2b16c27e454c54c
173296d3fc4e8de3414a123deb279dfdd64bd034
f11d0b6e69aaf946642073a7cca64a84239b56463ea101419eb5cc2249a4bf5d
GET /wp-content/themes/motors/assets/css/magazine/magazine-icon-style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3e5-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 421
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/motorcycle/icons.css?ver=5.1.2
8.38.122.197200 OK 490 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/motorcycle/icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash cb10860ede4d9ab43f9cdb5aaae451bd
e3910ef96d8ceb6550f9ea6a58c712d004b79acc
33da399f2c6220f71350a51b05a19058cec7ccc070e5b1c18520d0eaec608830
GET /wp-content/themes/motors/assets/css/motorcycle/icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5b3-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 490
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/style.css?ver=5.1.2
8.38.122.197200 OK 396 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 5b14aab06cc4ce54392ef426221ba25d
07f40c8f54e83ff19f3d0b03529419cf0f93f1e5
32acde4090f36bd8d830b58765765d2fc848935052bb4154be54fb786447666b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:35 GMT
etag: "298-5d2c3afe48cc0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 396
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/auto-parts/style.css?ver=5.1.2
8.38.122.197200 OK 544 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/auto-parts/style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 647499d93bd6ced6839431fee63db188
2090144108643c4f8ad4181e18c7625a9019615d
46cb51a861e4887e2d2017ac5e6eb349bc2b4427948598d26d6e55e6e15dcf58
GET /wp-content/themes/motors/assets/css/auto-parts/style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "6bb-5d2c3afc60840-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 544
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/vin-decoder.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 4.5 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/vin-decoder.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (23366), with no line terminators
Hash 409ed4df68521a808313b7ce8d2875d3
2bfeb5236e3db8e1ed77213d8dad9e97b6f7bb17
ec27d1caa25b46911cbe9f09fc12684cb3dc2c07c36972f6f9b9304145e9fd62
GET /wp-content/plugins/motors-vin-decoder//assets/css/vin-decoder.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "5b46-5e9dce4e76480-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4490
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/select2.min.css?ver=5.1.2
8.38.122.197200 OK 2.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/select2.min.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (14965)
Hash 8e684dd388239a6bcac3bc41e52c4e17
2691065d51586e3fdcfce1ea8e51787a05061989
f5e41c52b1303b9ad13beb859f02abc7397d27e3b6504c5bd82a2b68dfa6ece4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/select2.min.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3a76-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1998
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/icons.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 404 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/icons.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1414), with no line terminators
Hash dcadca1139e6522100c6ba8850f572ca
dca0ee9e0f96f5f8d399e2aee39b26ff26a4ee18
bb206bb906b05edee537c89d075ec04bc570ff9f7e59270d803b6f4bb80f2534
GET /wp-content/plugins/motors-vin-decoder//assets/css/icons.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "586-5e9dce4e76480-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 404
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/stm-icon.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 922 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/stm-icon.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (4593), with no line terminators
Hash db40a8a36efef57420f92ea109fc33a2
5554034fed439657049ea0b3bd7eb43d9aa0fb50
c3ff3a300e8016e244ca4e49de4285da191044970ddcf0f93710d014481f5765
GET /wp-content/plugins/motors-vin-decoder//assets/css/stm-icon.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "11f1-5e9dce4e76480-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 922
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/service-icons.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 691 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/service-icons.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (3302), with no line terminators
Hash ab6f97ea7059c232693a4b570e087b62
dcfe539ea4e28d385ce694223174123f82e14ac0
6d7bc8cdd8c2936c4e49bca0f1f14363bc020331fba7379c0f741f85e014ab6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/motors-vin-decoder//assets/css/service-icons.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "ce6-5e9dce4e76480-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 691
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 1.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (5334), with no line terminators
Hash 0b06d9e311712e0f5c38e06f549d646c
96ffc4906d416ca3c5e0aa21fc2d6ea262b4f8bd
e3c5dbba5924a8329f175882cd40dba5f02b082fb631dc6510119a88ce19b112
GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:49:49 GMT
etag: "14d6-5e9dce2b2d140-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1108
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/rental/icons.css?ver=5.1.2
8.38.122.197200 OK 516 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/rental/icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 277e52066662b1b4a68efef4e93727e2
a2f2b791f3510e4b5d44554e004f60d041ceca9c
3659bb3504f8f1972b298b0e35d3a7bb23abad8480b894c730a6081159daf0cf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/rental/icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "658-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 516
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/classie.js?ver=5.1.2
8.38.122.197200 OK 741 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/classie.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash f0112a883818f94b8dc89e351adf8c36
2bd281f37b61a8f6df97c2b575cdef39f77a058e
65440f8274adef2f3945bb5ce75f16a693d0042af7f46170302175fce06eecc6
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/classie.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "7b4-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 741
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cookie.js?ver=5.1.2
8.38.122.197200 OK 1.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cookie.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 54a9ec3dee95fd1f6e2f6e7336e94a37
8a54ab06be97e71aefefa71eec1e9955697f595f
5d5dbf633220d53cbd1cdea10b7cef58ef619c0296390fa05473e2e0e3883b79
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/jquery.cookie.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "c9f-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1404
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery.stmdatetimepicker.css?ver=5.1.2
8.38.122.197200 OK 4.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery.stmdatetimepicker.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1961)
Hash 2dbe5d4f94fdcf3df53ec6071a433b32
b71af6bb415f16b2624d97e8914137399c8ec596
0850bfcae403b88d409a60d16d73c6e1f7ef1c8274c5b090ab290b2aa7923546
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/jquery.stmdatetimepicker.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "4981-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4618
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cascadingdropdown.js?ver=5.1.2
8.38.122.197200 OK 3.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cascadingdropdown.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 50ee568b88e40a5f369d4611aa34ab2f
6caa354286926ae3629c4d3226aa9109965bb3f5
30526794044b3dd2650c2b11e5c99444ea080e20d8c0d2413f81d863e42eac21
GET /wp-content/themes/motors/assets/js/jquery.cascadingdropdown.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3af3-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3392
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/vivus.min.js?ver=5.1.2
8.38.122.197200 OK 4.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/vivus.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (11790)
Hash e32b509ac7d4098a5b9b8e331806fae6
8eb95384473b97e58ed5a08e0488635cea14de2e
92b151372b22bb095ea3e33d5d127d585b5db4f511fd0253977b97fab111b66b
GET /wp-content/themes/motors/assets/js/vivus.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "2eb3-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3975
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
8.38.122.197200 OK 4.2 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 17 Dec 2020 15:23:57 GMT
etag: "2bd8-5b6aa94945d40-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4169
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/js/megamenu.js?ver=2.3.1
8.38.122.197200 OK 971 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/js/megamenu.js?ver=2.3.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 51ad0ef73c352aa94303772dca8c0240
a71f2c3b0a2c70aa50c6373c7b7e6127531174f4
9deb442149659fc37a21cd0020410781b1a05ccc68ef75dc0321d4d38e033946
GET /wp-content/plugins/stm-megamenu/assets/js/megamenu.js?ver=2.3.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:17:22 GMT
etag: "ddc-5d9e139ac1080-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 971
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect-slide.min.js?ver=1.13.2
8.38.122.197200 OK 532 B URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect-slide.min.js?ver=1.13.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (715)
Hash c6eec70dbdb35e10940481afd6fb859e
a2333258c79fa27b6fa27bd175facb32af247a02
3d50911e99e821edcd490bcf7860810c75465ff882830ae8c0e3be4fb01b90f1
GET /wp-includes/js/jquery/ui/effect-slide.min.js?ver=1.13.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "385-5f00b607ac359-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 532
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (56243)
Hash 56ff26e4540fe0eb470200be12da9539
e55c1cf13307417eb0721280047dfe0a7e870752
41bd8b382a880ae6ec59d84506d7b5ba03c23eb9dd5b4044eb8f50e182fb39f4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "dc69-5d9e136a1ddc0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12251
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/filter.js
8.38.122.197200 OK 1.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/filter.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d3ee691c61395de289c3fb7b73eae488
19b2b9f87eae773cf965de6908cf2312508a3fb4
b75811441aad57809cd0f5eb5ff796cd0cfb060dc3d6bbeb26c253c892b6c862
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/filter.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "f0f-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1143
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/form-autocomplete-nish-premium/js/app.js?ver=2.0.1
8.38.122.197200 OK 1.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/form-autocomplete-nish-premium/js/app.js?ver=2.0.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 3822b0254ccef7825b314c2871538ae7
0841781a78decc405b592406d734f77c992605f7
00ecf870ba7e38a5ff3a6487ac58d17b354625eb89575cdd81a6ad1555e08462
GET /wp-content/plugins/form-autocomplete-nish-premium/js/app.js?ver=2.0.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 19 Apr 2022 14:32:02 GMT
etag: "1c56-5dd02bd783c80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1557
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.2
8.38.122.197200 OK 3.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (10549)
Hash a25bea194f027eaf42b5641de76a8a89
aa47559231ed4bb82a55fe60f66ee328f1e2977b
cd9113233b5b7b04e64c9a7812c86376e7e2b3e576bdf2c7c5e0efefd609912a
GET /wp-includes/js/jquery/ui/slider.min.js?ver=1.13.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "29e8-5f00b607b2cd4-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3121
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
54.230.111.75200 OK 2.9 kB URL HTTP/2 api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
IP 54.230.111.75:0
File type ASCII text, with very long lines (6614)
Hash e5eb728d8b6f6d8a5ee62caff4b557e8
cd0cfbc695f7358064d3b491ca5d3f3f8cc6d09f
df8ed67369b99c3344999b38c7390c76a278b75f285d5192e5674cb14e2e8888
GET /scripts/v2/pushnami-sw/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 18 Jan 2023 20:01:52 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UQlpR3E-_3poiZARcXv5GGU8Nzw3NqVgDF65LEkxsm60fePeGJ5Lhw==
age: 221
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 822633ac48cae0d57b2b2a51d200a8fc
6460e9e9bb89acc474236694a9fa5e779a9e4d95
2cad2f87bcfcafe99731864007e69e9cab171d2237f2d752d78cc87f6c8fc821
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135739
Date: Wed, 18 Jan 2023 20:05:34 GMT
Etag: "63c7a720-1d7"
Expires: Fri, 20 Jan 2023 09:47:53 GMT
Last-Modified: Wed, 18 Jan 2023 08:00:32 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: t6Me1fUV7YomUNgSonCXliXFs5ZMBLwlufw_dWPMt9NFUVf4Q4w6WQ==
Age: 6441
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/init.js
8.38.122.197200 OK 2.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/init.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with CRLF line terminators
Hash ac3a3f718297d2ee72c0cdf19db1de08
75b0bfbb100b047dc0a833fa3ce6bf4944063677
34638c7ce910e1fb3e5853cf9a8dfb03cea2df2286ef406c6ce0e93f0228b59f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/init.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "2afc-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2043
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/boat-icons.css?ver=5.1.2
8.38.122.197200 OK 1.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/boat-icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash ed52b7ca5b3418b28153da35cedf6071
4487d8be68353b68bd5cc1d13f3f06f9cdbcfb27
19c044faacbde16eff6a8dbde2c95c527de4de1d75240f3e32f93de390db7582
GET /wp-content/themes/motors/assets/css/boat-icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "12c6-5d2c3afc60840-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1007
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/droppable.min.js?ver=1.13.2
8.38.122.197200 OK 2.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/droppable.min.js?ver=1.13.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (6469)
Hash c2b64d79a80cca4bb448e7db0e6245b7
7a63157b51aa0bed026e8f6126277cec52154a28
54c658908ff014bb8a98b076fa12d996acc6492ab1df2f99a3bc665a0dbdb260
GET /wp-includes/js/jquery/ui/droppable.min.js?ver=1.13.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "19fb-5f00b607a3a9e-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2037
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.touch.punch.min.js?ver=5.1.2
8.38.122.197200 OK 597 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.touch.punch.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (1090)
Hash d092834263c7b00d7de63acd3faf80e3
5f7b89769c97ad01fc128176e2f37520e787f718
1894fcaba76bd3052337c4c30dd4211cffdd4e6c2f1fe0d1da7da98b4573d206
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/jquery.touch.punch.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "50b-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 597
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2
8.38.122.197200 OK 6.5 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (15446)
Hash 6ed0436355e0ef79813133c49b945787
46306aabdcf07cf0f9fc53d85db9d06d658452ec
eb0cf5a15f38348bcecff1c556813367f7361c926c59a0b44e208c30b5c40a91
GET /wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "43ba-5f00b607adeb2-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6513
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2
8.38.122.197200 OK 1.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash caf9d2c0817ce51f4d2436614f5ab292
4318add215d0a2eb1e72da121104b69cf51a15ca
f5b7ef02c2730b0be2d1a1df632102308535251488996d42f1e84f34c78515a8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "162f-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1651
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/jquery.cookie.js
8.38.122.197200 OK 1.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/jquery.cookie.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash eb06925823b5bd059914eda6ef1486b5
c8898f725a2e84d64582163a29913dc18f58fd07
35d121eece75269f92c3cbe7a0458b1719d213b7f29323a67ba991cd177f8293
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/jquery.cookie.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "c44-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1395
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
8.38.122.197200 OK 7.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash fc922a895f5f92269c928556b67564f6
8759e1f16a826dd6dd73f4161a65a79a049c4d6f
d7445c88608e9da487d81ef5167866c42ff1099b5f48efda4b5f5ac41aa7d9b8
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "53c0-5f00b607a03ed-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7097
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/09/logo.png
8.38.122.197200 OK 32 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/09/logo.png
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type PNG image data, 1738 x 286, 8-bit/color RGBA, non-interlaced\012- data
Hash 4deff5845cbb90754c8ffabf3dfd81cd
1f618ced7ef5cf2a02af294275249388f6c2a835
5ab4cc19429e66d11688ffb55af4f733c289799eaaae054b14893ccfd13fa341
GET /wp-content/uploads/2021/09/logo.png HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:13:07 GMT
etag: "7df1-5cc34e215d2c0"
accept-ranges: bytes
content-length: 32241
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
8.38.122.197200 OK 68 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 2a637d3d825673c0e3462fa4ed9a1c5c
81668d396da22832d75a986407ff10035e0d5899
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:09 GMT
etag: "44-5d9e135522c40"
accept-ranges: bytes
content-length: 68
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/stm-aircrafts-font-style.css?ver=5.1.2
8.38.122.197200 OK 500 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/stm-aircrafts-font-style.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash e3aa2e50e7548a11d09b751859c1becb
576d4d743e87890fcb1d27c9b612095dc38f157f
08390ab2377861fbbeae93767265f829763ce9cbe12a73f93e79ce3eb2ce6c2c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/stm-aircrafts-font-style.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5dd-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 500
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.uniform.min.js?ver=5.1.2
8.38.122.197200 OK 3.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.uniform.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (8555), with no line terminators
Hash 9df5c88bd7778aaeed04ad590236d457
5a493b17688b683040ef84ab14981c21b9d88a1f
c7115a1d04ded9d74f93aabddb8e120b9a0c73ff60b35982a1eeb7d7891b086f
GET /wp-content/themes/motors/assets/js/jquery.uniform.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "216b-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3127
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-user-sidebar.js?ver=5.1.2
8.38.122.197200 OK 332 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-user-sidebar.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 745fff3eacbe6a6e02c963e537946a78
8b32ec0f6ac8a9ce55860e9332b3aca74011a5d0
da7f75b7312f8d94acd4d7de6621d65a4733b56971128f17bc7154de428bc002
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/app-user-sidebar.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "382-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 332
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder/assets/img/vin-check-btn.svg
8.38.122.197200 OK 579 B URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder/assets/img/vin-check-btn.svg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1076), with no line terminators
Hash c8fd299a03d5cc6ba46b3d57b25a5375
48c6741e52001b94fd4f09216251138c205f5452
5114b3d4ec5e3f164641af6ea86d9ee60c7baa2653bcc6969931f755f653eca1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/motors-vin-decoder/assets/img/vin-check-btn.svg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "434-5e9dce4e76480-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 579
content-type: image/svg+xml
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
rdcdn.com/rt?aid=18662&e=1&img=1
52.7.240.180302 Found 121 B URL HTTP/2 rdcdn.com/rt?aid=18662&e=1&img=1
IP 52.7.240.180:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3566835ab38329ddb105f8649131cabb
72eb59670ff0ea8cc99983629acc33aebd65a6e0
66b563593020781cd23517f1e111f600993a0b893f79970b32e9f95147db269c
GET /rt?aid=18662&e=1&img=1 HTTP/1.1
Host: rdcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: aid=18662; ref=https://www.cardealsnearyou.com/; img=http://rdcdn.com/rt?aid=18662&e=1&img=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:34 GMT
content-type: text/html; charset=utf-8
content-length: 121
cache-control: private
location: /eow
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
set-cookie: aid=18662; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure
ref=https://www.cardealsnearyou.com/; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure
img=http://rdcdn.com/rt?aid=18662&e=1&img=1; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-header-scroll.js?ver=5.1.2
8.38.122.197200 OK 1.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-header-scroll.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 80cdb786aaebe33a67bfbdb51ef75d6a
502ed52099d1f8dc660ee02abf6d2972964ae733
57c8fcb80774dc5449d6e3fdf3baa2d62b6e358ff47bb32e9a97bfe3fa07adee
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/app-header-scroll.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "269f-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1773
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.countdown.min.js?ver=5.1.2
8.38.122.197200 OK 2.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.countdown.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (4136)
Hash a68628065a86702a4e1e6fbd80080451
837a875a970610f3922a59081a3cbabee19ace3f
e26df89d152868d65d41bda19ab42634965ec4b9d60b38c9246423223446ba15
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/jquery.countdown.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "14db-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2373
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lg-video.js?ver=5.1.2
8.38.122.197200 OK 2.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lg-video.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 74c7ca4c4070270c9639c6c7214b1aa5
212741b3a7fbdc5c71617b31ebc2e18a5f1ad5e8
94c0173638d655e8e3742b93fb2f6fb0063e0278ffd40514245b9ce246f4b965
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/lg-video.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "351d-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2832
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/12/cu-1-350x205.jpg
8.38.122.197200 OK 9.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/12/cu-1-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Hash 69608054e1e55088716a9f5c97b25aa9
01355c2d0f11001e993866564c39313be6201df7
27263256df09c1beea5c70b6f8c35a3935c60a98cfa4db4685c4c4357a9c85ec
GET /wp-content/uploads/2021/12/cu-1-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 05 Jan 2022 15:16:25 GMT
etag: "2462-5d4d73cb36440"
accept-ranges: bytes
content-length: 9314
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2017/09/2018-toyota-camry-350x205.jpg
8.38.122.197200 OK 9.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2017/09/2018-toyota-camry-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Hash 819068307a587d984f28e60907bdfd1c
6e46fea8bc6c0b264e0100c94820443f729aeac3
a52a9b7ae1715e83974c953535f27607c6cf7b36cb5825ccdf34b0af847326ae
GET /wp-content/uploads/2017/09/2018-toyota-camry-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Nov 2021 23:18:02 GMT
etag: "24c7-5d10440df3e80"
accept-ranges: bytes
content-length: 9415
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/01/img-1-960x-350x205.jpg
8.38.122.197200 OK 11 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/img-1-960x-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Hash 66cc6b8b127fc5d9149fd34ec77c20ed
e1dad3dceaac31074655d2e7120e0c7741ea354d
1ce5e67c9fb60b2215f6ef8151ddc43e3ffe1587aec9e53e4e2de3d8b65780ce
GET /wp-content/uploads/2022/01/img-1-960x-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 15:24:16 GMT
etag: "2c46-5d4eb769da800"
accept-ranges: bytes
content-length: 11334
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/6-350x205.jpg
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/6-350x205.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Hash 6687e81017d51a5ae62ac9d4a8e272d2
fd38828d026ea40e7e0f40835767af9d7a292593
ac63a05279b1d4d0ed62cd73480673108d526a72ff593d0f3ac6a00d072be9d0
GET /wp-content/uploads/2015/12/6-350x205.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:57:33 GMT
etag: "2f88-5cc3580fdc140"
accept-ranges: bytes
content-length: 12168
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
8.38.122.197200 OK 7.5 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Web Open Font Format, TrueType, length 7536, version 1.0\012- data
Hash eb4d289a717c01a66c75d00ba3ab2651
0fcaf8b454f18adbbb32f71cbac6df0360619786
18a1c48a8a07db2b5eb075b9be9294c9b8e7de03e4e8ac84d960eba41140048a
GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:11 GMT
etag: "1d70-5d9e13570b0c0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7491
content-type: application/font-woff
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/lib/isotope/isotope.pkgd.min.js?ver=2.7.10
8.38.122.197200 OK 9.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/assets/lib/isotope/isotope.pkgd.min.js?ver=2.7.10
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (32019)
Hash add3f2105d28b4745f4a6d1a4b1cf68a
906a571e7b19b44d4918cfacc1f6e0642abdaed2
e602f1502bea91e5a1e4253283d1924e7f0486c6f78800b3e3048264400a5e66
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/dynamic-content-for-elementor/assets/lib/isotope/isotope.pkgd.min.js?ver=2.7.10 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:50:04 GMT
etag: "8a75-5e9dce397b300-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 9847
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/bootstrap.min.js?ver=5.1.2
8.38.122.197200 OK 9.4 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/bootstrap.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (32087)
Hash 339a178e25bf3531bc10b87e1f310883
36df96c7fa50d2b5f26f1557bb9ee7f4be234c09
f9e67c4d47f30892e127d0414ac9320f38899f079c6437f5903e14ac7f2e813e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/bootstrap.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "8b11-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 9441
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/cndy1_300x250_FINANCING.png
8.38.122.197200 OK 66 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/cndy1_300x250_FINANCING.png
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 0b841c6ad2aa84d74ed2b064ba608e44
8cbaf0736f2be0204f37d861fad78c6ac337b763
f1c83dd7711344434da0d72a536bbf998fb6033a93efe7a8c405aa31f4e28e76
GET /wp-content/uploads/2015/12/cndy1_300x250_FINANCING.png HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 17 May 2022 12:54:28 GMT
etag: "10337-5df34a419c900"
accept-ranges: bytes
content-length: 66359
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app.js?ver=5.1.2
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1677)
Hash 6008397c8574296400d9e042dc079bff
319028655f354ad23fa0ca337811da1139480954
d4fca4e387dead8ce2b992f5e51d707f6479e35dc294848cc96a217af7803f6a
GET /wp-content/themes/motors/assets/js/app.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "c3b9-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11512
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/select2.full.min.js?ver=5.1.2
8.38.122.197200 OK 22 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/select2.full.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (64131)
Hash 5ed9d1428ba9e16be9b89850ba83ad80
ccaaba13c58251aef3c3e287860a90b5683ba82c
e3e4a1f92c684331f9e204a5975e82464a506fa94bc6287b7dcc0e5587e29a07
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/select2.full.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1356c-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 22030
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm_dt_picker.js?ver=5.1.2
8.38.122.197200 OK 30 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm_dt_picker.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (6345)
Hash 9d768c03c93f81ac5df26eeb02253843
9803e84fd606a57e76ce24b664ce66ef00628213
880bec2db8e0aefa35e2e465ff3d2ea390fa78641976e416c4ca4873bfaf9401
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/stm_dt_picker.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "23181-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 29569
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/animation.css?ver=5.1.2
8.38.122.197200 OK 6.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/animation.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash c539b9aac3a65cca3f449ef37e548ccb
b87a9e1f75f50a6d22ee1d783d3689d674204f0b
7e9d9f8aacc325dc3d2abfa0252b9049cd3399c7f81cbf32f776c4644d0ec698
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/animation.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "14f25-5d2c3afc60840-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6679
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/service-worker.js
8.38.122.197200 OK 112 B URL HTTP/2 www.cardealsnearyou.com/service-worker.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with no line terminators
Hash b0c4c2d74788c70c694c480595afb46f
beeec0be7ae7d24edb68398a43de20911de87562
06809e1de85a920f3658d8eecbc84164304f556accfb0090706bf6448d944c1e
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 18 Jan 2023 20:05:30 GMT
If-None-Match: "6a-5f28f5698b8a7-gzip"
Cache-Control: max-age=0
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Jan 2023 20:05:30 GMT
etag: "6a-5f28f5698b8a7-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 112
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/listing_two/icons.css?ver=5.1.2
8.38.122.197200 OK 427 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/listing_two/icons.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 19bb036adf9fd75599fa621d9cb38848
52111ce03d19317deb4405fe90e46fa556d3acd7
03e075be68024ed59155efdb887c1154ea3685980f4d35da09c6b2f21101a69a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/listing_two/icons.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "401-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 427
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
8.38.122.197200 OK 1.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (3224)
Hash 49567d010e2042c4fa4898d12f450285
8742b051b40d93038e9be3548f9751acbddd447b
6966d73e9645ac2595679ce5fbac4f45452e0fe0e309ef1bfa7e0249153813ea
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "d4a-5f00b607af623-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1085
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery-ui.css?ver=5.1.2
8.38.122.197200 OK 1.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery-ui.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (1165)
Hash 9c409d2d0082c4c92f139b79b9b56496
71af88ff8fb89bbde6780e3654e9ac5efcf6cd72
3abed05aa50906e4ba6d49983bd2c324bd57c9a0a4e74b52f95ceb965d27f27f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/jquery-ui.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1ad9-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1833
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/headers/header-car_dealer.css?ver=5.1.2
8.38.122.197200 OK 11 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/headers/header-car_dealer.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d23d8ee10642ccb21ae0153d554fda59
6de0a2d9861421f92ed4f77633c47ebbb9736022
c70f9c79a5d06d76a364ba8fa18218ef77aa585888ca2a418d61753edfec6e30
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/dist/headers/header-car_dealer.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "271fc-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 10852
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
rdcdn.com/eow
52.7.240.180302 Found 151 B IP 52.7.240.180:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82133787c1fcce4fd893463e0b0b3ecb
f4af96850470b845614985cb3a56d9e16ad14e9c
ba90dc61e3a7b2caff87da8bf66ff677120d58b1f76e79f40dcfaac4cf58a555
GET /eow HTTP/1.1
Host: rdcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: aid=18662; ref=https://www.cardealsnearyou.com/; img=http://rdcdn.com/rt?aid=18662&e=1&img=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:34 GMT
content-type: text/html; charset=utf-8
content-length: 151
location: https://rdcdn.com/images/blank.gif
cache-control: private
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.7.0
8.38.122.197200 OK 4.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (34217)
Hash ff23202f1227d35b13635501c86b2156
31c5de356f90da7a53468ef8ed0a9237cdaa67ce
c4b5a8cbcaef7b3a6d4d2f1a3d68cfac3a2ccb7fbfcd7ae212bf2c39fc85ed42
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "865f-5d9e136a1ddc0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4260
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
8.38.122.197200 OK 2.9 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (9937), with no line terminators
Hash 8189a6a3f3f0efc64f857fe869d3729b
bc84b1c1e96a26fd6595da0cb024aad989c1f331
e2683386c2d5a8b3280fa9920d22fedb31a33a8bdca8ec494d3fe4df9fc6b337
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 16:45:04 GMT
etag: "26d1-5ebdea13dc400-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2937
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
rdcdn.com/images/blank.gif
52.7.240.180200 OK 42 B URL HTTP/2 rdcdn.com/images/blank.gif
IP 52.7.240.180:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash accba0b69f352b4c9440f05891b015c5
9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
GET /images/blank.gif HTTP/1.1
Host: rdcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: aid=18662; ref=https://www.cardealsnearyou.com/; img=http://rdcdn.com/rt?aid=18662&e=1&img=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:34 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 23 Dec 2021 21:40:20 GMT
accept-ranges: bytes
etag: "ec522af45f8d71:0"
server: Microsoft-IIS/10.0
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.2
8.38.122.197200 OK 4.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (18142)
Hash 4797af751c8be4bc932e8ee42af302ce
3a0b6f81798440d0683b9df82dd638cebc1dc1c3
5b27e0bb6af098507471f094805ab781ef690df34e86029fcddb8e8140a81242
GET /wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "4794-5f00b607a2afe-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4840
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/wp-emoji-release.min.js?ver=602ea2c2ec087461500dfbe03e854cc4
8.38.122.197200 OK 5.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/wp-emoji-release.min.js?ver=602ea2c2ec087461500dfbe03e854cc4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
GET /wp-includes/js/wp-emoji-release.min.js?ver=602ea2c2ec087461500dfbe03e854cc4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "48b9-5e0322dcdc540-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 5009
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11
8.38.122.197200 OK 12 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash ec14123fd07ef488fc1aff60a6f99c13
55e9b5c3cad505a780d948349d9009867368cf6a
46e3efd2835c5f189acbe5c392d41ce6b86f2cfe3f064cdd6780032777f5706a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:10 GMT
etag: "e197-5d9e135616e80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12303
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
8.38.122.197200 OK 4.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type HTML document, ASCII text, with very long lines (12310), with no line terminators
Hash 832eeb1fd498e5839b89bfb5f05a2f0d
cf2d8668aecc5033346ac2906bb8bf7e143cfa4a
35b2b27ba0ba63c065e4c67d15b7cb1878b5868d7f475cc7f6f1724d3988793a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 16:45:04 GMT
etag: "3016-5ebdea13dc400-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3957
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/bootstrap.min.css?ver=5.1.2
8.38.122.197200 OK 19 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/bootstrap.min.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (65371)
Hash a69801e0e683a8efdc50685e08da6a5c
6f9e7217c522f9e426b01836de5ca4b489da9cc8
af869524400958bf10cefcd1a2790715f9f569117fabe6c69e24e5ca65e45321
GET /wp-content/themes/motors/assets/css/bootstrap.min.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1ca38-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 19250
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
8.38.122.197200 OK 31 kB URL HTTP/2 www.cardealsnearyou.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (65447)
Hash 1b5264c989379b828aff60f65a518a24
98641237f14ccb33ac114f54329a33bd0aa17eb7
6c8e7b78c6dbc13426810c905572db7589cf3e00264e30ce797fddb0b1092237
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 19:48:57 GMT
etag: "15e54-5f00b6079b1e3-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 30995
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/smoothScroll.js?ver=5.1.2
8.38.122.197200 OK 7.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/smoothScroll.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash d3e6c9ef164ba2faefa961d609bdaf31
f98d882b886fa6d8b045421100870f72365fb9ee
dedefd506ac376889886f56601a29332ad79d418e4e2307986c74a02e98a7b87
GET /wp-content/themes/motors/assets/js/smoothScroll.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5b47-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6976
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm-google-places.js?ver=5.1.2
8.38.122.197200 OK 1.2 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm-google-places.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Algol 68 source text\012- Pascal source, ASCII text
Hash ac9556caa6ba8636b0516daa5d51c2e5
146146eaec26b48bbf729ac35759a0e836d00f02
c7d34376dec7d1d5cbe4f32d6092408c97bd21302498b1dcb578722d7b26a13b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/stm-google-places.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "12c6-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1233
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/sell-a-car.js?ver=5.1.2
8.38.122.197200 OK 2.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/sell-a-car.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 1d9af63747ea153f0bd354293b0a1272
e120dbba7e11cdba2e6bd0b11879d911bde8207e
47606172e87d6ee17413cc7b3e53a1ae552d3b925836a9c1a1462a507c3c7996
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/sell-a-car.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "28a7-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2734
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.7.0
8.38.122.197200 OK 46 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (65358)
Hash bfddc4ff4e82f2dd9a33b2b0bf3bb878
5cb05aacf9e97c6c58e02fabd69fcae22118c200
be6316c3e4d24d0b139c1afabe5be1fd0e84e62a0e72d9f507eb32407897d4b2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "76878-5d9e136a1ddc0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 45810
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2023/01/Kia-Sportage-Plug-in-Hybrid-Wins-Our-PHEV-Best-Buy-Award-350x181.jpg
8.38.122.197200 OK 14 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2023/01/Kia-Sportage-Plug-in-Hybrid-Wins-Our-PHEV-Best-Buy-Award-350x181.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 236x236, segment length 16, progressive, precision 8, 350x181, components 3\012- data
Hash fd94118d8fcdc6b54eed35ba833234ee
4f401ca8e4f8287dd8a4748b9477d3a43c5294c3
4d3ce19f8e88d404bcaf1ada36caee0e8231e16f9bf2a2f1ba811f9e28cae292
GET /wp-content/uploads/2023/01/Kia-Sportage-Plug-in-Hybrid-Wins-Our-PHEV-Best-Buy-Award-350x181.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Jan 2023 16:57:32 GMT
etag: "352b-5f28cb662ddcd"
accept-ranges: bytes
content-length: 13611
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/typeahead.jquery.min.js?ver=5.1.2
8.38.122.197200 OK 18 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/typeahead.jquery.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash 5985f8e4e1aa5bb4445f4901b9f4c853
2d5ee862a0eb2b9167a2af1b18598c7e5ed71061
be5e4d15e9640f236c5f050c27e7b3b757e2189dc74cee150cb1d73f5ee11bec
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/typeahead.jquery.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1795d-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 17888
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/owl.carousel.js
8.38.122.197200 OK 20 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/owl.carousel.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (360)
Hash f8679d213d8cf62f912e9fb8f2091637
a51c3e4b4101451a985a9cc4e94e7e4c94bc9bf6
3d8286dac2116f02cba372bfdafb350469a33638ff713557119400fa71d6b14a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/owl.carousel.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "15f88-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 20037
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/lightgallery-all.js
8.38.122.197200 OK 20 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/frontend/lightgallery-all.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash b69d0551417311f47c28113011d61706
c3884aac850c8bdbaedc143ea5881015592a77d6
a0350bbb780e1c571bf69667b6fc2d91fc3a1524a8afc38492f2b73bd971e733
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/lightgallery-all.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "1bf18-5d9e1307e3600-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 20384
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-ajax.js?ver=5.1.2
8.38.122.197200 OK 13 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-ajax.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (306)
Hash 11af2028f82ba0ca296c03a7822e8afe
626ca7fe2ab37c5e41c9989139c136b76c83f0c5
3f752c86c81c34bab3eb429737b56cd3b91ffedc9ce52cab4200b3c1630e190d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/js/app-ajax.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1379b-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12647
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11
8.38.122.197200 OK 47 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (42889)
Hash 53020e6c44148abf1bf6a40e38ea08ca
ef2394d748c49fbc6955408d474acf07153dbe2d
93ff7531b833c2a8b0e8b55931c93c7796f55c42677910d1b7e1eee59592ef1a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.11 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:11 GMT
etag: "1e4e6-5d9e13570b0c0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 46966
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.1
8.38.122.197200 OK 2.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.1
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type C source, ASCII text, with very long lines (8750), with no line terminators
Hash 1d6593b72c9938162804278667f43ad7
f52acc79cd764663ed38cec2d7bee6de77934faa
ef864756355341b2a24b0a74926d095b617504cf5db6a79015ac2f7d752cdb7d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.1 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 03:49:49 GMT
etag: "222e-5e9dce2b2d140-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2128
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/load-image.all.min.js?ver=5.1.2
8.38.122.197200 OK 9.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/load-image.all.min.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Unicode text, UTF-8 text, with very long lines (26142), with no line terminators
Hash a5293042582de312108ef111c5e09ae5
620f553258ba3291215cf8d34ad3086636222724
c4ffad883c017fb330918c8131e26c4aac85237bd69479d5545fd13da4b8a0f2
GET /wp-content/themes/motors/assets/js/load-image.all.min.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "6623-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 9082
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=6.7.0
8.38.122.197200 OK 5.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=6.7.0
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with very long lines (12478)
Hash 956d9872eb733a51c10365c4cf96ab76
664b60d7e360dd4ffb9d99f8c1265d2710be29c9
62fc9e8118e18456f78406ff5ad0f9f72c5f346ecb1b0637ec64be2ae21835e5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=6.7.0 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:32 GMT
etag: "3222-5d9e136b12000-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 5725
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash d547e6cc07ecb62b49cfb14f223d3b87
7f316e0778cf7e132cf376b92d1f9860e06894f5
4ceb4872fc5aa21ce6cdba296ce83f68d1b46836df05886eb76e0607358ba42c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash db72b0cf36b635e3c0825b954e3f0571
f0f3d97119b058f86553062c835f89b1b283945d
bf6ecaa45a5dbd66d0c657e5f33345ac46bdc94d8cae1274fcaf01c0ff302b97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash db72b0cf36b635e3c0825b954e3f0571
f0f3d97119b058f86553062c835f89b1b283945d
bf6ecaa45a5dbd66d0c657e5f33345ac46bdc94d8cae1274fcaf01c0ff302b97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Montserrat:400%2C400+%21important%2C700%7CRoboto:700%2C400&display=swap
142.250.74.106200 OK 6.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400%2C400+%21important%2C700%7CRoboto:700%2C400&display=swap
IP 142.250.74.106:0
File type ASCII text, with very long lines (19905)
Hash c74d029fe2c23cf3f0c69adc0cc50db4
adf0131d50a77877e90a762462046865ba603315
05f03bb13ad3450a1801834dac225b054bd98fe7014f6b830756ab494fbae7ef
GET /css?family=Montserrat:400%2C400+%21important%2C700%7CRoboto:700%2C400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 18 Jan 2023 20:05:33 GMT
date: Wed, 18 Jan 2023 20:05:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/js/filter.js?ver=5.1.2
8.38.122.197200 OK 3.0 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/filter.js?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Hash fa0616b524ddc24b087159546f7db3cc
9780935246125d8145573511b6662be4ccb98d64
990198dbab559269e26109a1af469f613eea611a5733fa42be0b405b6b1cb8f8
GET /wp-content/themes/motors/assets/js/filter.js?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "30bf-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:34 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3000
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:34 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 783c01fa14ade2316e22ead869b3dbf8
71e20a947b3a9e10cb2bf046e2ca3da294d97f70
9b0aee93ad83dd0c14a106a2514b86ab950b2fc679596fd621841242b5c7e95c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.11
8.38.122.197200 OK 100 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.11
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Size 100 kB (100432 bytes)
Hash 931abf77195ef1acd690eaef3d9e02ef
075bcfa9ef9e44be40e3a020b661ea031a3a6445
2a787b4e22e8a1cddfd2b31d179ca40da22379d4c399aa047bae6830caea0393
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.11 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:11 GMT
etag: "5d7d8-5d9e13570b0c0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Jan 2023 18:52:41 GMT
expires: Tue, 16 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 177174
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 19:33:54 GMT
expires: Thu, 18 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 1901
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 13 Jan 2023 07:08:09 GMT
expires: Sat, 13 Jan 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 478646
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rtxpx-a.akamaihd.net/main.js
23.36.76.145200 OK 31 kB URL HTTP/1.1 rtxpx-a.akamaihd.net/main.js
IP 23.36.76.145:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (50918), with NEL line terminators
Hash abe669990a8ec7d16c36e0c32e80abf9
b46a4bd88e20175b4e660e9e52b8eaef9c59373a
7b3b6a221e62ae6765c49111c8697db2c40cce8651cc8f6d6feb2e58a1dde95f
GET /main.js HTTP/1.1
Host: rtxpx-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: b53eedc13__=0ba76c81aebc02f098209e963bf85fa17de593ac7.1674072111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: TAyOzEssvwNa8Am544iCz+NPIUwkgHSMu1TJHwcbKWQUosr9T6tD1fEX9XrX6lqnY5FnpTYUmoc=
x-amz-request-id: C831BE0276127BEE
Last-Modified: Thu, 28 Jan 2021 21:02:34 GMT
ETag: "0e00eda4d7973d0a511ce8aae95bef1c"
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Unused62: 8096267
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Wed, 18 Jan 2023 20:05:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 18 Jan 2023 20:05:35 GMT
Content-Length: 30922
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
www.googletagmanager.com/gtm.js?id=GTM-N68RHD7
142.250.74.168200 OK 91 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-N68RHD7
IP 142.250.74.168:0
File type ASCII text, with very long lines (41285)
Hash 5377807d44abe1164b6806ca4a3079d1
0144e70d86eff5be8c4e893b4a4b60063a739595
a829aba431600c78d7f0753c289ccb2c7aa61edc5728bc02c86f2bdfb686cdeb
GET /gtm.js?id=GTM-N68RHD7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 18 Jan 2023 20:05:35 GMT
expires: Wed, 18 Jan 2023 20:05:35 GMT
cache-control: private, max-age=900
last-modified: Wed, 18 Jan 2023 18:49:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90683
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c.fqtag.com/tag/implement-r.js?org=9Xf4JS6qIDnMDOaZ0z86&fmt=banner&rt=click&sl=1&fq=1&p=709&a=true&cmp=cdny
35.190.72.161200 OK 2.7 kB URL HTTP/2 c.fqtag.com/tag/implement-r.js?org=9Xf4JS6qIDnMDOaZ0z86&fmt=banner&rt=click&sl=1&fq=1&p=709&a=true&cmp=cdny
IP 35.190.72.161:0
File type ASCII text, with very long lines (2656), with no line terminators
Hash 5817f31dcd3f2bb21fc484aba59cf84a
0d736ec549af69218f4120642778c8913c7e294f
65062c7fa9084b61ead14d07300d9e0da1b9610409704cbc5f52572759c788a8
GET /tag/implement-r.js?org=9Xf4JS6qIDnMDOaZ0z86&fmt=banner&rt=click&sl=1&fq=1&p=709&a=true&cmp=cdny HTTP/1.1
Host: c.fqtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: 0
cache-control: no-cache, no-store, must-revalidate
x-xss-protection: 0
pragma: no-cache
date: Wed, 18 Jan 2023 20:05:35 GMT
access-control-allow-origin: *
content-type: application/javascript
content-length: 2656
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash d547e6cc07ecb62b49cfb14f223d3b87
7f316e0778cf7e132cf376b92d1f9860e06894f5
4ceb4872fc5aa21ce6cdba296ce83f68d1b46836df05886eb76e0607358ba42c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/uploads/stm_fonts/stm-icon/stm-icon.ttf?oyuy2n
8.38.122.197200 OK 20 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/stm_fonts/stm-icon/stm-icon.ttf?oyuy2n
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, stm-icon \012- data
Hash 055c7a7ed3860e881a4818cb1a13215b
f2515bf19f6db3c547a4df0b7107d50bb0bbc74b
0aab061ee873feb0606da4d2fe5ac60ad8bfce7cf4f1ca24583d748c7902edc7
GET /wp-content/uploads/stm_fonts/stm-icon/stm-icon.ttf?oyuy2n HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 17 Dec 2022 20:13:47 GMT
etag: "82bc-5f00bb94e4d1d-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 19497
content-type: application/x-font-ttf
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 783c01fa14ade2316e22ead869b3dbf8
71e20a947b3a9e10cb2bf046e2ca3da294d97f70
9b0aee93ad83dd0c14a106a2514b86ab950b2fc679596fd621841242b5c7e95c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a8896c80d3abc583630f0a82f073e6e
5bc7bbdb9b4fe86e2803d2824158ca2ad2d0fdff
30a8d1693775f9c2aff571d4a316afdcee6a87405d783d5d4abd15a6cd9d71df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30A8D1693775F9C2AFF571D4A316AFDCEE6A87405D783D5D4ABD15A6CD9D71DF"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2524
Expires: Wed, 18 Jan 2023 20:47:39 GMT
Date: Wed, 18 Jan 2023 20:05:35 GMT
Connection: keep-alive
www.cardealsnearyou.com/wp-content/uploads/2022/02/01.jpeg?id=6230
8.38.122.197200 OK 169 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/02/01.jpeg?id=6230
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x759, components 3\012- data
Size 169 kB (168966 bytes)
Hash 9bbb2b4a61d32c85b36d4a2b9b13f2af
297c996ceeaf68e10dd2e93191039e7169fc14ad
46726421207bd477e351650ad225bf408152d5e6f95c23e3614e74a5c21c3fdf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2022/02/01.jpeg?id=6230 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Feb 2022 22:54:58 GMT
etag: "29406-5d72506005480"
accept-ranges: bytes
content-length: 168966
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/03/02.jpg?id=1747
8.38.122.197404 Not Found 196 B URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/03/02.jpg?id=1747
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2021/03/02.jpg?id=1747 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/webfonts/fa-brands-400.woff2
8.38.122.197200 OK 77 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/webfonts/fa-brands-400.woff2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Hash f7307680c7fe85959f3ecf122493ea7d
fce0da592a3e536d6d5df5b50cb513398d8c5161
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1674072333
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:15:37 GMT
etag: "12bdc-5d9e13369e440"
accept-ranges: bytes
content-length: 76764
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
vary: Accept-Encoding
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/font-woff2
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/io1Wf4rSHtoZ1h526tBordIxO5M-255x135.jpg
8.38.122.197200 OK 4.2 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/io1Wf4rSHtoZ1h526tBordIxO5M-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 3d1e88f35f2f14d4104beef3c515475c
2588cd75a75cc3697fb012aeb5351b906dd3643e
fdbcccbeaf42877b5d30f793ca0363a13d7e61e970ff767a6b584752818d1b2c
GET /wp-content/uploads/2015/12/io1Wf4rSHtoZ1h526tBordIxO5M-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 19:13:46 GMT
etag: "108b-5cc35bafc8e80"
accept-ranges: bytes
content-length: 4235
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fwww.cardealsnearyou.com
23.36.76.176200 OK 90 B URL HTTP/1.1 stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fwww.cardealsnearyou.com
IP 23.36.76.176:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 2419900570d4b04d3b81df484362f568
950fc21c90be078abb980847813914a3b892747e
c0ad857b232625dd30830f865ed28b1c56b483ed541500d1a7b4b76481880f5c
GET /id?o=https%3A%2F%2Fwww.cardealsnearyou.com HTTP/1.1
Host: stickyid-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Cookie: b53eedc13__=0ba76c81aebc02f098209e963bf85fa17de593ac7.1674072111
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AkamaiNetStorage
Content-Length: 90
Content-Type: application/json
Set-Cookie: b53eedc13__=0ba76c81aebc02f098209e963bf85fa17de593ac7.1674072111; expires=Thu, 18 Jan 2024 20:05:35 GMT; domain=.akamaihd.net; path=/; HttpOnly; SameSite=None; Secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cardealsnearyou.com
P3P: CP="We do not have a P3P policy."
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
ETag: "6558d9a5dda24e8cad3ddca92e03b4c6:1666638465.144293"
Cache-Control: private, max-age=900
Date: Wed, 18 Jan 2023 20:05:35 GMT
Connection: keep-alive
www.cardealsnearyou.com/wp-content/uploads/2022/01/NQN53HOWVI7RM5YQ6SKVFOK3GE-cr-860-255x135.jpg
8.38.122.197200 OK 6.6 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/NQN53HOWVI7RM5YQ6SKVFOK3GE-cr-860-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash f327702125a762eb039fe4b5d80c205a
46b97ec409c19ff74b50c722b46057d5b9259e47
5ef090f8cdb84f4b9c93140992d56e02fab63d8c8843c13a7ca1dd56933e5701
GET /wp-content/uploads/2022/01/NQN53HOWVI7RM5YQ6SKVFOK3GE-cr-860-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Jan 2022 17:02:36 GMT
etag: "19cc-5d53d4da60300"
accept-ranges: bytes
content-length: 6604
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/01/3T3WJXA46INUXVHMZWIW2OP4FE-cr-1400-255x135.jpg
8.38.122.197200 OK 7.1 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/3T3WJXA46INUXVHMZWIW2OP4FE-cr-1400-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash ff6ba712527af496379f7f7604c6d5e7
1cb8ac447959e55f1e061cc1a68295036974f1ec
0e67156167f5722bdb7bda65451d3a46887d994d01d24ab77bd8f9a158f10a5b
GET /wp-content/uploads/2022/01/3T3WJXA46INUXVHMZWIW2OP4FE-cr-1400-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Jan 2022 17:26:35 GMT
etag: "1bba-5d53da36b68c0"
accept-ranges: bytes
content-length: 7098
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/01/2022-audi-a3-exterior-3-255x135.jpg
8.38.122.197200 OK 8.7 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/01/2022-audi-a3-exterior-3-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 5755a004944727d1d19720ee4c1e621e
757fabc9eb3166e810dd69667a72c5cf298fbd0d
b8c5215277dc00ca259bc091c029530c8e510bd441ff5fd5eaaa4ab9090a6406
GET /wp-content/uploads/2022/01/2022-audi-a3-exterior-3-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Jan 2022 19:14:05 GMT
etag: "21d2-5d4eeac811940"
accept-ranges: bytes
content-length: 8658
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2021/09/Land-Rover-2020-7-255x135.jpg
8.38.122.197200 OK 5.9 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/09/Land-Rover-2020-7-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 26b2a4a9a0593c8f2058947b563d3c27
7bbc565109e384c149d57118c992eb97226468eb
acb2b9280e4a709120c9701a3208b2e62b51e8fe6b27251a1b69a5a2d3494741
GET /wp-content/uploads/2021/09/Land-Rover-2020-7-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:33:17 GMT
etag: "1713-5cc352a34f540"
accept-ranges: bytes
content-length: 5907
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
a.clickcertain.com/px/smart/a/?c=243b667b11e7ebf
172.67.74.207302 Found 5.6 kB URL HTTP/2 a.clickcertain.com/px/smart/a/?c=243b667b11e7ebf
IP 172.67.74.207:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash d2d370f81b534ab16ebdcdc6ba0e3add
792ca4fdb404b56101a3a9b64c1fcd814f43362b
b998dd034eda10934f1fb5ce7b5d050c5fecf13a128d5554d4a654a2715dd5a1
GET /px/smart/a/?c=243b667b11e7ebf HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:34 GMT
content-type: text/javascript
location: https://a.clickcertain.com/px/?c=243b667b11e7ebf
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:34 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-7822h:cc-nginx-554675d589-7822h
x-requestid: 1dcdd463-e663-4518-907d-b2d0ff7a2451
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EBeVgEkZItPT7CInm5o9JbhgTJgJypBWqrTu4S5DtFq5dCvgb9rrVnxbB0AuOp2Ze4FMRnjueJQY5gh%2FEvIQMTuBP4tm96K%2BIB4IvPTe%2BgvXOE8E1hPeQYiLHzUBVUEUdoK74Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f2379f520b41-OSL
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/6-255x135.jpg
8.38.122.197200 OK 6.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/6-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash b22f163d8dd9f8686b1b33f48c05bf4f
7cfe5db549a478ede241bf589350fd5ff9f06045
5faa004936437d1e03a1bddc087770ee81bb840184669c6e46730a8fc4864f49
GET /wp-content/uploads/2015/12/6-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 18:57:33 GMT
etag: "1a73-5cc3580fdc140"
accept-ranges: bytes
content-length: 6771
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2015/12/hondaaccord1-255x135.jpg
8.38.122.197200 OK 7.2 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2015/12/hondaaccord1-255x135.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 255x135, components 3\012- data
Hash 1354b99ee4e1ea202f38d762968685ec
3bb97d0707619d1b1ab5c46a3f17b43875095984
25e6ce80e7820c2e38de6bebfa3a9f85fd1022b36a746bd6a6b8f48f12566a20
GET /wp-content/uploads/2015/12/hondaaccord1-255x135.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 19:05:06 GMT
etag: "1c24-5cc359bfdfc80"
accept-ranges: bytes
content-length: 7204
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b39fffbbbb6dde1cc7242db6b6ea19b1
d7cf071ec848880bb121ad393a7e9211cfbdec3c
87c7dbee101ee7b3633c426842dcc02201a2045edc939aacedc2b4a765adb73b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4249
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:36 GMT
Last-Modified: Wed, 18 Jan 2023 18:54:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
35.227.248.159302 Found 0 B URL HTTP/2 pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
IP 35.227.248.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /idsync/ex/receive?partner_id=3318&partner_device_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP/1.1
Host: pixel.tapad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:36 GMT
strict-transport-security: max-age=31536000
access-control-allow-origin: *
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1674072336221;Expires=Sun, 19 Mar 2023 20:05:36 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=608d4c74-e441-4728-ba60-b5318be7c86a;Expires=Sun, 19 Mar 2023 20:05:36 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b39fffbbbb6dde1cc7242db6b6ea19b1
d7cf071ec848880bb121ad393a7e9211cfbdec3c
87c7dbee101ee7b3633c426842dcc02201a2045edc939aacedc2b4a765adb73b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4249
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:36 GMT
Last-Modified: Wed, 18 Jan 2023 18:54:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
8.38.122.197200 OK 75 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type Web Open Font Format (Version 2), TrueType, length 75368, version 330.32636\012- data
Hash 859c4002d9954718cac1ddea5555698f
2392ce297c92bcf2c7d5a4c461a582dadc8039c8
5054ab369966fea3657ac6af00c3bc47bdc9e7b5114e61d1764be06213ca9781
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "12668-5d9e136a1ddc0"
accept-ranges: bytes
content-length: 75368
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:35 GMT
vary: Accept-Encoding
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/font-woff2
date: Wed, 18 Jan 2023 20:05:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.cardealsnearyou.com/service-worker.js
8.38.122.197200 OK 112 B URL HTTP/2 www.cardealsnearyou.com/service-worker.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with no line terminators
Hash b0c4c2d74788c70c694c480595afb46f
beeec0be7ae7d24edb68398a43de20911de87562
06809e1de85a920f3658d8eecbc84164304f556accfb0090706bf6448d944c1e
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 18 Jan 2023 20:05:30 GMT
If-None-Match: "6a-5f28f5698b8a7-gzip"
Cache-Control: max-age=0
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Jan 2023 20:05:30 GMT
etag: "6a-5f28f5698b8a7-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 112
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:36 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 160cf00644f558423114929e79be16f5
a831c7817f72e48d2d5effd2549cb9ba3838981b
a2eaed3767619b6bb8cf58fb0353e2d1f0a00f1f3582a3b13dc08ecaa6711ed3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 18 Jan 2023 20:05:36 GMT
Last-Modified: Wed, 18 Jan 2023 18:36:59 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZmmNY-gm-3VdIW6ZQ7H7n6CHF_ryw4AsAr6Yb_cYaFe_1cjXyT5ugQ==
Age: 5317
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash c4b3d5ae52b30c4268e810598af36bf6
54f163a9884218f78ed73312f1760d54b1bff60f
3e6dd26d2488118ebb184bf3d32960588feeca894e7bc4af63eb008d203f5076
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 18 Jan 2023 20:05:36 GMT
Last-Modified: Wed, 18 Jan 2023 19:08:45 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yh5SKGy7L1XlBVRETsdMUi3p49i9EPyRdibNzvmwULj6ceMvkei-7A==
Age: 3411
a.clickcertain.com/px/ta/?done=true&ta_id=381a6117-69a0-4dfb-bbc3-0882e4fb9f0e
172.67.74.207204 No Content 0 B URL HTTP/2 a.clickcertain.com/px/ta/?done=true&ta_id=381a6117-69a0-4dfb-bbc3-0882e4fb9f0e
IP 172.67.74.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/ta/?done=true&ta_id=381a6117-69a0-4dfb-bbc3-0882e4fb9f0e HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 18 Jan 2023 20:05:36 GMT
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:36 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-5lnck:cc-nginx-554675d589-5lnck
x-requestid: 7e1f9982-3093-4f01-80ac-3536565b3645
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fR5Gw3e5igr914p%2FS0OjWNGOV8ghnDBstVHM20KMr2fiXWvOH1HJdaHrtgv94zU9VgrnNbwahM5wBF4gKAB1%2FNeEgHFx1CelvG2Tzc2mDH7A2praFFvF8WwTds8WBfYhkubsdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f24688230b41-OSL
X-Firefox-Spdy: h2
i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID
3.214.83.20303 See Other 0 B URL HTTP/1.1 i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID
IP 3.214.83.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/56408?bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID HTTP/1.1
Host: i.liadm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Wed, 18 Jan 2023 20:05:36 GMT
Content-Length: 0
Connection: keep-alive
Location: /s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&_li_chk=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&previous_uuid=3252cfe016fa45c2a29b713b0634bdc7
Set-Cookie: lidid=3252cfe0-16fa-45c2-a29b-713b0634bdc7; Max-Age=63072000; Expires=Fri, 17 Jan 2025 20:05:36 GMT; SameSite=None; Path=/; Domain=liadm.com; Secure
Request-Time: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
c.fqtag.com/pixel
35.190.72.161204 No Content 0 B IP 35.190.72.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /pixel HTTP/1.1
Host: c.fqtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 2419
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 18 Jan 2023 20:05:36 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&_li_chk=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&previous_uuid=3252cfe016fa45c2a29b713b0634bdc7
3.214.83.20303 See Other 0 B URL HTTP/1.1 i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&_li_chk=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&previous_uuid=3252cfe016fa45c2a29b713b0634bdc7
IP 3.214.83.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&_li_chk=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&previous_uuid=3252cfe016fa45c2a29b713b0634bdc7 HTTP/1.1
Host: i.liadm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Wed, 18 Jan 2023 20:05:36 GMT
Content-Length: 0
Connection: keep-alive
Location: https://a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253de23d8e90%252d39a6%252d4517%252d8fda%252dddf3ab32bac0%2526anx_uId%253d%2524UID&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0
Set-Cookie: _li_ss=CggKBgiSARCOFA; Max-Age=2592000; Expires=Fri, 17 Feb 2023 20:05:36 GMT; SameSite=None; Path=/s; Secure
lidid=3f7511cb-d29b-4515-ab68-c14849ab0ab2; Max-Age=63072000; Expires=Fri, 17 Jan 2025 20:05:36 GMT; SameSite=None; Path=/; Domain=liadm.com; Secure
Request-Time: 2
Strict-Transport-Security: max-age=31536000; includeSubDomains
a.usbrowserspeed.com/cs?puid=cdd81a42-7a33-54ae-843f-ca029aa94de4&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2ft%2f%3fdone%3dtrue%26uid%3d%24%7bDEVICE_ID%7d%26hem%3d%24%7bHEM_SHA256_LOWERCASE%7d
54.214.96.229302 Found 119 B URL HTTP/2 a.usbrowserspeed.com/cs?puid=cdd81a42-7a33-54ae-843f-ca029aa94de4&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2ft%2f%3fdone%3dtrue%26uid%3d%24%7bDEVICE_ID%7d%26hem%3d%24%7bHEM_SHA256_LOWERCASE%7d
IP 54.214.96.229:0
File type HTML document, ASCII text
Hash 9f767596452674a231e9e4b589d6e28c
63dac1e4dc877aa8b8247a42a05feced6d55cf3b
f017ea62fc88ae01e0b717fc62f366b0c66c3e2789d1c4c075653e9a94aaba26
GET /cs?puid=cdd81a42-7a33-54ae-843f-ca029aa94de4&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2ft%2f%3fdone%3dtrue%26uid%3d%24%7bDEVICE_ID%7d%26hem%3d%24%7bHEM_SHA256_LOWERCASE%7d HTTP/1.1
Host: a.usbrowserspeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/
Cookie: tuid=7576fa12-ee93-4eb0-90be-4dd441e814a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: awselb/2.0
date: Wed, 18 Jan 2023 20:05:36 GMT
content-type: text/html; charset=utf-8
content-length: 119
location: https://a.clickcertain.com/px/t/?done=true&uid=7576fa12-ee93-4eb0-90be-4dd441e814a3&hem=
set-cookie: tuid=7576fa12-ee93-4eb0-90be-4dd441e814a3; Path=/; Domain=a.usbrowserspeed.com; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
cardealsnearyou.com/wp-json/acf/v3/options/options/
8.38.122.197200 OK 382 B URL HTTP/2 cardealsnearyou.com/wp-json/acf/v3/options/options/
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JSON data\012- , ASCII text, with very long lines (1009), with no line terminators
Hash 61248b03f66fdfbdc84083d3dd321a2c
c74c4de114e3c07f09d5a26a48873931f5b30b3f
ee1d3de6ee98d41705968a3b2e6d59d19a58f29fdbc35e69c1df059e96179645
Analyzer Verdict Alert fortinet Phishing
GET /wp-json/acf/v3/options/options/ HTTP/1.1
Host: cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
x-robots-tag: noindex
link: <https://www.cardealsnearyou.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
vary: Origin,Accept-Encoding
set-cookie: stm_visitor_1=87053648; expires=Fri, 17-Feb-2023 20:05:36 GMT; Max-Age=2592000; path=/
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:36 GMT
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff, nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 382
content-type: application/json; charset=UTF-8
date: Wed, 18 Jan 2023 20:05:36 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 4478a011ac7413b9fae7cb547abb3702
07ae1573f1ef9c7a1bec89ef2f8b5cc14929c75f
ccaa24fec21100472e90d152e7c81dd9d273cb070d146c80b49fa537c95c3650
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 18 Jan 2023 20:05:36 GMT
Last-Modified: Wed, 18 Jan 2023 19:18:43 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: AATjp41gRNAb52JeTyC5F15mSmdB8dGPxJSW3FXYiBpHx3imN1cxPg==
Age: 2813
a.clickcertain.com/px/t/?done=true&uid=7576fa12-ee93-4eb0-90be-4dd441e814a3&hem=
172.67.74.207204 No Content 0 B URL HTTP/2 a.clickcertain.com/px/t/?done=true&uid=7576fa12-ee93-4eb0-90be-4dd441e814a3&hem=
IP 172.67.74.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/t/?done=true&uid=7576fa12-ee93-4eb0-90be-4dd441e814a3&hem= HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 18 Jan 2023 20:05:36 GMT
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:36 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-7822h:cc-nginx-554675d589-7822h
x-requestid: 8b7681b2-53db-4f63-a473-7d23bd1606a2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQ9BBAoRPFT%2BgX1jycttkxDPcBWO5hcgW9kN5RKUOvaJ8p1mAuSqPAz1j6uVjzr7FizQabQ49RG%2B5fCw8l9dQKURjiCD%2BcBTrcAT5%2BH0WLBDQkqsYVBTsQG7%2FOWU3z4AvIZVbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f2494be80b41-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash f96ac6d23518cd0485e1d41d276d8184
58de3ad32744f1f92b86e9f60c29094c7ba5b115
a1b6546dc485dbbfc652a64b11655450987e9a391e44b05a6eb20b323ede242c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3de23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0%26anx_uId%3d%24UID
142.250.74.98302 Found 509 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3de23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0%26anx_uId%3d%24UID
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (332), with CRLF, LF line terminators
Hash a3942281246d5f77e59d1bc35c5589f3
5300bbc01913d4688f95a84bfc2df2e1c4c8f5df
fccbcb966b6501ab54d4d32e88daeb7548f91a9ae590a279db831056d708ef50
GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3de23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0%26anx_uId%3d%24UID HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_tc=
date: Wed, 18 Jan 2023 20:05:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 509
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 18-Jan-2023 20:20:37 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_tc=
142.250.74.98302 Found 455 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_tc=
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 270f91328f426e10064f0cc9798b0c1d
fed4d1f5eb7e04e12249e1f3876210b68fdfd6e7
14318053c4e6a20a25da147bcf3213791bbcc754d4449431a1f5e5b1eeb8dd9d
GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_error=3
date: Wed, 18 Jan 2023 20:05:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 455
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash f96ac6d23518cd0485e1d41d276d8184
58de3ad32744f1f92b86e9f60c29094c7ba5b115
a1b6546dc485dbbfc652a64b11655450987e9a391e44b05a6eb20b323ede242c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cardealsnearyou.com/wp-content/uploads/2021/09/02.jpg
8.38.122.197200 OK 271 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2021/09/02.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, baseline, precision 8, 1920x450, components 3\012- data
Size 271 kB (271281 bytes)
Hash 054f6ba2c1b361dbfee5d38a63d0126c
b7cce95247af8bb050e92ee4cc9f06bda213f0ac
89f03002262b38ce4d110d2e2a95a68fea59392a13c72c3d84384e9c094ee598
GET /wp-content/uploads/2021/09/02.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 22:18:11 GMT
etag: "423b1-5cc384e830ec0"
accept-ranges: bytes
content-length: 271281
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:36 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:36 GMT
server: Apache
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v1/pushnami-adv/6307cede82599900146a1edc
54.230.111.53200 OK 30 kB URL HTTP/2 api.pushnami.com/scripts/v1/pushnami-adv/6307cede82599900146a1edc
IP 54.230.111.53:0
Hash 6e1902a7a42b67aba578a5e5c532f361
d18cba21f22044d42e16102b5d59991cb6c841b0
dd806fea23285d807a9ccfa98ddc2a11b94b37741aa297dfb9422d37970b1a44
GET /scripts/v1/pushnami-adv/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 18 Jan 2023 20:05:36 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XPLCjdc_yKKBlFmkXH7691XLZCHuVlPPmE3_F5CaX9zWvtp94TEcig==
X-Firefox-Spdy: h2
rtclx.com/s/?p=7279
23.22.38.158204 No Content 0 B IP 23.22.38.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /s/?p=7279 HTTP/1.1
Host: rtclx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 220
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 18 Jan 2023 20:05:37 GMT
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,X-Forwarded-For,X-Forwarded-Proto,If-Modified-Since,referer,Cache-Control,Content-Type,Range,Pragma,Accept,Accept-Encoding,Accept-Language
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/stm-slide-2-50x100.jpg
8.38.122.197200 OK 1.8 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/stm-slide-2-50x100.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x100, components 3\012- data
Hash 8221013173b2d9bbba64fe5b414d8656
7093ef97cd16becf037f06a76eec9a238a6d0455
28da6b49c7d5ef55c4dddeb68cf86bfbe43f43b39a03385b19e9ec6124165b59
GET /wp-content/uploads/revslider/home_slider/stm-slide-2-50x100.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 21:37:23 GMT
etag: "713-5cc37bc998ac0"
accept-ranges: bytes
content-length: 1811
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:36 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:36 GMT
server: Apache
X-Firefox-Spdy: h2
trc.pushnami.com/api/push/track
54.87.84.153204 No Content 0 B URL HTTP/2 trc.pushnami.com/api/push/track
IP 54.87.84.153:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/push/track HTTP/1.1
Host: trc.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Referer: https://www.cardealsnearyou.com/
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 18 Jan 2023 20:05:37 GMT
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,key
access-control-max-age: 86400
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
X-Firefox-Spdy: h2
trc.pushnami.com/api/push/track
54.87.84.153200 OK 2 B URL HTTP/2 trc.pushnami.com/api/push/track
IP 54.87.84.153:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /api/push/track HTTP/1.1
Host: trc.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/x-www-form-urlencoded
key: 6307cede82599900146a1edc
Origin: https://www.cardealsnearyou.com
Content-Length: 126
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:37 GMT
content-type: text/html; charset=utf-8
content-length: 2
access-control-allow-origin: *
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
216.58.211.10200 OK 23 B URL HTTP/2 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 216.58.211.10:0
File type JSON data\012- , ASCII text
Hash e3981ca10169a319d5aa062bf43a5fa1
2c6ed584767b65688ce99b1ebe1a3b7448a67421
8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 18 Jan 2023 20:05:37 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
216.58.211.10200 OK 23 B URL HTTP/2 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 216.58.211.10:0
File type JSON data\012- , ASCII text
Hash e3981ca10169a319d5aa062bf43a5fa1
2c6ed584767b65688ce99b1ebe1a3b7448a67421
8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 18 Jan 2023 20:05:37 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.cardealsnearyou.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vars.hotjar.com/box-ff00c703c3bbdf54ae44ee858d64f69e.html
143.204.55.105200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-ff00c703c3bbdf54ae44ee858d64f69e.html
IP 143.204.55.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Hash 730971b89ffa8b99e4157f49a4275594
7041ce872cc30e32c6b04a958b0cf810e5fc5651
da09da5b55ce65cdb58f29842d654aa637580d8c4d5d3cddfa08de6d866dcf65
GET /box-ff00c703c3bbdf54ae44ee858d64f69e.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Wed, 18 Jan 2023 10:13:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "730971b89ffa8b99e4157f49a4275594"
last-modified: Wed, 18 Jan 2023 10:12:30 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vBzd7jUlvl1bbMMhoZelr_j5X1CkOu93gynDaYKLn8m1Iolcmb2iJA==
age: 35551
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/siteimpact-network/loader.js
151.101.65.44200 OK 26 kB URL HTTP/2 cdn.taboola.com/libtrc/siteimpact-network/loader.js
IP 151.101.65.44:0
File type ASCII text, with very long lines (65508)
Hash 004247e87282e012dc01e784aae4c851
bfb72287a044224bbd614fb36420f8152e321170
936f88785b2e63aca192277977860d0ec7bf477f15cbfebf8d1b3f51b5a55362
GET /libtrc/siteimpact-network/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6+KgYyAgllkBiZuReN09hKPEVnvHnnIMa3QEq1WYt9haTPEomlmAVQjfrmAJzJOZ/s/yfWbgVdU=
x-amz-request-id: 181FXWMKBRAZGCX0
last-modified: Sun, 08 May 2022 08:33:43 GMT
etag: "4f5a41dfd9817059905bf50c84743a4d"
x-amz-version-id: XbTGhIa_AZwLJtmXDWOBXY0Bg6OnB3Ai
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 18 Jan 2023 20:05:37 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1674072337.395143,VS0,VE196
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 64
content-length: 26491
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/unip/1122536/tfa.js
151.101.65.44200 OK 18 kB URL HTTP/2 cdn.taboola.com/libtrc/unip/1122536/tfa.js
IP 151.101.65.44:0
File type ASCII text, with very long lines (59682)
Hash ea403f2eda21948a9d6b3917cb818bf6
4b45154afd197d6ab5a6db8c5489bc5b23aa6d1a
6afde893d886ed33e78198a035a17143acd4f6cbbdda1d299bdce6b7f13a0776
GET /libtrc/unip/1122536/tfa.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iN9RPeU9HMEHmQhH6sAG/OppmgJFMDZvpp+rNVTBdOC/EiulQy3INn2XrQyp9ZOyTE5wqJmwODY=
x-amz-request-id: B0T5DP74WPRZDP0H
x-amz-replication-status: COMPLETED
last-modified: Sun, 15 Jan 2023 11:07:51 GMT
etag: "8464739c2373389b1e8d72e318dffd3b"
x-amz-version-id: yS5Z5mKgyDvvPXu4RCqmTjmbGTWCAXCj
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 18 Jan 2023 20:05:37 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1674072337.412849,VS0,VE203
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 2
content-length: 18354
X-Firefox-Spdy: h2
a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_error=3
172.67.74.207302 Found 4 B URL HTTP/2 a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_error=3
IP 172.67.74.207:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
GET /px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90%2D39a6%2D4517%2D8fda%2Dddf3ab32bac0%26anx_uId%3D%24UID&google_error=3 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:37 GMT
content-type: text/html
location: https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=$UID
x-frontend: cc-nginx-554675d589-mnpjp:cc-nginx-554675d589-mnpjp
x-requestid: dbaa10ee-62dd-497f-8c65-25855146019c
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsvO6mhw%2BwBdzMpsAWeZQ19dVeJfi132pbu%2FKZXXo9IWmsVt1UWDTie33%2BZFHUKZ%2B9Ajz0bcpETSVRAKBRZ8qpzvC6yL1bWp1HP5UNxBxSm0AAbMNog26qW6H%2FHLyipB%2Bh5SlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f24abd260b41-OSL
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-1899855.js?sv=6
54.230.111.66200 OK 72 kB URL HTTP/2 static.hotjar.com/c/hotjar-1899855.js?sv=6
IP 54.230.111.66:0
File type ASCII text, with very long lines (7669)
Hash dc5aba5f464f39561114d7cdeba17d08
ae9171cbb19c0a5e7f9313e6b3f60bb74f5cd2bb
8bc4a0e92e04611332dcd41200a1ad98721843de087db575547b1692afd2a84a
GET /c/hotjar-1899855.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 18 Jan 2023 20:05:37 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/17f5d7957fffa89ee507e7bd7224dd74
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zc8u3Q0WFhIAAigaS0sHzDff0aE8V0vkY8xdxOedgVsOQ5NzfxWdOQ==
X-Firefox-Spdy: h2
secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=$UID
185.89.210.122307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=$UID
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=$UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 18 Jan 2023 20:05:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90-39a6-4517-8fda-ddf3ab32bac0%26anx_uId%3D%24UID
AN-X-Request-Uuid: ba5f8201-9666-4dae-8271-4589977ed32b
Set-Cookie: uuid2=7553779453847800813; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 18-Apr-2023 20:05:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 558ca082e2b49b22ae356cf10b191c68
c3956046019b64bc525381a4ab7f0c70002b5b17
862dfa54857c199a1d5450b0b07d8fcc3e2702476e7a0938b3d34e2fab332af3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90-39a6-4517-8fda-ddf3ab32bac0%26anx_uId%3D%24UID
185.89.210.122302 Found 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90-39a6-4517-8fda-ddf3ab32bac0%26anx_uId%3D%24UID
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3De23d8e90-39a6-4517-8fda-ddf3ab32bac0%26anx_uId%3D%24UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Wed, 18 Jan 2023 20:05:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=0
AN-X-Request-Uuid: 5569e676-7e54-463b-acf1-20417641da4b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cdn.taboola.com/libtrc/impl.20220503-18-RELEASE.js
151.101.65.44200 OK 133 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20220503-18-RELEASE.js
IP 151.101.65.44:0
File type ASCII text, with very long lines (65508)
Size 133 kB (132588 bytes)
Hash defdab8a5f7034eb7f08c19866fa7ac5
d180f795a8cd7f7164c71ee54af461e4a70080e6
2dd0eacab9c1b4b02cbc7e3a20fbc950f6823d34473fa63dcbebf7376a51cf5b
GET /libtrc/impl.20220503-18-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: ggYdbm71+tdihhFHuSN7BLhrdhw+XSS+PFgV8xoqyMwTSS48xaPPUFsxFPkOZe3kvArC3lgEOuc=
x-amz-request-id: ZS264Y1XNHZ61V3T
last-modified: Sun, 08 May 2022 10:32:39 GMT
etag: "defdab8a5f7034eb7f08c19866fa7ac5"
content-encoding: br
x-amz-version-id: 18oAbik0LYD7YzztmCIoH2rcA8SpF7lR
content-type: application/javascript
accept-ranges: bytes
date: Wed, 18 Jan 2023 20:05:37 GMT
via: 1.1 varnish
age: 4824
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1674072338.769620,VS0,VE4
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 2
server: AmazonS3-br
content-length: 132588
X-Firefox-Spdy: h2
a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253de23d8e90%252d39a6%252d4517%252d8fda%252dddf3ab32bac0%2526anx_uId%253d%2524UID&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0
172.67.74.207302 Found 397 kB URL HTTP/2 a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253de23d8e90%252d39a6%252d4517%252d8fda%252dddf3ab32bac0%2526anx_uId%253d%2524UID&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0
IP 172.67.74.207:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x599, components 3\012- data
Size 397 kB (396968 bytes)
Hash 8c05c26f1076baa2687a3710eaf10563
65f7011a1ed66f6a564708a93b311811e1de9c0f
0470dc5271de8c95437a5d7d31eaa606b7876c6ec3c7db4f7ab7723eb5a6769d
GET /px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253de23d8e90%252d39a6%252d4517%252d8fda%252dddf3ab32bac0%2526anx_uId%253d%2524UID&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:36 GMT
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3de23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0%26anx_uId%3d%24UID
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:36 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-pqq8r:cc-nginx-554675d589-pqq8r
x-requestid: 4a52abb5-a463-48a0-afa8-62b69902d272
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MqHjUmNqBZdf3b4LMlI2dov4HXfmiwJj26fMT0Brw%2BqY8WkeVrN9I%2F4C6LWk%2B%2BGLEp7Z%2Feldpav5uS8SqSWoCDLrYYZ%2FTYqzcnc7SGqZL%2BGgZelDDrCXh1jQ0T548MnuD85mKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f2485a4f0b41-OSL
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/2022/12/cropped-2023-Mazda-CX-30-vs-2023-Mini-Clubman-Comparison-Kelley-192x192.jpg
8.38.122.197200 OK 6.3 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/2022/12/cropped-2023-Mazda-CX-30-vs-2023-Mini-Clubman-Comparison-Kelley-192x192.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 137x137, segment length 16, progressive, precision 8, 192x192, components 3\012- data
Hash 17f715f6c3a5476aed9b1b9382c81f34
c14f100963cd1014e10e26b533992a3a19c126a2
90eb37cb80567eb9eb55eccf61dde1669ce24ca649c9c3139c01b651b027db9d
GET /wp-content/uploads/2022/12/cropped-2023-Mazda-CX-30-vs-2023-Mini-Clubman-Comparison-Kelley-192x192.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 09 Dec 2022 15:51:49 GMT
etag: "18c6-5ef6721a9cf40"
accept-ranges: bytes
content-length: 6342
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:37 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:37 GMT
server: Apache
X-Firefox-Spdy: h2
a.remarketstats.com/px/smart/?c=243b667b11e7ebf
104.26.2.122302 Found 679 B URL HTTP/2 a.remarketstats.com/px/smart/?c=243b667b11e7ebf
IP 104.26.2.122:0
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 137x137, segment length 16, progressive, precision 8, 32x32, components 3\012- data
Hash d5bf5f8050b21edc2622b4bc739ee43d
db50a7cb7c9f7dfc3368f2eef45db4e681e6bf05
0251697ccaf047aa01f0f56475841589d727d77bf2b003bee823e1817c0ce959
GET /px/smart/?c=243b667b11e7ebf HTTP/1.1
Host: a.remarketstats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:33 GMT
content-type: text/html
location: https://a.clickcertain.com/px/smart/a/?c=243b667b11e7ebf
x-frontend: cc-nginx-554675d589-hd7km:cc-nginx-554675d589-hd7km
x-requestid: a15cc222-21c6-45a1-b23b-ecd455530be5
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JqEoHBifGZ5jysbYdGvrLrK4AW3zpsmLeqMSE6JFi69hxMcVZR3e%2FQNdOAVvbr%2F9V7R5NcsxeDP0x0Ilw4VV%2BFLFXRgUrOlg6sLeZJ55ZsiMwED0Cqn0pYw3omQ5DnX4TXsb%2Bbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f235c98e0b31-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 6a6b2d9466c78838d5b89a24b1afc5f1
056b045d2648e975609cc689aace2cebf56dc4b8
87f1afd429d569be0ae89952298d447806d8c9d543b4ed8d2bc80cd9dc3d125d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash efac8d32469e6807b1b1f2916a47edf1
68d91e7af565f1cf6597bcdd642a78dbada50a8d
22639289563bb576a7c20b9c733bdd7f98c41519fdddeef0d710f0d058c5bf88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1674072337812&ns_c=UTF-8&c7=https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term&c8=Front%20page%20-%20Car%20Deals%20Near%20You&c9=
54.230.111.125204 No Content 0 B URL HTTP/2 sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1674072337812&ns_c=UTF-8&c7=https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term&c8=Front%20page%20-%20Car%20Deals%20Near%20You&c9=
IP 54.230.111.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1674072337812&ns_c=UTF-8&c7=https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term&c8=Front%20page%20-%20Car%20Deals%20Near%20You&c9= HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 18 Jan 2023 20:05:38 GMT
set-cookie: UID=18Ee33e51c0905341a93a111674072338; domain=.scorecardresearch.com; path=/; max-age=62208000
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EvJU5HSG_Gx3wXQlJAtHjI1LTADoIeEMYTgRNUo-tm-d4e7rt27Cnw==
X-Firefox-Spdy: h2
trc.taboola.com/1122536/trc/3/json?tim=1674072337541&data=%7B%22id%22%3A130%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1674072337523%2C%22cv%22%3A%2220230112-8-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-trafficsourcedeliverymarketercom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1674072337540%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term%22%2C%22tos%22%3A2568%2C%22ssd%22%3A2%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i
151.101.65.44200 OK 17 kB URL HTTP/2 trc.taboola.com/1122536/trc/3/json?tim=1674072337541&data=%7B%22id%22%3A130%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1674072337523%2C%22cv%22%3A%2220230112-8-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-trafficsourcedeliverymarketercom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1674072337540%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term%22%2C%22tos%22%3A2568%2C%22ssd%22%3A2%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i
IP 151.101.65.44:0
Hash dc2b0e7c6fd06385766b448e979484d2
353e869b91b2ce8ece1148e29e8606814877ff72
329e7cc7ce894578e46702945899fb136e1fd986771b6aa7d197dcff5a7bb952
GET /1122536/trc/3/json?tim=1674072337541&data=%7B%22id%22%3A130%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1674072337523%2C%22cv%22%3A%2220230112-8-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-trafficsourcedeliverymarketercom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1674072337540%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term%22%2C%22tos%22%3A2568%2C%22ssd%22%3A2%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 18 Jan 2023 20:05:38 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1674072338.894356,VS0,VE117
vary: Accept-Encoding
x-vcl-time-ms: 117
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/stm-slide-2.jpg
8.38.122.197200 OK 112 kB URL HTTP/2 www.cardealsnearyou.com/wp-content/uploads/revslider/home_slider/stm-slide-2.jpg
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x598, components 3\012- data
Size 112 kB (112017 bytes)
Hash 292610641309e71ddefc485b28a9637e
d43e9e9cc91a96d19957bc17fbc20c044f9196f6
78c6eb9fa4fc7bbf980f1c3684a004ec442a2ce8f3046d6eabc23042f87095df
GET /wp-content/uploads/revslider/home_slider/stm-slide-2.jpg HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q; _gat_UA-172606863-1=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Sep 2021 17:51:18 GMT
etag: "1b591-5cc3494101180"
accept-ranges: bytes
content-length: 112017
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:38 GMT
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
date: Wed, 18 Jan 2023 20:05:38 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 4c59109171aa03df3ace4c8ea22f2572
e5f24f7198d50db188a4c90eaf0465c68c78d4e1
a2eb384c5799fd5e7473ba99aa669315477b6b3804ee56f4de7ede306f3522c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5620
Cache-Control: max-age=148990
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:38 GMT
Etag: "63c7de1c-139"
Expires: Fri, 20 Jan 2023 13:28:48 GMT
Last-Modified: Wed, 18 Jan 2023 11:55:08 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 313
trc-events.taboola.com/siteimpact-cardealsnearyou/log/2/debug?tim=20%3A05%3A38.085&type=info&msg=https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term&llvl=2&id=4997&cv=20220503-18-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/siteimpact-cardealsnearyou/log/2/debug?tim=20%3A05%3A38.085&type=info&msg=https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term&llvl=2&id=4997&cv=20220503-18-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /siteimpact-cardealsnearyou/log/2/debug?tim=20%3A05%3A38.085&type=info&msg=https%3A%2F%2Fwww.cardealsnearyou.com%2F%3Futm_source%3D709%26utm_medium%3Dcpc%26utm_campaign%3D8825%26utm_content%26utm_term&llvl=2&id=4997&cv=20220503-18-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 18 Jan 2023 20:05:38 GMT
x-fastly-to-nlb-rtt: 24967
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/siteimpact-cardealsnearyou/log/2/debug?tim=20%3A05%3A38.086&type=usage&msg=rtus&llvl=2&id=7399&cv=20220503-18-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/siteimpact-cardealsnearyou/log/2/debug?tim=20%3A05%3A38.086&type=usage&msg=rtus&llvl=2&id=7399&cv=20220503-18-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /siteimpact-cardealsnearyou/log/2/debug?tim=20%3A05%3A38.086&type=usage&msg=rtus&llvl=2&id=7399&cv=20220503-18-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 18 Jan 2023 20:05:38 GMT
x-fastly-to-nlb-rtt: 24967
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash afbe260dea6e0902126321776ded5ea5
9ceb5e5966d5a8db0d5ea325c183fb3dfd92575c
a9ed9a8540a6eb3f36c9ccbebf4ed369b1e7222e685c1b0f0a6d9b8950a41a26
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159871
Date: Wed, 18 Jan 2023 20:05:38 GMT
Etag: "63c80f5f-1d7"
Expires: Fri, 20 Jan 2023 16:30:09 GMT
Last-Modified: Wed, 18 Jan 2023 15:25:19 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: c3giSU_cbEymZgcIxPCZkJzso-NP5jbTmqXO7p4JHVehyoPUzZ24PA==
Age: 3890
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://www.cardealsnearyou.com/
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://www.cardealsnearyou.com
server-processing-duration-in-ticks: 473200
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash d281ec3f06ca3f8d92deb58549637ea6
1560f0c91c1577a5492ba3cc23c15fac1fb1098d
9bcdde0cf9153e4ccd76e0d531356725af4a7d2815cc8c15079fc83c527ef684
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6518
Cache-Control: max-age=100185
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:38 GMT
Etag: "63c71bf5-139"
Expires: Thu, 19 Jan 2023 23:55:23 GMT
Last-Modified: Tue, 17 Jan 2023 22:06:45 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 313
www.cardealsnearyou.com/service-worker.js
8.38.122.197200 OK 112 B URL HTTP/2 www.cardealsnearyou.com/service-worker.js
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
File type ASCII text, with no line terminators
Hash b0c4c2d74788c70c694c480595afb46f
beeec0be7ae7d24edb68398a43de20911de87562
06809e1de85a920f3658d8eecbc84164304f556accfb0090706bf6448d944c1e
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjp0cnVlfQ==; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q; _gat_UA-172606863-1=1; _hjIncludedInPageviewSample=1; _hjIncludedInSessionSample=0
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 18 Jan 2023 20:05:30 GMT
If-None-Match: "6a-5f28f5698b8a7-gzip"
Cache-Control: max-age=0
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Jan 2023 20:05:30 GMT
etag: "6a-5f28f5698b8a7-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 112
content-type: application/x-javascript
date: Wed, 18 Jan 2023 20:05:38 GMT
server: Apache
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 9.3 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
Hash 4d15f4ef7b55c05c5e12e4cc9d5657f1
a01b8a0b65a8c9eca1fe5e83cb25942b2d624a1c
2b05835f40a96912776a349b78c91dad58cf60cf97193aa8f40425deddb35621
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 817622
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
in.hotjar.com/api/v2/client/sites/1899855/visit-data?sv=6
34.249.87.203200 OK 138 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/1899855/visit-data?sv=6
IP 34.249.87.203:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 2505dac32291828e51ffd0c2a229dee0
ad9ec4f1f130cdfbef08c8faaac2cd35d671580c
9af90a3a8ee20f80006940cd344ccbe2e5fbb0e4a486200408cbe9cf1efef070
POST /api/v2/client/sites/1899855/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 129
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
x.bidswitch.net/sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0
52.28.33.173302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0
IP 52.28.33.173:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:38 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=940ffaaa-8684-4a2c-a650-719b726eb8f1; path=/; expires=Thu, 18-Jan-2024 20:05:38 GMT; domain=.bidswitch.net; samesite=none; secure
c=1674072338; path=/; expires=Thu, 18-Jan-2024 20:05:38 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1674072338; path=/; expires=Thu, 18-Jan-2024 20:05:38 GMT; domain=.bidswitch.net; samesite=none; secure
c=1674072338; path=/; expires=Thu, 18-Jan-2024 20:05:38 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0
52.28.33.173200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0
IP 52.28.33.173:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash a883a60fd35cb44606375fef90cf0dc8
2b928f489cd8c008b87edbc08fdad9198475d267
31ed47be2f522b59eacd063533d15107bae526456819f959b317d2ed42cff4e0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4488
Cache-Control: max-age=153937
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:39 GMT
Etag: "63c7f5dc-139"
Expires: Fri, 20 Jan 2023 14:51:16 GMT
Last-Modified: Wed, 18 Jan 2023 13:36:28 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 313
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8efa7cc-44c0-4841-af38-b9d070233ba9.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8efa7cc-44c0-4841-af38-b9d070233ba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 816accd72419764cabc1d038af58446c
ad835d9c9a783175d3c5d1a32f1e34baf0ed2f08
d0b6f144ddc797108e6e85b4e835bfbeadd138ef7987661ee9e3d22790db254f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8efa7cc-44c0-4841-af38-b9d070233ba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8889
x-amzn-requestid: 10583804-866b-41bc-a99b-6209bd7ae1c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6A1eHMCoAMF4kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c714ef-2351e46019a0918724721b89;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 21:36:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vPjapwQ2XBhjwPeNVzi3NQ0YSMyseKuyavdCo2CTFoxrRkiKXVu7lw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 22:01:08 GMT
age: 79471
etag: "ad835d9c9a783175d3c5d1a32f1e34baf0ed2f08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 18bf6f110d4e88ee265f6da6d21bd123
21b106133c400cd4f7faf212f0d377515fc894bd
dc7c5bcb1d7e58289f8b618ff21ddbbda12536f8635135280ccae84cfe7e4e9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3977
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:39 GMT
Last-Modified: Wed, 18 Jan 2023 18:59:22 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 18bf6f110d4e88ee265f6da6d21bd123
21b106133c400cd4f7faf212f0d377515fc894bd
dc7c5bcb1d7e58289f8b618ff21ddbbda12536f8635135280ccae84cfe7e4e9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3977
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2023 20:05:39 GMT
Last-Modified: Wed, 18 Jan 2023 18:59:22 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 314
fonts.googleapis.com/css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=5.1.2
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=5.1.2
IP 142.250.74.106:0
GET /css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=5.1.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 18 Jan 2023 20:05:33 GMT
date: Wed, 18 Jan 2023 20:05:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sb.scorecardresearch.com/beacon.js
54.230.111.125200 OK 0 B URL HTTP/2 sb.scorecardresearch.com/beacon.js
IP 54.230.111.125:0
GET /beacon.js HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 18 Jan 2023 19:46:17 GMT
cache-control: max-age=86400
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mV0yaVdyL0q0WD84mW0f4CM0c7LwrviSAerHHfCtylVCE3amVNswlw==
age: 28436
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.62200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.62:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 100674
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
54.230.111.75200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
IP 54.230.111.75:0
GET /scripts/v2/pushnami-sw/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 18 Jan 2023 20:01:52 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Vi08cCthsN2Ezwqi0GgDv6xoX5yN3iqe7vNu4fM3y_UUukgkqBwK9w==
age: 226
X-Firefox-Spdy: h2
a.clickcertain.com/px/r/?ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0
172.67.74.207302 Found 0 B URL HTTP/2 a.clickcertain.com/px/r/?ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0
IP 172.67.74.207:0
GET /px/r/?ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&cn=NO
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:36 GMT
content-type: text/html
location: https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253de23d8e90%25252d39a6%25252d4517%25252d8fda%25252dddf3ab32bac0%252526anx_uId%25253d%252524UID
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:35 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-gwphv:cc-nginx-554675d589-gwphv
x-requestid: 87d7270f-7eb7-4f5c-adfb-08f6c5b5b792
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slEykzEiTxvxlvi9QjPI33sls2vBlcmoKVtKfHE6PLuw4u1qMDpdRLZ%2B7tLhbjqjpj5sFdvCciu46YWlkp2LFZ9zAp0Dpeub333%2FkUknf%2BMaifp%2Fnvvo5%2B3TigxBf0I7lik0ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f2436d190b41-OSL
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v1/hub
54.230.111.53200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v1/hub
IP 54.230.111.53:0
GET /scripts/v1/hub HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Wed, 18 Jan 2023 19:36:13 GMT
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: X-Requested-With
content-security-policy: default-src 'unsafe-inline' *
x-content-security-policy: default-src 'unsafe-inline' *
x-webkit-csp: default-src 'unsafe-inline' *
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RnUSw7B4Woba0mD0uFZyYYsi2ZVNu5BwampfA321JfD0C_8pCZYBxA==
age: 1766
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-crto-bundle: fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://www.cardealsnearyou.com
server-processing-duration-in-ticks: 2071504
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
a.clickcertain.com/px/?c=243b667b11e7ebf
172.67.74.207200 OK 0 B URL HTTP/2 a.clickcertain.com/px/?c=243b667b11e7ebf
IP 172.67.74.207:0
GET /px/?c=243b667b11e7ebf HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=1; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:34 GMT
content-type: text/javascript
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:34 GMT; Path=/; HttpOnly; SameSite=None; Secure
_ccpx_243b667b11e7ebf=2; Expires=Thu, 18 Jan 2024 20:05:34 GMT; Path=/; HttpOnly; SameSite=None; Secure
_ccpx=243b667b11e7ebf; Expires=Thu, 18 Jan 2024 20:05:34 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-8558d:cc-nginx-554675d589-8558d
x-requestid: ff7100dd-7585-430f-9ad0-229057a0b7e4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ud8e75RIn87RM0KORvFpz5d7Q7KLjdAvK6sv5WBIvjdlhosQ%2FGNVj%2B8JdgiRmVS6Q3D4s3aCnAem32pYth1JTvVTVAHot8C4BO5uJGab7DBiUbYRk5xHwD83fxfaS1RxCzlqQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f23959840b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&cn=NO
172.67.74.207200 OK 0 B URL HTTP/2 a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&cn=NO
IP 172.67.74.207:0
GET /px/cont/?c=243b667b11e7ebf&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&cn=NO HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:35 GMT
content-type: text/html
etag: W/"ZTIzZDhlOTBnMzlhNmc0NTE3ZzhmZGFnZGRmM2FiMzJiYWMwLXow"
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:35 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-sdl9z:cc-nginx-554675d589-sdl9z
x-requestid: 631b5319-cf4d-4063-b6b4-3355bf4a2fd5
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6lMFItiN4eGbOxgDm0OJCKdhbFEjE6njbo87kLtb3nv1m2gFt%2B%2BJlcxgllE5qW1NjB%2FZ8T%2FOtfKcb%2BdvQ0zUp7A9fBPdJ4Xlorf2K2pyB0OXvl2c20M%2FR3ACBZeshSu5sKLqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f23f48dd0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/app.css?ver=5.1.2
8.38.122.197200 OK 0 B URL HTTP/2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/app.css?ver=5.1.2
IP 8.38.122.197:0
ASN #40803 KNOWNWEBHOSTING
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/motors/assets/css/dist/app.css?ver=5.1.2 HTTP/1.1
Host: www.cardealsnearyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8825&utm_content&utm_term
Connection: keep-alive
Cookie: stm_visitor_1=53014849; _gcl_au=1.1.220816005.1674072112; _ga=GA1.2.1639388113.1674072113; _gid=GA1.2.60706390.1674072113; _hjSessionUser_1899855=eyJpZCI6IjAwMjkyOWVkLTMyYjQtNWFkYy05MmFlLTIwZTNiYmUwMDg5YyIsImNyZWF0ZWQiOjE2NzQwNzIxMTMyMDksImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_1899855=eyJpZCI6IjJlZmUxYjc4LTk4NGEtNDI1MC1iMjA3LWE3ZmNkMzQ1ODA2YiIsImNyZWF0ZWQiOjE2NzQwNzIxMTMzNTYsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _ga_NYVK3745TE=GS1.1.1674072114.1.0.1674072115.0.0.0; cto_bundle=fvC8sV9HQlg4c2E2cWx6JTJCVmtQRUJTYzJmcWdpOGZZbTR4YXh6aThnUmRoWElMTmFVbG9aaU8xbE51d3JrJTJCS1BmS2tGSGhNTGlBTiUyRlNVeUNFaEhnJTJGUiUyQjRudFBpV2olMkJnRkhHOE5RTGlJQXBYbHZxQU9nMHdlNTM3dHFrUkpUWGd0MGg0ZktCazZQaXdXb0FTS1c3TWxCTjJteFElM0QlM0Q
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "7af78-5d2c3afd54a80-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 18 Jan 2024 20:05:33 GMT
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
date: Wed, 18 Jan 2023 20:05:33 GMT
server: Apache
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=G8lBBl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJZJTJGb01PR1klMkZjOUFOVnYwcGJUZjFVZm9raDd6ZG5paDYwTW4yWnltR0Q0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=skqPi180M0RITmhlJTJCZkMwOUJGQlhaMUN2czJZJTJGb01PR1klMkZjOUFOVnYwcGJUZjFYN2lNUCUyQld2Qk9iT0dCZFd6SjM5UE0; expires=Mon, 12 Feb 2024 20:05:39 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 363082
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
a.clickcertain.com/px/ta/?ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0
172.67.74.207302 Found 0 B URL HTTP/2 a.clickcertain.com/px/ta/?ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0
IP 172.67.74.207:0
GET /px/ta/?ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=243b667b11e7ebf&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&cn=NO
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:36 GMT
content-type: text/html
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:35 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-zrnk6:cc-nginx-554675d589-zrnk6
x-requestid: a382d606-930b-4785-9787-2adac7430ba6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWnLmGHQijs%2BIqmJUyciYQUWUle1gwsK1xb%2BASKE%2Ff%2BV1hYU6ii9uzufAks2gt4jEcLQYZ5%2BQnu%2B8HvAPKggsEts0Mz%2BJ6xV1sjjLEI5ELmID3QpA11bpReab82RC1mtHFQqnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f2436d160b41-OSL
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
54.230.111.75200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v2/pushnami-sw/6307cede82599900146a1edc
IP 54.230.111.75:0
GET /scripts/v2/pushnami-sw/6307cede82599900146a1edc HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 18 Jan 2023 20:01:52 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Wxi9sSURwBDnNa5kBBjpCrxEhpH3mh8L_J3XPI10ZkB21JpGcGRFkg==
age: 224
X-Firefox-Spdy: h2
a.clickcertain.com/px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=0
172.67.74.207302 Found 0 B URL HTTP/2 a.clickcertain.com/px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=0
IP 172.67.74.207:0
GET /px/img/bidswitch/?done=true&ccid=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&anx_uId=0 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; _ccpx_243b667b11e7ebf=2; _ccpx=243b667b11e7ebf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: text/html
location: https://x.bidswitch.net/sync?dsp_id=179&user_id=e23d8e90-39a6-4517-8fda-ddf3ab32bac0&expires=5&user_group=0
set-cookie: _ccpx_u=e23d8e90%2d39a6%2d4517%2d8fda%2dddf3ab32bac0; Expires=Thu, 18 Jan 2024 20:05:38 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-wzcvz:cc-nginx-554675d589-wzcvz
x-requestid: 7ff627aa-31da-421c-bb24-cc1c50d56918
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1CQ5hpcrzEMl8SCm1GuyHaXyrulU6YbVvwHKhlsxtKiY3mKSeEBdNNVTLhQjDvCn9v1I0pxLU5zFoaQ0SIkkURcax1ttZ63PXKfyZmJKGru%2BQ1zXiHb6cujJRQoFb8iCpF3ahQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78b9f2509b3c0b41-OSL
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=www.cardealsnearyou.com
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=www.cardealsnearyou.com
IP 178.250.0.157:0
GET /syncframe?origin=rtus&topUrl=www.cardealsnearyou.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 18 Jan 2023 20:05:38 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=62d24aab-cc22-451d-8aec-1d79c8e69155; expires=Mon, 12 Feb 2024 20:05:38 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 882869
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2