Overview

URLwww.newsandpromotions.com/tracking/8396
IP 34.117.221.220 (United States)
ASN#15169 GOOGLE
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-08 22:33:03 UTC
StatusLoading report..
IDS alerts0
Blocklist alert57
urlquery alerts No alerts detected
Tags None

Domain Summary (45)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
rdcdn.com (3) 64936 2015-03-10 15:50:25 UTC 2022-12-07 22:51:39 UTC 52.7.240.180
c.fqtag.com (2) 34931 2014-11-23 11:03:12 UTC 2022-12-08 06:20:24 UTC 35.190.72.161
rtxpx-a.akamaihd.net (1) 87970 2019-09-06 20:03:22 UTC 2022-12-08 09:17:03 UTC 23.36.76.145
stickyid-a.akamaihd.net (2) 94008 2019-06-02 10:14:21 UTC 2022-12-08 09:17:04 UTC 23.36.76.144
trc.pushnami.com (1) 3888 2018-10-23 06:56:12 UTC 2022-12-08 20:15:46 UTC 34.230.132.105
ocsp.r2m01.amazontrust.com (1) 0 2022-10-12 20:43:53 UTC 2022-12-08 17:23:26 UTC 54.230.80.227 Domain (amazontrust.com) ranked at: 581
www.google-analytics.com (1) 40 2012-05-21 09:41:50 UTC 2022-12-08 17:20:06 UTC 216.239.38.178
img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-12-08 15:50:00 UTC 34.120.237.76
trc.taboola.com (1) 602 2012-12-27 11:54:42 UTC 2022-12-08 17:14:59 UTC 151.101.129.44
maps.googleapis.com (4) 33876 2012-05-22 14:23:23 UTC 2022-12-08 17:13:30 UTC 142.250.74.74
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-08 17:20:00 UTC 54.148.213.75
ocsp.digicert.com (5) 86 2012-05-21 07:02:23 UTC 2022-12-08 17:15:52 UTC 93.184.220.29
a.clickcertain.com (8) 3511 No data No data 104.26.9.50
rtclx.com (1) 17838 2017-12-28 23:12:31 UTC 2022-12-08 09:17:17 UTC 52.204.72.177
fonts.googleapis.com (2) 8877 2012-05-23 12:41:44 UTC 2022-12-08 17:12:12 UTC 142.250.74.106
www.newsandpromotions.com (1) 66587 2014-04-04 17:52:37 UTC 2022-12-08 08:36:37 UTC 34.117.221.220
www.cardealsnearyou.com (108) 300285 2022-06-02 19:08:18 UTC 2022-12-08 08:37:41 UTC 8.38.122.197
developers.google.com (1) 12980 2012-06-04 12:32:46 UTC 2022-12-08 17:38:50 UTC 216.58.207.206
static.hotjar.com (1) 641 2014-11-01 05:14:27 UTC 2022-12-08 17:12:15 UTC 143.204.55.84
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-08 17:14:01 UTC 34.117.237.239
ocsp.sca1b.amazontrust.com (3) 1015 2016-02-14 02:37:56 UTC 2019-03-27 04:05:54 UTC 143.204.42.165
fonts.gstatic.com (3) 0 2014-04-02 10:51:04 UTC 2022-12-08 17:14:55 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
a.usbrowserspeed.com (1) 0 No data No data 52.24.202.12 Unknown ranking
aux.fqtag.com (1) 19371 2019-08-05 18:31:42 UTC 2022-12-08 08:30:57 UTC 35.190.13.203
vars.hotjar.com (1) 1014 2020-11-05 10:13:14 UTC 2022-12-08 17:12:53 UTC 143.204.55.101
a.remarketstats.com (1) 38181 2017-01-10 13:24:29 UTC 2017-11-03 17:28:17 UTC 172.67.69.73
cardealsnearyou.com (2) 299873 2020-08-31 21:49:09 UTC 2022-12-07 20:28:45 UTC 8.38.122.197
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-08 17:12:32 UTC 35.241.9.150
i.liadm.com (2) 511 2016-05-04 14:21:08 UTC 2022-12-08 17:16:42 UTC 52.44.180.181
googleads.g.doubleclick.net (1) 42 2012-05-21 07:15:40 UTC 2022-12-08 17:20:04 UTC 142.250.74.98
www.google.no (1) 25607 2012-06-26 23:22:08 UTC 2022-12-08 17:14:59 UTC 142.250.74.163
www.youtube.com (1) 90 2013-04-13 07:43:20 UTC 2022-12-08 17:12:11 UTC 142.250.74.14
maps.googleapis.com (4) 33876 2012-05-22 14:23:23 UTC 2022-12-08 17:13:30 UTC 142.250.74.106
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-08 17:21:04 UTC 34.160.144.191
track.ecampaignstats.com (1) 66269 2014-04-05 13:42:34 UTC 2022-12-08 08:36:38 UTC 209.148.95.13
ocsp.pki.goog (21) 175 2017-06-14 07:23:31 UTC 2022-12-08 17:12:01 UTC 142.250.74.131
www.googletagmanager.com (1) 75 2012-10-04 01:07:32 UTC 2022-12-08 17:14:43 UTC 142.250.74.168
api.pushnami.com (3) 3782 2017-05-12 22:45:10 UTC 2022-12-08 17:27:34 UTC 54.230.111.53
x.bidswitch.net (2) 286 2012-10-03 23:30:53 UTC 2022-12-08 17:12:21 UTC 52.58.214.36
cdn.taboola.com (3) 1040 2013-07-19 23:48:03 UTC 2022-12-08 17:12:48 UTC 151.101.129.44
r3.o.lencr.org (11) 344 2020-12-02 08:52:13 UTC 2022-12-08 17:12:06 UTC 23.36.76.226
cm.g.doubleclick.net (2) 202 2012-05-22 09:58:28 UTC 2022-12-08 17:29:34 UTC 142.250.74.130
secure.adnxs.com (2) 396 2012-05-22 16:37:37 UTC 2022-12-08 17:12:02 UTC 37.252.172.123
api.pushnami.com (3) 3782 2017-05-12 22:45:10 UTC 2022-12-08 17:27:34 UTC 54.230.111.113
pixel.tapad.com (2) 400 2012-10-01 07:23:01 UTC 2022-12-08 17:13:50 UTC 35.227.248.159

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/css/styl (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/css/ (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-includes/css/dist/block-library/style.min.css?ve (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxe (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm-megamenu/assets/css/megamenu (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/rental/icons.cs (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/listing_two/ico (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/stm-aircrafts-f (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder//assets/css/s (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/style.css?ver=5.1.2 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/classie.js?ver=5.1.2 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery-ui.css?v (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.cookie.js (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/select2.min.css (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.touch.pun (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/fon (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/jquery.stmdatet (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-user-sidebar (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/motors-vin-decoder/assets/img/vi (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/fon (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/css/rs6. (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/headers/he (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/f (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/animation.css?v (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/f (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/css/js_compos (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm-google-place (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/jquery.countdown (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/cookie-notice/js/front.min.js?ve (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/swv/js/i (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-header-scrol (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/f (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/sell-a-car.js?ve (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/contact-form-7/includes/js/index (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/skr (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/lg-video.js?ver=5.1.2 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/js/dist/js_co (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/bootstrap.min.js (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/dynamic-content-for-elementor/as (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/uploads/2021/03/02.jpg?id=1747 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/css/dist/app.css?ve (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/select2.full.min (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm-motors-extends/nuxy/metaboxe (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/app-ajax.js?ver=5.1.2 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/js_composer/assets/lib/bower/fon (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/uploads/2022/02/01.jpeg?id=6230 Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/f (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/typeahead.jquery (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/revslider/public/assets/js/rbtoo (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/plugins/stm_vehicles_listing/assets/js/f (...) Phishing
2022-12-08 2 www.cardealsnearyou.com/wp-content/themes/motors/assets/js/stm_dt_picker.js (...) Phishing
2022-12-08 2 cardealsnearyou.com/wp-json/acf/v3/options/options/ Phishing
2022-12-08 2 cardealsnearyou.com/wp-json/acf/v3/options/options/ Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 34.117.221.220
Date UQ / IDS / BL URL IP
2022-12-18 09:31:40 +0000 0 - 0 - 53 www.newsandpromotions.com/tracking/8305 34.117.221.220
2022-12-18 09:08:02 +0000 0 - 0 - 55 www.newsandpromotions.com/tracking/8318 34.117.221.220
2022-12-17 10:34:29 +0000 0 - 0 - 56 www.newsandpromotions.com/tracking/8344 34.117.221.220
2022-12-16 08:30:42 +0000 0 - 0 - 58 www.newsandpromotions.com/tracking/8617 34.117.221.220
2022-12-15 07:54:18 +0000 0 - 0 - 60 www.newsandpromotions.com/tracking/8539 34.117.221.220


Last 5 reports on ASN: GOOGLE
Date UQ / IDS / BL URL IP
2023-01-29 11:48:04 +0000 0 - 0 - 1 padlet-uploads.storage.googleapis.com/5002792 (...) 142.250.74.144
2023-01-29 11:48:00 +0000 0 - 0 - 1 padlet-uploads.storage.googleapis.com/5002792 (...) 142.250.74.144
2023-01-29 11:45:27 +0000 0 - 0 - 1 dpdhtl.net/regio/a1b2c3/d4f844e6d7ed84e14721a (...) 34.98.99.30
2023-01-29 11:43:50 +0000 0 - 0 - 1 edf41f52-452f-4671-a310-1da9f1d2ecd8.usrfiles (...) 34.102.176.152
2023-01-29 11:43:26 +0000 0 - 0 - 4 comcoocendoo1970.blogspot.co.il/ 142.250.74.1


Last 5 reports on domain: newsandpromotions.com
Date UQ / IDS / BL URL IP
2023-01-26 20:55:39 +0000 0 - 24 - 55 www.newsandpromotions.com/tracking/8383 35.227.209.77
2023-01-26 10:03:35 +0000 0 - 24 - 56 www.newsandpromotions.com/tracking/8513 35.227.209.77
2023-01-25 07:53:10 +0000 0 - 0 - 58 www.newsandpromotions.com/tracking/8461 35.227.209.77
2023-01-18 20:05:43 +0000 0 - 0 - 58 www.newsandpromotions.com/tracking/8825 35.227.209.77
2023-01-18 20:01:59 +0000 0 - 0 - 56 www.newsandpromotions.com/tracking/8539 35.227.209.77


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-17 09:40:48 +0000 0 - 20 - 57 www.newsandpromotions.com/tracking/8825 35.227.209.77
2022-12-14 19:28:50 +0000 0 - 0 - 58 www.newsandpromotions.com/tracking/8812 34.117.221.220
2022-12-09 08:40:00 +0000 0 - 0 - 54 www.newsandpromotions.com/tracking/8461 34.117.221.220
2022-12-08 22:50:32 +0000 0 - 0 - 56 www.newsandpromotions.com/tracking/8461 34.117.221.220
2022-12-04 20:25:10 +0000 0 - 0 - 57 www.newsandpromotions.com/tracking/8617 34.117.221.220

JavaScript

Executed Scripts (96)

Executed Evals (19)
#1 JavaScript::Eval (size: 14) - SHA256: 0510de046e8325540849bad09f31eaaa3e9256fafd330c5d57327dc948812a33
/*@cc_on!@*/ !1
#2 JavaScript::Eval (size: 4) - SHA256: 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408
this
#3 JavaScript::Eval (size: 20) - SHA256: f83271bbf9f61f53799bbe1ea9aa015e44b5b2ab3d7a94605b3aa390d2bfbc59
(function x() {})[-6]
#4 JavaScript::Eval (size: 17) - SHA256: 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061
/*@cc_on!@*/
false
#5 JavaScript::Eval (size: 112) - SHA256: f329ec79ac2033511a82eb0a5011170218b09f419a501f3c4230f0a9ca8b04a2
(function() {
    return google_tag_manager["GTM-N68RHD7"].macro(9).match(/[^.]*\.[^.]{2,3}(?:\.[^.]{2,3})?$/)[0]
})();
#6 JavaScript::Eval (size: 130) - SHA256: 898a0daeb2368d3466ec1d02d0638264b0cfec3bee7fbfe1c755bf4c6f853680
(function() {
    return -1 === google_tag_manager["GTM-N68RHD7"].macro(18).indexOf(google_tag_manager["GTM-N68RHD7"].macro(20)) ? !0 : !1
})();
#7 JavaScript::Eval (size: 7) - SHA256: 05f06428ae6926ccb3847eac1c4adbe310cdeb3f5db585f26c2b9bb7887bff03
!+'\v1'
#8 JavaScript::Eval (size: 128) - SHA256: 07fefc4a42c2422b8cc74180566c65218f9d29f8d68c34ad63e3197b354f963d
(function() {
    return -1 === google_tag_manager["GTM-N68RHD7"].macro(2).indexOf(google_tag_manager["GTM-N68RHD7"].macro(4)) ? !0 : !1
})();
#9 JavaScript::Eval (size: 128) - SHA256: ab56d0ee9925bde1d48c8ddb280506b51c52c52e0d54d5ea65e67ce04fd33b93
(function() {
    return -1 === google_tag_manager["GTM-N68RHD7"].macro(5).indexOf(google_tag_manager["GTM-N68RHD7"].macro(7)) ? !0 : !1
})();
#10 JavaScript::Eval (size: 113) - SHA256: 62fdae530d88408b1cc4946eecd70fda26cae40808523e8e139628cb67247a07
(function() {
    return google_tag_manager["GTM-N68RHD7"].macro(14).match(/[^.]*\.[^.]{2,3}(?:\.[^.]{2,3})?$/)[0]
})();
#11 JavaScript::Eval (size: 130) - SHA256: 03bd9cf01c2441a28010a255b5c86f69e05407e3ceb6c4fe1603d80e2433c6c5
(function() {
    return -1 === google_tag_manager["GTM-N68RHD7"].macro(13).indexOf(google_tag_manager["GTM-N68RHD7"].macro(15)) ? !0 : !1
})();
#12 JavaScript::Eval (size: 18) - SHA256: 0f3342bc14063d9ed7a669eb067b50ea17b2cb7dcb51968939b72fa9ac862d91
var foo = (x) => x + 1
#13 JavaScript::Eval (size: 31) - SHA256: 83ba63efde4d727ac5babaea99f131c7a173c43d8ba138525523e267bf5f19c9
window.location.ancestorOrigins
#14 JavaScript::Eval (size: 20) - SHA256: 989aee59bc8b1d209d85b911b79e19acbd4f38b57f507a32a8824db502e689e0
(function x() {})[-5]
#15 JavaScript::Eval (size: 11) - SHA256: f587a8350df0c0f85a945195aac9f88d92f340e865a2e7fb23ad516da6623618
'\v' == 'v'
#16 JavaScript::Eval (size: 112) - SHA256: 8008b1b37a49037f1b4e504c18e8c4bd357026b0c666c273d14350424105217b
(function() {
    return google_tag_manager["GTM-N68RHD7"].macro(3).match(/[^.]*\.[^.]{2,3}(?:\.[^.]{2,3})?$/)[0]
})();
#17 JavaScript::Eval (size: 112) - SHA256: a537b5f7b661a7e03cf06c3bdebcd9f3dd0e8914091757ca1eb4933dfdf06c69
(function() {
    return google_tag_manager["GTM-N68RHD7"].macro(6).match(/[^.]*\.[^.]{2,3}(?:\.[^.]{2,3})?$/)[0]
})();
#18 JavaScript::Eval (size: 129) - SHA256: 09914abbb5814b03cf166fab290a18295b467616498f33d602598aea91b67a12
(function() {
    return -1 === google_tag_manager["GTM-N68RHD7"].macro(8).indexOf(google_tag_manager["GTM-N68RHD7"].macro(10)) ? !0 : !1
})();
#19 JavaScript::Eval (size: 113) - SHA256: a10d3709e42f6d883af0aade11821a363fbea8b92dbab82ca3441438062e776b
(function() {
    return google_tag_manager["GTM-N68RHD7"].macro(19).match(/[^.]*\.[^.]{2,3}(?:\.[^.]{2,3})?$/)[0]
})();

Executed Writes (0)


HTTP Transactions (220)


Request Response
                                        
                                            GET /tracking/8396 HTTP/1.1 
Host: www.newsandpromotions.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         34.117.221.220
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 08 Dec 2022 22:32:51 GMT
Server: Apache
Set-Cookie: _xTID=8396; expires=Thu, 08-Dec-2022 22:37:51 GMT; Max-Age=300; path=/; domain=newsandpromotions.com _xSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=newsandpromotions.com
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location: http://track.ecampaignstats.com/lprd/trk.php?TID=8396
Vary: User-Agent
Content-Length: 0
X-Varnish: 62288812
Age: 0
X-Cacheable: NO:Logged in/Got Sessions
Via: 1.1 varnish (Varnish/6.0), 1.1 google

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12324
Expires: Fri, 09 Dec 2022 01:58:15 GMT
Date: Thu, 08 Dec 2022 22:32:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10333
Expires: Fri, 09 Dec 2022 01:25:04 GMT
Date: Thu, 08 Dec 2022 22:32:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F542579E3A3577A646BABDE862282C2AFDA6ED784360A915143216100F7A3D91"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4479
Expires: Thu, 08 Dec 2022 23:47:30 GMT
Date: Thu, 08 Dec 2022 22:32:51 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 22:08:14 GMT
age: 1477
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    bf0c602d32b3c14606f22a86183b5e3c
Sha1:   6eabd8d83475eba731968abe1a05a8bfd272f160
Sha256: 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: LspuYVlAIsfv3/06hoKXoIuxGXksEqpn92zKu7sXCi6qBz1LPq/f8nVlzjZsQqz+HOGeOi5ffcc=
x-amz-request-id: CD9VWRA3V6YCXFS9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 21:49:58 GMT
age: 2574
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 08 Dec 2022 22:32:52 GMT
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 22:07:55 GMT
age: 1497
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4232
Cache-Control: max-age=128672
Date: Thu, 08 Dec 2022 22:32:52 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:17:24 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /lprd/trk.php?TID=8396 HTTP/1.1 
Host: track.ecampaignstats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         209.148.95.13
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 08 Dec 2022 22:32:52 GMT
Server: Apache/2.4.52 (Debian)
Set-Cookie: _xTID=8396; expires=Thu, 08-Dec-2022 22:47:52 GMT; Max-Age=900
Location: https://www.cardealsnearyou.com?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content=&utm_term=
Content-Length: 0
Connection: close

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Tkh+1H9N9jGJ410Dw1O9kQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.148.213.75
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lC8fi9hEKViGgm+9eWGG4chpYFw=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "42D6AFDE50843D5F5247AB2ACAB5DD0637822A6AF0DE0F1B17EAC1440B4CDC56"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Fri, 09 Dec 2022 04:31:55 GMT
Date: Thu, 08 Dec 2022 22:32:53 GMT
Connection: keep-alive

                                        
                                            GET /?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content=&utm_term= HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         8.38.122.197
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
x-b-cache: BYPASS
x-redirect-by: WordPress
set-cookie: stm_visitor_1=84325358; expires=Sat, 07-Jan-2023 22:32:53 GMT; Max-Age=2592000; path=/
location: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
date: Thu, 08 Dec 2022 22:32:53 GMT
server: Apache
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8696
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 22:32:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8696
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 22:32:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8696
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 22:32:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8696
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 22:32:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8696
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 22:32:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7960
x-amzn-requestid: beadd240-39d0-407d-a890-6a095657cac3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEd8HC0oAMFUag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb459-44d4f63c62f58684782ef14a;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yL-FrFYh-3PuCZCpCHYg--ebTS7wMmMQ7IE2mgimDVsKWFEtKC2gVQ==
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 05:44:09 GMT
age: 60525
etag: "cfb1e5bcab2148a777889680e6e36b9d7e8917ec"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7960
Md5:    eb00a2a503a690cee3e4dd729b5bc9bd
Sha1:   cfb1e5bcab2148a777889680e6e36b9d7e8917ec
Sha256: 7e4583ae78ab597639f53669ac2d67d1ebd26be3278c2fc3fc95af934178c116
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7217
x-amzn-requestid: be9196fc-3d43-49db-8522-8781cbf5a247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUEDEWpIAMFqUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e6-04b24220213872ba378d3538;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4QlJZW4ZiPNVhOJbcRldanR8veym3l0sIBGa1Ym-4FOTT_utMQeZQg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 10:15:09 GMT
age: 44265
etag: "2506152cdd1056533116feb9350124356e570e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7217
Md5:    955c6ac69b89f6cbd497df53fcb2ae1b
Sha1:   2506152cdd1056533116feb9350124356e570e54
Sha256: fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F345b9f5c-0162-4ba2-800e-223d402d28bf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3030
x-amzn-requestid: c5e5e4a1-bc45-42e8-a021-9c8f99e22556
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czUqCFWBoAMFiqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639134a6-5cc9bdf360f2bfb54e16b448;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 00:49:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: x5FUJ8Cbw9B9BWcHlencYw564Xri5cgoVXkQ2MbhEjYq7Y5v2P0IxQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 11:18:08 GMT
age: 40486
etag: "33edd1469c54a08e3c4cb0003b87b225eba55b3f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3030
Md5:    a1be0ae00ba0c6009ac14c8df38b8ad0
Sha1:   33edd1469c54a08e3c4cb0003b87b225eba55b3f
Sha256: ab70390c49c5bb3dd7e97ba008c01213a59b3bc271aa8a350ab35ff422d8b3fd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F884d1162-4377-487f-a056-b21117ef5001.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8204
x-amzn-requestid: cf54b5f8-ede8-49d5-aa56-5d9de98e3ab8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjtKfEiToAMFSXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af576-6ddfe35c0b31074d6a07076f;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:06:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UfqFAlLedF6ZkfbGXhyYDcvu0porNJb6LPaeQ8p4dqWqsFD6iRgWLw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 15:50:07 GMT
age: 24167
etag: "6cee6b1828c709f68b995197ca943a5c393f86fb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8204
Md5:    9cb76c68a8cd472600106cc118067868
Sha1:   6cee6b1828c709f68b995197ca943a5c393f86fb
Sha256: 009d9ba19043b03b5aceeb80b69bf249f19a0a225bdbfef7ab8691669cb64130
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8709
x-amzn-requestid: 8c5094d3-3286-44db-bd3f-9369cd8220eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LYGGm6oAMFn1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925900-2ea563bc1b5aa87a0ebd6251;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OMn8ZLXg7eImX9gfKGhJMvxHVcfTuutGJjuZk9JU6iGBkXso6v8FuQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:15 GMT
etag: "cac4e03ae9857def8b094e005647c3e49c34d686"
age: 2499
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8709
Md5:    0321199622f614202a646f925521ace7
Sha1:   cac4e03ae9857def8b094e005647c3e49c34d686
Sha256: 042494598add540a49650d5556d33bf53f647d77e64fbf13f3d881ebf251a525
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0c11050-5c0c-4d59-80cd-f72cf377a852.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7919
x-amzn-requestid: 05f49b7c-7c76-4df4-8258-c270078d8fe9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctl_TH-KoAMFkWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9fb-1971e1e0359763a96b4d320b;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:06:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BEsmH1BkWu_c_-qHStWD1CT1Lx1AZVcw9tnLcoGZCmnjwFWdtB7BRA==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 10:39:43 GMT
age: 42791
etag: "d795c519ea637a213aab1d80daaf44ce5ad19069"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7919
Md5:    b1a13d12c326848d5b7adeb2562a35a5
Sha1:   d795c519ea637a213aab1d80daaf44ce5ad19069
Sha256: f7b99c93b99268e1b2fa438d493cf23cd75a98833710ddd22b5278a76e9f019a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1863
Cache-Control: max-age=90645
Date: Thu, 08 Dec 2022 22:32:54 GMT
Etag: "63911de4-117"
Expires: Fri, 09 Dec 2022 23:43:39 GMT
Last-Modified: Wed, 07 Dec 2022 23:12:36 GMT
Server: ECS (amb/6B75)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /maps/api/js?key=AIzaSyDr1xM6IU4fHaTYM8RxC9hoou0Ig_58ITc&libraries=places%2Cdrawing%2Cgeometry&language=en&ver=2.0.1 HTTP/1.1 
Host: maps.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
date: Thu, 08 Dec 2022 22:32:55 GMT
expires: Thu, 08 Dec 2022 23:02:55 GMT
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 59158
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=26
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2447)
Size:   59158
Md5:    4e268119117762d1206cd251bdd04441
Sha1:   f691e436e17a3349c4ffd67b88a23e818e973023
Sha256: 8ba0f96b20b2d8264bd171eca86374f2c146df466b87e2317f52f1624b1ccc15
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /maps/api/js?key=AIzaSyDRiOJcH5jlSFqsAFGOgkGLZ02XvQSMTHo&libraries=places&sensor=false&language=en-US&ver=5.1.2 HTTP/1.1 
Host: maps.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
date: Thu, 08 Dec 2022 22:32:55 GMT
expires: Thu, 08 Dec 2022 23:02:55 GMT
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 56002
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2459)
Size:   56002
Md5:    1cb0bc690dabc60e9268d89c14aeb21b
Sha1:   fdb06535fd8100a1344e3a0a6925db020a95e586
Sha256: 35605bff5beee283e6a569e456b74aa2763a80cef5ebc0123206b055937a33be
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/dynamic-content-for-elementor/assets/css/animations.css?ver=2.7.10 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 30 Sep 2022 03:50:02 GMT
etag: "3cfb-5e9dce38493fc-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1551
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1551
Md5:    590881ddb2faca501eb64a1cae756d2a
Sha1:   095a054091ac2d12de37d460b54fac424f406fc1
Sha256: e4ac349500702dcd738cde2fb9eb760d6d11d762e25997a39e3cb9db23ad40a3
                                        
                                            GET /wp-content/plugins/formidable/css/formidableforms.css?ver=10181831 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 18 Oct 2022 18:31:28 GMT
etag: "c8c4-5eb534ce47ce3-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8583
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (51296)
Size:   8583
Md5:    ea90d24c5f8e265b80412d77c8fe82ce
Sha1:   9aa22159c8a3ad5e7980e8efc9d5ddd692236207
Sha256: 639d7e1e608414d341a42ed372d15f0f18caf92bb9cd946de61f814d711eea01
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 25 Oct 2022 16:45:04 GMT
etag: "aab-5ebdea14c16e2-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 972
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   972
Md5:    8bf268dfcca7cb20719b7ea14373ef4a
Sha1:   58bd839bbf0e8cc082f0a488b538b4ec71bebd2e
Sha256: eece4a14939273c7af07bce8bab3a6cfc2c9de44c0eea82cc886abac13cb3870

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/stm_fonts/stm-icon/stm-icon.css?ver=1.0 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 25 Oct 2022 16:53:57 GMT
etag: "18eb-5ebdec10e3351-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1333
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1333
Md5:    bca8508ed19ce66d215162de0dcd5743
Sha1:   538112b87de9de0ca1b5b7e2d446a3244e2f523a
Sha256: b080aba9c0cbdeb630352ebbce2c83a06783a09e4c34d54a0c8e73aa408582ef
                                        
                                            GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/owl.carousel.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "e2e-5d9e1308340c7-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 899
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3630), with no line terminators
Size:   899
Md5:    0fd6cde7646e79e085a7bcd4e54454e1
Sha1:   6af9258308691fc18f233b3a716bab3d0ef49426
Sha256: 4ba6f1bcf100600b7f2e008c46cc8597916f14c8db378fa507f2daaa3560740d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/grid.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "2b33-5d9e13083350f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1444
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (540)
Size:   1444
Md5:    010ba361ace5fbb7d07bd66b3a48cf2a
Sha1:   c60c40f4e72c63363b68ba02a2a19b682041a10f
Sha256: f3edb316d73bcd98551b4d90fb059d3ebf5307852a046a507915fb0d8a7a60b8
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Wed, 13 Jul 2022 13:21:17 GMT
etag: "15b64-5e3afa8f72a1e-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11681
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   11681
Md5:    e5548800176e913a9084f47a3e1e04f6
Sha1:   eff4604acc5c26ae82a19188de2f98bf5b79d80c
Sha256: a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/stm_vehicles_listing/assets/css/frontend/lightgallery.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "50b4-5d9e130833cdf-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3790
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20660), with no line terminators
Size:   3790
Md5:    b8f5fb406b5dde0528079b1f2957f623
Sha1:   cd9e95a4c9121e714058ccd4b4bb20abfabc9080
Sha256: d906fb4ec194f825b3a60ba2367400588fee92446204b49fdab907258b0e68c1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=168009
Date: Thu, 08 Dec 2022 22:32:55 GMT
Etag: "63925360-118"
Expires: Sat, 10 Dec 2022 21:13:04 GMT
Last-Modified: Thu, 08 Dec 2022 21:13:04 GMT
Server: nginx
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125041
Date: Thu, 08 Dec 2022 22:32:55 GMT
Etag: "639199a3-1d7"
Expires: Sat, 10 Dec 2022 09:16:56 GMT
Last-Modified: Thu, 08 Dec 2022 08:00:35 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TUox_pyv1UL7di4ns1MhvdqvRXl0jRRPsfvZfaB3cpoR7avB6XWf8Q==
Age: 4581

                                        
                                            GET /wp-content/plugins/stm-motors-extends/nuxy/metaboxes/assets/vendors/font-awesome.min.css?ver=1670538774 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:15:37 GMT
etag: "e7d0-5d9e133737f19-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12869
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (59158)
Size:   12869
Md5:    d7913fc87c4606f82b4ee77a8d47fc2f
Sha1:   62a54acf7535ae53425b44dadfe5fdabf3d8300a
Sha256: bb05c88bb0b82e2f14f1efb94b4c3511292f74c3bb7cb0b104d300a42a49492f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /rt?aid=18662&e=1&img=1 HTTP/1.1 
Host: rdcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         52.7.240.180
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
date: Thu, 08 Dec 2022 22:32:55 GMT
content-length: 121
cache-control: private
location: /eow
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
set-cookie: aid=18662; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure ref=https://www.cardealsnearyou.com/; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure img=http://rdcdn.com/rt?aid=18662&e=1&img=1; expires=Fri, 01-Jan-2038 06:00:00 GMT; path=/;SameSite=None; secure
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   121
Md5:    3566835ab38329ddb105f8649131cabb
Sha1:   72eb59670ff0ea8cc99983629acc33aebd65a6e0
Sha256: 66b563593020781cd23517f1e111f600993a0b893f79970b32e9f95147db269c
                                        
                                            GET /eow HTTP/1.1 
Host: rdcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: aid=18662; ref=https://www.cardealsnearyou.com/; img=http://rdcdn.com/rt?aid=18662&e=1&img=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         52.7.240.180
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
date: Thu, 08 Dec 2022 22:32:55 GMT
content-length: 151
location: https://rdcdn.com/images/blank.gif
cache-control: private
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   151
Md5:    82133787c1fcce4fd893463e0b0b3ecb
Sha1:   f4af96850470b845614985cb3a56d9e16ad14e9c
Sha256: ba90dc61e3a7b2caff87da8bf66ff677120d58b1f76e79f40dcfaac4cf58a555
                                        
                                            GET /wp-content/plugins/stm-megamenu/assets/css/megamenu.css?ver=2.3.1 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:17:22 GMT
etag: "a149c-5d9e139b90cf5-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 29438
date: Thu, 08 Dec 2022 22:32:54 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (545)
Size:   29438
Md5:    45f6eab951ca317ec475b529f46417b4
Sha1:   fce41b7dd131001beb3f1dc96a1793452f624b44
Sha256: a231e34d708b1f7663ec942c27dd9eec1fcdf574b8f9431522d3c360afbf32a2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/service-icons.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "fad-5d2c3afd921f0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 977
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   977
Md5:    641140f1223ff5df29ee18f8c8f70aba
Sha1:   ee0c640727fd652e863fd635d520b173e8b40d13
Sha256: b5bc1943b25ef3c81c37dfb34d070364f53739ca18660bb96809c5a3225541aa
                                        
                                            GET /wp-content/themes/motors/assets/css/magazine/magazine-icon-style.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3e5-5d2c3afd902af-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 421
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   421
Md5:    5c1a960d788c02bad2b16c27e454c54c
Sha1:   173296d3fc4e8de3414a123deb279dfdd64bd034
Sha256: f11d0b6e69aaf946642073a7cca64a84239b56463ea101419eb5cc2249a4bf5d
                                        
                                            GET /wp-content/themes/motors/assets/css/motorcycle/icons.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5b3-5d2c3afd90a80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 490
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   490
Md5:    cb10860ede4d9ab43f9cdb5aaae451bd
Sha1:   e3910ef96d8ceb6550f9ea6a58c712d004b79acc
Sha256: 33da399f2c6220f71350a51b05a19058cec7ccc070e5b1c18520d0eaec608830
                                        
                                            GET /wp-content/themes/motors/assets/css/boat-icons.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "12c6-5d2c3afd50329-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1007
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1007
Md5:    ed52b7ca5b3418b28153da35cedf6071
Sha1:   4487d8be68353b68bd5cc1d13f3f06f9cdbcfb27
Sha256: 19c044faacbde16eff6a8dbde2c95c527de4de1d75240f3e32f93de390db7582
                                        
                                            GET /wp-content/themes/motors/assets/css/rental/icons.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "658-5d2c3afd91638-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 516
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   516
Md5:    277e52066662b1b4a68efef4e93727e2
Sha1:   a2f2b791f3510e4b5d44554e004f60d041ceca9c
Sha256: 3659bb3504f8f1972b298b0e35d3a7bb23abad8480b894c730a6081159daf0cf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/listing_two/icons.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "401-5d2c3afd8fadf-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 427
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   427
Md5:    19bb036adf9fd75599fa621d9cb38848
Sha1:   52111ce03d19317deb4405fe90e46fa556d3acd7
Sha256: 03e075be68024ed59155efdb887c1154ea3685980f4d35da09c6b2f21101a69a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/stm-aircrafts-font-style.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "5dd-5d2c3afd98f53-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 500
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   500
Md5:    e3aa2e50e7548a11d09b751859c1becb
Sha1:   576d4d743e87890fcb1d27c9b612095dc38f157f
Sha256: 08390ab2377861fbbeae93767265f829763ce9cbe12a73f93e79ce3eb2ce6c2c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/motors-vin-decoder//assets/css/service-icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "ce6-5e9dce4f2e920-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 691
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3302), with no line terminators
Size:   691
Md5:    ab6f97ea7059c232693a4b570e087b62
Sha1:   dcfe539ea4e28d385ce694223174123f82e14ac0
Sha256: 6d7bc8cdd8c2936c4e49bca0f1f14363bc020331fba7379c0f741f85e014ab6f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/style.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:35 GMT
etag: "298-5d2c3afeb1417-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 396
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   396
Md5:    5b14aab06cc4ce54392ef426221ba25d
Sha1:   07f40c8f54e83ff19f3d0b03529419cf0f93f1e5
Sha256: 32acde4090f36bd8d830b58765765d2fc848935052bb4154be54fb786447666b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /maps/documentation/javascript/examples/markerclusterer/markerclusterer.js?ver=5.1.2 HTTP/1.1 
Host: developers.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.206
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 16 Jan 2017 03:43:59 GMT
set-cookie: _ga_devsite=GA1.3.1059316650.1670538775; Expires=Sat, 07 Dec 2024 22:32:55 GMT; Max-Age=63072000; Path=/
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-Que5JCjRIrxIzciS6Wlq0jQyd3nBEm' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
cache-control: no-cache, must-revalidate
expires: 0
pragma: no-cache
content-encoding: gzip
x-cloud-trace-context: ba503d29691968024fee5f335bb1f800
vary: Accept-Encoding
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Google Frontend
content-length: 8937
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   8937
Md5:    e2a0535d09714d03a14d997f92ebdc03
Sha1:   b09088d15141e46ae32d8740f3703bf8be5aae76
Sha256: 538478391603b392c89f296461d8a1e404937778222a01a4859334410209124a
                                        
                                            GET /wp-content/themes/motors/assets/js/classie.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "7b4-5d2c3afdeea89"
accept-ranges: bytes
content-length: 1972
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1972
Md5:    55e1109b3022c56ad23c5ba676055619
Sha1:   a940196e1ddfad80d753dd70484da942a3b2c2b4
Sha256: 9477ec4f89eb231b413a95b7438ababe1800c2cff84bb08283dedadf565731f1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/jquery-ui.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1ad9-5d2c3afd7d9c9-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1833
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1165)
Size:   1833
Md5:    9c409d2d0082c4c92f139b79b9b56496
Sha1:   71af88ff8fb89bbde6780e3654e9ac5efcf6cd72
Sha256: 3abed05aa50906e4ba6d49983bd2c324bd57c9a0a4e74b52f95ceb965d27f27f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/js/jquery.cookie.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "c9f-5d2c3afdf1582"
accept-ranges: bytes
content-length: 3231
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3231
Md5:    274f1795c34d6b35e0e79eb1633abe23
Sha1:   a9e973e7d4830462c90a44f4766ab4e1f5177fe5
Sha256: 582e7032302e4a28726d52ff3ff8db3bb0d1b3a7c1e83e38890ee62bc0a174ed

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/auto-parts/style.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "6bb-5d2c3afd4ff41-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 544
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   544
Md5:    647499d93bd6ced6839431fee63db188
Sha1:   2090144108643c4f8ad4181e18c7625a9019615d
Sha256: 46cb51a861e4887e2d2017ac5e6eb349bc2b4427948598d26d6e55e6e15dcf58
                                        
                                            GET /wp-content/plugins/wp-auto-affiliate-links/css/style.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 30 Sep 2022 03:49:44 GMT
etag: "c78-5e9dce267100a-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 998
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   998
Md5:    863bd6ca1f3e51547c37bbf7f3a621ed
Sha1:   b24c95e413ff38ea4e4bf0abf88db4feebe9f565
Sha256: b895c8a154b420f9612aa9911eb4a1599585fc21e550dfff747226a1f38e59e5
                                        
                                            GET /wp-content/plugins/motors-vin-decoder//assets/css/stm-icon.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "11f1-5e9dce4f2f0f0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 922
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4593), with no line terminators
Size:   922
Md5:    db40a8a36efef57420f92ea109fc33a2
Sha1:   5554034fed439657049ea0b3bd7eb43d9aa0fb50
Sha256: c3ff3a300e8016e244ca4e49de4285da191044970ddcf0f93710d014481f5765
                                        
                                            GET /wp-content/plugins/motors-vin-decoder//assets/css/icons.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "586-5e9dce4f2e538-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 404
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1414), with no line terminators
Size:   404
Md5:    dcadca1139e6522100c6ba8850f572ca
Sha1:   dca0ee9e0f96f5f8d399e2aee39b26ff26a4ee18
Sha256: bb206bb906b05edee537c89d075ec04bc570ff9f7e59270d803b6f4bb80f2534
                                        
                                            GET /wp-content/themes/motors/assets/css/select2.min.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3a76-5d2c3afd91e08-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1998
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (14965)
Size:   1998
Md5:    8e684dd388239a6bcac3bc41e52c4e17
Sha1:   2691065d51586e3fdcfce1ea8e51787a05061989
Sha256: f5e41c52b1303b9ad13beb859f02abc7397d27e3b6504c5bd82a2b68dfa6ece4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/ui/effect-slide.min.js?ver=1.13.1 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 10 Mar 2022 18:19:20 GMT
etag: "385-5d9e140bc8be3"
accept-ranges: bytes
content-length: 901
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (715)
Size:   901
Md5:    e0b6ee7035469fab34982887e7ef21f7
Sha1:   8f38f75ae3db197142744524b6fcb8dc11efd577
Sha256: f7f639c14daca92fe9f66f08d4ef076d2413eb99dbc35129158de1814d1d7c91
                                        
                                            GET /wp-content/themes/motors/assets/js/jquery.touch.punch.min.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "50b-5d2c3afdf38ab"
accept-ranges: bytes
content-length: 1291
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1090)
Size:   1291
Md5:    700b877cd3ade98ce6cd4be349d81a5c
Sha1:   c1c36e6927436231eb20474356b29667c4c648aa
Sha256: 000854d782781aff1b16ea5451c1da3d07efadd35ab911ccb7e4b851571a25bd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.7.0 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "865f-5d9e136b05866-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4260
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (34217)
Size:   4260
Md5:    ff23202f1227d35b13635501c86b2156
Sha1:   31c5de356f90da7a53468ef8ed0a9237cdaa67ce
Sha256: c4b5a8cbcaef7b3a6d4d2f1a3d68cfac3a2ccb7fbfcd7ae212bf2c39fc85ed42

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/jquery.stmdatetimepicker.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "4981-5d2c3afd7ddb1-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4618
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1961)
Size:   4618
Md5:    2dbe5d4f94fdcf3df53ec6071a433b32
Sha1:   b71af6bb415f16b2624d97e8914137399c8ec596
Sha256: 0850bfcae403b88d409a60d16d73c6e1f7ef1c8274c5b090ab290b2aa7923546

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /images/blank.gif HTTP/1.1 
Host: rdcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Cookie: aid=18662; ref=https://www.cardealsnearyou.com/; img=http://rdcdn.com/rt?aid=18662&e=1&img=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         52.7.240.180
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 08 Dec 2022 22:32:55 GMT
content-length: 42
last-modified: Thu, 23 Dec 2021 21:40:22 GMT
accept-ranges: bytes
etag: "0e70b045f8d71:0"
server: Microsoft-IIS/10.0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    accba0b69f352b4c9440f05891b015c5
Sha1:   9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
Sha256: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
                                        
                                            GET /wp-content/plugins/motors-vin-decoder//assets/css/vin-decoder.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "5b46-5e9dce4f2fca8-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4490
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (23366), with no line terminators
Size:   4490
Md5:    409ed4df68521a808313b7ce8d2875d3
Sha1:   2bfeb5236e3db8e1ed77213d8dad9e97b6f7bb17
Sha256: ec27d1caa25b46911cbe9f09fc12684cb3dc2c07c36972f6f9b9304145e9fd62
                                        
                                            GET /wp-content/themes/motors/assets/js/app-user-sidebar.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "382-5d2c3afdec760"
accept-ranges: bytes
content-length: 898
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   898
Md5:    233c154fec1bd47cb2d7c5c9c5f70941
Sha1:   40260ff178c49cf3ecffe7b8484d07e52308cead
Sha256: f0fcb6a32306c5ff4a50df8e19e176be412c7ec0b9306c8083347a52c98ca1bd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 17 Dec 2020 15:23:57 GMT
etag: "2bd8-5b6aa9497f7ec"
accept-ranges: bytes
content-length: 11224
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   11224
Md5:    79b4956b7ec478ec10244b5e2d33ac7d
Sha1:   a46025b9d05e3df30d610a8aef14f392c7058dc9
Sha256: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/js/vivus.min.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "2eb3-5d2c3afe1d89a"
accept-ranges: bytes
content-length: 11955
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11790)
Size:   11955
Md5:    edca8ffeb6cac2f6d5f9186043d569b6
Sha1:   ff20f18369ad92eedfee40a0cd461510eef41756
Sha256: 6cbced0782f23b4da0f1c24988d05a1395af3f6399a50cdd79114f1aac5b2b0c
                                        
                                            GET /wp-content/themes/motors/assets/js/jquery.cascadingdropdown.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "3af3-5d2c3afdf119a"
accept-ranges: bytes
content-length: 15091
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   15091
Md5:    d46dc465806c94eb45c31ef252cc4d3e
Sha1:   6af119bb9785f07c0bdb0a6be7ade13cc045135c
Sha256: 17fb1aea21344fabd758897bdf5b704ee83e417efd5411c836cfef6ec2dfc41a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/motors-vin-decoder/assets/img/vin-check-btn.svg HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/svg+xml
                                        
last-modified: Fri, 30 Sep 2022 03:50:26 GMT
etag: "434-5e9dce4f3cf9d"
accept-ranges: bytes
content-length: 1076
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1076), with no line terminators
Size:   1076
Md5:    d0b222e20615087119d27f2619371dd0
Sha1:   dfa0a9fa19d7a53f94e430dc6210bb199b81d441
Sha256: d47df921df4e7d3e59b1b157ab1d80bdda634160a5e1f2f6251418964121b9f1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.7.0 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "dc69-5d9e136b05096-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12251
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (56243)
Size:   12251
Md5:    56ff26e4540fe0eb470200be12da9539
Sha1:   e55c1cf13307417eb0721280047dfe0a7e870752
Sha256: 41bd8b382a880ae6ec59d84506d7b5ba03c23eb9dd5b4044eb8f50e182fb39f4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=e36eae1c9f3075d8b2de55c94dc7e512 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 30 Sep 2022 03:49:49 GMT
etag: "14d6-5e9dce2b4f716-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1108
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5334), with no line terminators
Size:   1108
Md5:    0b06d9e311712e0f5c38e06f549d646c
Sha1:   96ffc4906d416ca3c5e0aa21fc2d6ea262b4f8bd
Sha256: e3c5dbba5924a8329f175882cd40dba5f02b082fb631dc6510119a88ce19b112
                                        
                                            GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.11 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:16:10 GMT
etag: "e197-5d9e13570059b-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12303
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (12602)
Size:   12303
Md5:    ec14123fd07ef488fc1aff60a6f99c13
Sha1:   55e9b5c3cad505a780d948349d9009867368cf6a
Sha256: 46e3efd2835c5f189acbe5c392d41ce6b86f2cfe3f064cdd6780032777f5706a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Thu, 10 Mar 2022 18:16:09 GMT
etag: "44-5d9e135542066"
accept-ranges: bytes
content-length: 68
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size:   68
Md5:    2a637d3d825673c0e3462fa4ed9a1c5c
Sha1:   81668d396da22832d75a986407ff10035e0d5899
Sha256: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
                                        
                                            GET /wp-content/themes/motors/assets/css/dist/headers/header-car_dealer.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "271fc-5d2c3afd691a1-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 10852
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   10852
Md5:    d23d8ee10642ccb21ae0153d554fda59
Sha1:   6de0a2d9861421f92ed4f77633c47ebbb9736022
Sha256: c70f9c79a5d06d76a364ba8fa18218ef77aa585888ca2a418d61753edfec6e30

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 17 Sep 2021 17:31:52 GMT
etag: "15db1-5cc344e9c4b4e"
accept-ranges: bytes
content-length: 89521
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   89521
Md5:    02dd5d04add4759122013c5ab4dc5cc2
Sha1:   a45a56e396ac549b4ff39b696ce9e0c16a7612de
Sha256: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
                                        
                                            GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/filter.js HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "f0f-5d9e13084cf3f"
accept-ranges: bytes
content-length: 3855
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3855
Md5:    4b48425e53ee05842fa3dba2952cca8c
Sha1:   d69bbb7e79c27e0b6c1dd13881c1dbc7c40ba7a3
Sha256: 2ed882d62d05459ec26f592856c0b845c01576d77982041311bca039901102a4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/stm-megamenu/assets/js/megamenu.js?ver=2.3.1 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 10 Mar 2022 18:17:22 GMT
etag: "ddc-5d9e139b93406"
accept-ranges: bytes
content-length: 3548
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3548
Md5:    1d26ded5f43ab4a713a025725d980d93
Sha1:   f6372bb22d53b2986160a3ff764f6ef2e615130c
Sha256: 69e9d8eeb0cc13a23f786c0dafd6909001e394d69d397083473ccd6ee2f0b234
                                        
                                            GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "d53-5e0322dd55ac3"
accept-ranges: bytes
content-length: 3411
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3233)
Size:   3411
Md5:    5c38aa6d5b98586ca2ba973ab8b4b6b1
Sha1:   8215983363ea0d74f99368336404b0d27217778f
Sha256: 7c4dcab706e6bf67c64df89d3f5e137cb19efa293771613f511aff1ad563a6df

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/animation.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:33 GMT
etag: "14f25-5d2c3afd4f388-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6679
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   6679
Md5:    c539b9aac3a65cca3f449ef37e548ccb
Sha1:   b87a9e1f75f50a6d22ee1d783d3689d674204f0b
Sha256: 7e9d9f8aacc325dc3d2abfa0252b9049cd3399c7f81cbf32f776c4644d0ec698

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/stm_vehicles_listing/assets/js/frontend/jquery.cookie.js HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 10 Mar 2022 18:14:48 GMT
etag: "c44-5d9e13084daf8"
accept-ranges: bytes
content-length: 3140
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3140
Md5:    0f1f6cd6e0036897019b376d38593403
Sha1:   498b29de6e170fffc8535183b7d6550490f0a159
Sha256: 8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/css/bootstrap.min.css?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "1ca38-5d2c3afd55d03-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 19250
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   19250
Md5:    a69801e0e683a8efdc50685e08da6a5c
Sha1:   6f9e7217c522f9e426b01836de5ca4b489da9cc8
Sha256: af869524400958bf10cefcd1a2790715f9f569117fabe6c69e24e5ca65e45321
                                        
                                            GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.7.0 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
etag: "76878-5d9e136a58a8c-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 45810
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65358)
Size:   45810
Md5:    bfddc4ff4e82f2dd9a33b2b0bf3bb878
Sha1:   5cb05aacf9e97c6c58e02fabd69fcae22118c200
Sha256: be6316c3e4d24d0b139c1afabe5be1fd0e84e62a0e72d9f507eb32407897d4b2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/2022/12/0-APR-Guide-What-You-Need-To-Know-Before-Financing-350x181.jpg HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/jpeg
                                        
last-modified: Wed, 07 Dec 2022 17:20:21 GMT
etag: "1d4e-5ef40229a4649"
accept-ranges: bytes
content-length: 7502
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, progressive, precision 8, 350x181, components 3\012- data
Size:   7502
Md5:    a67452cd96a0b162ac0c5d08b7b9e604
Sha1:   8432b34cab30d2e75e33b5ce0e2bd87a0e8d8d9c
Sha256: 2d13907be02b711dba70eca9cf60821584e7a571b6228c8f258b6a578af19948
                                        
                                            GET /wp-content/uploads/2021/12/cu-1-350x205.jpg HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/jpeg
                                        
last-modified: Wed, 05 Jan 2022 15:16:25 GMT
etag: "2462-5d4d73cb8db7e"
accept-ranges: bytes
content-length: 9314
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Size:   9314
Md5:    69608054e1e55088716a9f5c97b25aa9
Sha1:   01355c2d0f11001e993866564c39313be6201df7
Sha256: 27263256df09c1beea5c70b6f8c35a3935c60a98cfa4db4685c4c4357a9c85ec
                                        
                                            GET /wp-content/uploads/2017/09/2018-toyota-camry-350x205.jpg HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/jpeg
                                        
last-modified: Wed, 17 Nov 2021 23:18:02 GMT
etag: "24c7-5d10440e0d7b5"
accept-ranges: bytes
content-length: 9415
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Size:   9415
Md5:    819068307a587d984f28e60907bdfd1c
Sha1:   6e46fea8bc6c0b264e0100c94820443f729aeac3
Sha256: a52a9b7ae1715e83974c953535f27607c6cf7b36cb5825ccdf34b0af847326ae
                                        
                                            GET /wp-content/themes/motors/assets/js/stm-google-places.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "12c6-5d2c3afe18a78"
accept-ranges: bytes
content-length: 4806
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Algol 68 source text\012- Pascal source, ASCII text
Size:   4806
Md5:    f130c0956c2e19ed130561577a694499
Sha1:   1ef8515331c4861d7c8ccbcc79382802dc003c83
Sha256: 930cfdcae2f9f6e399d2cf40fe97c1ce86f97cf7f6c6994573d61f4b39ce3565

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/2022/01/img-1-960x-350x205.jpg HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/jpeg
                                        
last-modified: Thu, 06 Jan 2022 15:24:16 GMT
etag: "2c46-5d4eb76a0b233"
accept-ranges: bytes
content-length: 11334
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Size:   11334
Md5:    66cc6b8b127fc5d9149fd34ec77c20ed
Sha1:   e1dad3dceaac31074655d2e7120e0c7741ea354d
Sha256: 1ce5e67c9fb60b2215f6ef8151ddc43e3ffe1587aec9e53e4e2de3d8b65780ce
                                        
                                            GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/font-woff
                                        
last-modified: Thu, 10 Mar 2022 18:16:11 GMT
etag: "1d70-5d9e1357174d3"
accept-ranges: bytes
content-length: 7536
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 7536, version 1.0\012- data
Size:   7536
Md5:    04eb8fc57f27498e5ae37523e3bfb2c7
Sha1:   d942ae11706c3f7e511e3c49b0e4574d7ad199c4
Sha256: f7b9c3065e55fa3b9e320093612e7b30dcb14355a44ec461247b495a3e729686
                                        
                                            GET /wp-content/uploads/2015/12/6-350x205.jpg HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/jpeg
                                        
last-modified: Fri, 17 Sep 2021 18:57:33 GMT
etag: "2f88-5cc3581046509"
accept-ranges: bytes
content-length: 12168
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x205, components 3\012- data
Size:   12168
Md5:    6687e81017d51a5ae62ac9d4a8e272d2
Sha1:   fd38828d026ea40e7e0f40835767af9d7a292593
Sha256: ac63a05279b1d4d0ed62cd73480673108d526a72ff593d0f3ac6a00d072be9d0
                                        
                                            GET /wp-content/themes/motors/assets/js/lazyload.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "162f-5d2c3afdf407b"
accept-ranges: bytes
content-length: 5679
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   5679
Md5:    2e546bbdcb575cc8ccfd49e09f8a0d1e
Sha1:   de02ee8c061a9e7b019af42d6894e9a6161c044b
Sha256: 56a580939c1b8c0a26c5fab297b2efc96e7dfe1e66b22b70adc9ef440b4d2b03

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/2021/09/logo.png HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Fri, 17 Sep 2021 18:13:07 GMT
etag: "7df1-5cc34e21889ef"
accept-ranges: bytes
content-length: 32241
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1738 x 286, 8-bit/color RGBA, non-interlaced\012- data
Size:   32241
Md5:    4deff5845cbb90754c8ffabf3dfd81cd
Sha1:   1f618ced7ef5cf2a02af294275249388f6c2a835
Sha256: 5ab4cc19429e66d11688ffb55af4f733c289799eaaae054b14893ccfd13fa341
                                        
                                            GET /wp-content/themes/motors/assets/js/jquery.countdown.min.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "14db-5d2c3afdf196a"
accept-ranges: bytes
content-length: 5339
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4136)
Size:   5339
Md5:    5d3ff3c3fbaa67cc639501f44eeb07be
Sha1:   bd66e4cd58de09c198e7abc77fa4c883955d189e
Sha256: 2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/uploads/2015/12/cndy1_300x250_FINANCING.png HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Tue, 17 May 2022 12:54:28 GMT
etag: "10337-5df34a41da471"
accept-ranges: bytes
content-length: 66359
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size:   66359
Md5:    0b841c6ad2aa84d74ed2b064ba608e44
Sha1:   8cbaf0736f2be0204f37d861fad78c6ac337b763
Sha256: f1c83dd7711344434da0d72a536bbf998fb6033a93efe7a8c405aa31f4e28e76
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A1A69F0C72380E81AF95A7C3AD3A3503A5FCC46F0150AF9866B064E0FF9AA32F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 09 Dec 2022 00:08:35 GMT
Date: Thu, 08 Dec 2022 22:32:56 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /px/smart/a/?c=243b667b11e7ebf HTTP/1.1 
Host: a.clickcertain.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cardealsnearyou.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.26.9.50
HTTP/2 302 Found
content-type: text/javascript
                                        
date: Thu, 08 Dec 2022 22:32:55 GMT
location: https://a.clickcertain.com/px/?c=243b667b11e7ebf
set-cookie: _ccpx_u=f5bff976%2d6232%2d46f8%2dacbb%2d5bffb6d3124a; Expires=Fri, 08 Dec 2023 22:32:55 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-554675d589-dhtqj:cc-nginx-554675d589-dhtqj
x-requestid: cdef62d9-8a39-4433-a1ab-4c6d0be6fe20
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BljiEZ13lT7RdB1GuIWSWSWThXkWHU7NO75OSbcSX22FHpcnL4zuwDqHXv02UPNQthb9hbm%2BQ5ijh9kDmzSDN8vC%2BvgBw%2F7Z%2BtTVHY%2FH6LzfFuRN%2FtUXFLcdn600Iln2Iiuj0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7768f5b0fffd1c0a-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /wp-content/plugins/form-autocomplete-nish-premium/js/app.js?ver=2.0.1 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 19 Apr 2022 14:32:02 GMT
etag: "1c56-5dd02bd7ece60"
accept-ranges: bytes
content-length: 7254
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   7254
Md5:    7c898d32907792a4ca6d509d0c2b52af
Sha1:   b54cb8a2682a24d180f0528ef06d998f88fc3a59
Sha256: 05322da8b0c192999052935f12b463d6e5a84b224f6fae2937abeb2b27b6bebe
                                        
                                            GET /wp-includes/js/jquery/ui/droppable.min.js?ver=1.13.1 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Mon, 30 May 2022 03:23:25 GMT
etag: "19fb-5e0322dd52fca"
accept-ranges: bytes
content-length: 6651
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6469)
Size:   6651
Md5:    986cbf4f93616febf4243f6e3e76e3e9
Sha1:   7de9dd72732ca8fe46c0242749d4a705345fe0b7
Sha256: c3a015f250093ba41c36da57625051930eada74b0bb8d61b7e0c6fef36952317
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:33:54 GMT
expires: Thu, 07 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 97142
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 272415
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cardealsnearyou.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 06:30:11 GMT
expires: Sat, 02 Dec 2023 06:30:11 GMT
cache-control: public, max-age=31536000
age: 576165
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size:   30928
Md5:    ac0d2859ea5f8fd6bcb3c305c08ec184
Sha1:   7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
Sha256: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
                                        
                                            GET /tag/implement-r.js?org=9Xf4JS6qIDnMDOaZ0z86&fmt=banner&rt=click&sl=1&fq=1&p=709&a=true&cmp=cdny HTTP/1.1 
Host: c.fqtag.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.190.72.161
HTTP/2 200 OK
content-type: application/javascript
                                        
expires: 0
cache-control: no-cache, no-store, must-revalidate
x-xss-protection: 0
pragma: no-cache
date: Thu, 08 Dec 2022 22:32:56 GMT
access-control-allow-origin: *
content-length: 2656
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2656), with no line terminators
Size:   2656
Md5:    1655d6738c7a8d8cf38328b38bcc14ef
Sha1:   3f73cfb7fdc81597e6ac7a071b447f6e077f2047
Sha256: 2fcc11439f4d738ec565b2d8711b0026de531a922eb0de7a4623f5ca8d6f1b07
                                        
                                            GET /gtm.js?id=GTM-N68RHD7 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 22:32:56 GMT
expires: Thu, 08 Dec 2022 22:32:56 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90129
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (41285)
Size:   90129
Md5:    af8fe4d6531fed80bef9c5b7a2f84130
Sha1:   e30bb170f9ae149fe0d8985b05d2d98926c3b685
Sha256: 802296833e878bef6841427811f51dd996a9dbf240aa39e4ab5186ce0a90d5e4
                                        
                                            GET /main.js HTTP/1.1 
Host: rtxpx-a.akamaihd.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.76.145
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: TAyOzEssvwNa8Am544iCz+NPIUwkgHSMu1TJHwcbKWQUosr9T6tD1fEX9XrX6lqnY5FnpTYUmoc=
x-amz-request-id: C831BE0276127BEE
Last-Modified: Thu, 28 Jan 2021 21:02:34 GMT
ETag: "0e00eda4d7973d0a511ce8aae95bef1c"
Accept-Ranges: bytes
Server: AmazonS3
Unused62: 8096267
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Thu, 08 Dec 2022 22:32:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 08 Dec 2022 22:32:56 GMT
Content-Length: 30922
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (50918), with NEL line terminators
Size:   30922
Md5:    abe669990a8ec7d16c36e0c32e80abf9
Sha1:   b46a4bd88e20175b4e660e9e52b8eaef9c59373a
Sha256: 7b3b6a221e62ae6765c49111c8697db2c40cce8651cc8f6d6feb2e58a1dde95f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A1A69F0C72380E81AF95A7C3AD3A3503A5FCC46F0150AF9866B064E0FF9AA32F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 09 Dec 2022 00:08:35 GMT
Date: Thu, 08 Dec 2022 22:32:56 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Dec 2022 22:32:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/themes/motors/assets/js/jquery.uniform.min.js?ver=5.1.2 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 10 Dec 2021 05:06:34 GMT
etag: "216b-5d2c3afdf3c93"
accept-ranges: bytes
content-length: 8555
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8555), with no line terminators
Size:   8555
Md5:    602e6f2ddacb95ef0f3061fd2a671f87
Sha1:   91cbe28c3c5cf6187680f4529f0c40e4cf6098ff
Sha256: 8db04d82f75d8073b25dc594a13c2dafdfb762f8d66ed1dd32f95c3420868a6a
                                        
                                            GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.1 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 30 Sep 2022 03:49:49 GMT
etag: "222e-5e9dce2b5f503"
accept-ranges: bytes
content-length: 8750
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (8750), with no line terminators
Size:   8750
Md5:    5f7dca83f1cac6295b0d4c72e325ac20
Sha1:   e0aacf1cfd0d8ed4bc37c8ef2be23d46513b71ed
Sha256: af735813266cdf52a38a6e1583a86066db357469ceded2d7ea8335b298d73d65

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1 
Host: www.cardealsnearyou.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cardealsnearyou.com/?utm_source=709&utm_medium=cpc&utm_campaign=8396&utm_content&utm_term
Cookie: stm_visitor_1=84325358
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         8.38.122.197
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 25 Oct 2022 16:45:04 GMT
etag: "26d1-5ebdea14ce207"
accept-ranges: bytes
content-length: 9937
x-signature: KUSANAGI
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 22:32:55 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9937), with no line terminators
Size:   9937
Md5:    dc74c9954b1944928eca0172c3b8c6b3
Sha1:   e9e00e587e0e28491b69563b4e768945ff2e0ed5
Sha256: d7eff2d3185c4035edbe18b653f9da26c2d872e03c92419542ed524d569fe81b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/motors/assets/js/app-header-scroll.js?ver=5.1.2 HTTP/1.1