urlquery - report: craftbuilders.com/http:/craftbuilders.com/mtm/async/

Overview

URL	craftbuilders.com/http:/craftbuilders.com/mtm/async/
IP	173.255.194.134
ASN	Linode, LLC
Location	United States
Report completed	2022-08-06 05:26:52 UTC
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blocklists

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2022-08-06	2	craftbuilders.com/http:/craftbuilders.com/mtm/async/	Malware
2022-08-06	2	craftbuilders.com/mtm/async/.eJxlTTsOwjAMvUvGEtWMUMRZkBvcNlKcBMeFIsTdSYEJtv (...)	Malware
2022-08-06	2	www1.craftbuilders.com/ls.php	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

Files

No files detected

Passive DNS (15)

Passive DNS Source	Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
[Mnemonic Passive DNS]	firefox.settings.services.mozilla.com (2)	867	2016-03-17 08:25:01 UTC	2020-05-25 20:01:47 UTC	54.230.111.7
[Mnemonic Passive DNS]	contile.services.mozilla.com (1)	1114	No data	No data	34.117.237.239
[Mnemonic Passive DNS]	d1lxhc4jvstzrp.cloudfront.net (5)	0	No data	No data	54.230.245.141	Unknown ranking
[Mnemonic Passive DNS]	ocsp.digicert.com (1)	86	2012-11-29 12:49:49 UTC	2022-08-06 05:01:09 UTC	93.184.220.29
[Mnemonic Passive DNS]	img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-08-05 06:49:03 UTC	34.120.237.76
[Mnemonic Passive DNS]	r3.o.lencr.org (6)	344	2020-12-02 08:52:13 UTC	2022-08-05 04:57:18 UTC	23.36.76.226
[Mnemonic Passive DNS]	push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2022-08-05 05:06:17 UTC	54.187.145.153
[Mnemonic Passive DNS]	partner.googleadservices.com (1)	798	2017-01-30 04:56:54 UTC	2022-08-06 04:58:18 UTC	142.250.74.98
[Mnemonic Passive DNS]	www.google.com (3)	7	2012-05-22 04:23:54 UTC	2022-08-06 02:10:45 UTC	142.250.74.164
[Mnemonic Passive DNS]	c.parkingcrew.net (2)	70582	No data	No data	185.53.178.30
[Mnemonic Passive DNS]	afs.googleusercontent.com (2)	12123	2017-01-30 05:39:23 UTC	2022-08-05 06:46:27 UTC	142.250.74.1
[Mnemonic Passive DNS]	craftbuilders.com (2)	0	No data	No data	45.33.23.183	Unknown ranking
[Mnemonic Passive DNS]	content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-08-06 04:57:51 UTC	54.230.111.99
[Mnemonic Passive DNS]	www1.craftbuilders.com (7)	0	2022-07-14 22:27:14 UTC	2022-07-26 15:41:55 UTC	13.248.148.254	Unknown ranking
[Mnemonic Passive DNS]	ocsp.pki.goog (7)	175	2017-06-14 07:23:31 UTC	2022-08-06 04:58:04 UTC	142.250.74.3

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 173.255.194.134

Date	UQ / IDS / BL	URL	IP
2022-08-14 06:22:02 +0000	0 - 0 - 2	tits.net/mtm/direct/.eJxdycEKwjAQhOF32WMNXY9a (...)	173.255.194.134
2022-08-14 04:04:29 +0000	0 - 0 - 1	westfieldsrewards.co.uk/mtm/direct/.eJx1ykEOw (...)	173.255.194.134
2022-08-14 03:13:50 +0000	0 - 0 - 2	scuolamedia.valdocco.com/	173.255.194.134
2022-08-14 01:32:15 +0000	0 - 0 - 1	animalpas.com/mtm/direct/.eJxdissKAjEMRf8ly7F (...)	173.255.194.134
2022-08-14 01:27:14 +0000	0 - 0 - 3	cabinentparts.com/	173.255.194.134
2022-08-14 01:02:52 +0000	0 - 0 - 2	sffurniture.com/mtm/direct/.eJxliksKAjEQBe_Sy (...)	173.255.194.134
2022-08-13 22:21:14 +0000	0 - 0 - 1	innhanse.com/mtm/direct/.eJxdikEKAjEMRe-S5Vgm (...)	173.255.194.134
2022-08-13 20:55:13 +0000	0 - 0 - 1	sweetgirlsmovies.com/mtm/direct/.eJx1ikEOwjAM (...)	173.255.194.134
2022-08-13 20:51:25 +0000	0 - 0 - 2	efrain.www.com/	173.255.194.134
2022-08-13 20:22:14 +0000	0 - 0 - 1	dainstitute.in/mtm/direct/.eJxlikEKAjEMRe-S5V (...)	173.255.194.134

Last 10 reports on ASN: Linode, LLC

Date	UQ / IDS / BL	URL	IP
2022-08-14 06:26:59 +0000	0 - 0 - 2	cheatshacksfreedownload.com/mtm/direct/.ejx9i (...)	198.58.118.167
2022-08-14 06:26:46 +0000	0 - 0 - 2	advanced-esthetic.us/http:/advanced-esthetic. (...)	198.58.118.167
2022-08-14 06:24:33 +0000	0 - 0 - 3	blackarse.com/mtm/direct/.ejxdikeowjambp_iy4l (...)	45.79.19.196
2022-08-14 06:23:47 +0000	0 - 0 - 2	tarotcanada.com/mtm/direct/.eJxliksKAkEMBe-S5 (...)	45.33.18.44
2022-08-14 06:22:02 +0000	0 - 0 - 2	tits.net/mtm/direct/.eJxdycEKwjAQhOF32WMNXY9a (...)	173.255.194.134
2022-08-14 06:19:07 +0000	0 - 0 - 3	indianmoviemall.com/	45.33.30.197
2022-08-14 06:00:03 +0000	0 - 0 - 1	accessalohatravel.com/mtm/direct/.eJx1ikEKAjE (...)	72.14.185.43
2022-08-14 05:45:16 +0000	0 - 0 - 2	mothernature.one/wp-content/plugins/woocommer (...)	45.33.20.235
2022-08-14 05:16:47 +0000	0 - 0 - 1	athleticclearance.org/mtm/direct/.eJx1yssKwkA (...)	96.126.123.244
2022-08-14 04:57:56 +0000	0 - 0 - 2	totalfarm.com/	45.33.23.183

No other reports on domain: craftbuilders.com

JavaScript

Executed Scripts (26)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (47)

Request	Response
GET /http:/craftbuilders.com/mtm/async/ HTTP/1.1 Host: craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	$Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (320) Size: 7111 Md5: 5fc7cd953c6a6252762102c569856954$ 45.33.23.183 HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Sat, 06 Aug 2022 05:26:41 GMT content-type: text/html; charset=utf-8 content-length: 7111 vary: Accept-Language content-language: en connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (320) Size: 7111 Md5: 5fc7cd953c6a6252762102c569856954 Sha1: 0c5669471e7de8eb08ca487540fb104cc7eca95a Sha256: 867ad2b5a81cb0f0e30177875cb7c4b92a596c2a0e222b427b992bac8afddc81 Alerts: Blocklists: - fortinet: Malware
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40$ 54.230.111.7 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Sat, 06 Aug 2022 05:02:19 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: 3vKAAhtkPht5OQum4gAk_s39-fmR343v8cTiDpDkCG62sDO93uFz5Q== Age: 1462 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40 Sha1: 57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2 Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "F055127A4794D0F76CB4DF8F290DF8E259258A63398A700F592C859DFFE9AC34" Last-Modified: Thu, 04 Aug 2022 23:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2221 Expires: Sat, 06 Aug 2022 06:03:42 GMT Date: Sat, 06 Aug 2022 05:26:41 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 897b60146adb68539b3dc20e78ef2ece Sha1: eace3c5af0104a58586040660a2565bbde5d3d72 Sha256: f055127a4794d0f76cb4df8f290df8e259258a63398a700f592c859dffe9ac34
GET /chains/remote-settings.content-signature.mozilla.org-2022-09-19-18-34-07.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	$Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 578b9ff83ff3950ab2a3d1a8344d2938$ 54.230.111.99 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Sun, 31 Jul 2022 18:34:08 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Sat, 06 Aug 2022 04:15:27 GMT etag: "578b9ff83ff3950ab2a3d1a8344d2938" x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 4ysgUSjUzQxlpVbqzuxDyWe5VBfpU5K4hfhfUMnXxshzSilPvx4kFg== age: 4275 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 578b9ff83ff3950ab2a3d1a8344d2938 Sha1: 39d48b67ba6aa45ec01767725e726cf9b0c87a70 Sha256: 35c99da9a5463a4788ceab7cf4b027bb25506cde28ace36c70d0bc924138f2f5
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6$ 34.117.237.239 HTTP/2 200 OK server: nginx date: Sat, 06 Aug 2022 05:26:41 GMT content-type: application/json content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /mtm/async/.eJxlTTsOwjAMvUvGEtWMUMRZkBvcNlKcBMeFIsTdSYEJtvd_DzOLN52BSTV34AQH7WcfziSldYmBlQHLPTow1qCMpYYrEhpISD5kSkVPEZkq_VtYa85R1moqLVqfOFjMOXiH6lOEZVU2y6_K4XA5btu99YwjAV798IU36rNtoHn7O_N8AUwOQ8c:1oKCKf:gFCVQAbJU496aD2wedFyQHagWZw/1/0 HTTP/1.1 Host: craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://craftbuilders.com/http:/craftbuilders.com/mtm/async/ Connection: keep-alive	45.33.23.183 HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Sat, 06 Aug 2022 05:26:41 GMT content-type: text/html; charset=utf-8 content-length: 387 x-mtm-path: 7 x-mtm-prov: 308:0.00;300:0.00 x-mtm-rd: 0.00 vary: Accept-Language content-language: en set-cookie: mtm_delivered=WyJjcmFmdGJ1aWxkZXJzLmNvbSIsImh0dHA6Ly93d3cxLmNyYWZ0YnVpbGRlcnMuY29tLz90bT0xJnN1YmlkND0xNjU5NzYzNjAxLjAzMTcwMjAwMDAmS1cxPUJlc3QlMjBNb3J0Z2FnZSUyMFJlZmluYW5jaW5nJTIwUmF0ZXMmS1cyPUVsaXRlJTIwRGF0aW5nJTIwU2VydmljZXMmS1czPURlZGljYXRlZCUyMEdhbWluZyUyMFNlcnZlcnMmS1c0PUIyQiUyMFRyYXZlbCUyMEJvb2tpbmclMjBTeXN0ZW0mS1c1PUVsaXRlJTIwRGF0aW5nJTIwU2VydmljZXMmS1c2PU1ha2UlMjBNb25leSUyMEZyb20lMjBIb21lJktXNz1FbGl0ZSUyMERhdGluZyUyMFNlcnZpY2UmS1c4PUIyQiUyMFRyYXZlbCUyMEJvb2tpbmclMjBTeXN0ZW0mS1c5PUZyZWUlMjBDcmVkaXQlMjBDYXJkJTIwQXBwbHkmc2VhcmNoYm94PTAmYmFja2ZpbGw9MCIsMSwiMjAyMi0wOC0wNiAwNToyNjo0MSIsMSwiMTY1OTc2MzYwMS4wMzE3MDIwMDAwIiwzMDgsbnVsbCxudWxsXQ:1oKCKf:-g_akZfJniLZfbULHRI25_RqPU0; expires=Sat, 06-Aug-2022 06:26:41 GMT; Max-Age=3600; Path=/ connection: close --- Additional Info --- Magic: ASCII text, with very long lines (387), with no line terminators Size: 387 Md5: 0fb2e613234f13a6855eddcac192708b Sha1: 1a0af4ac7e9fdd31cb872a567510e18c13faee80 Sha256: c7a243820b4007997e7606160374708a9d52bdbabbf191132d9f1298207d5226 Alerts: Blocklists: - fortinet: Malware
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243$ 54.230.111.7 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Date: Sat, 06 Aug 2022 05:16:14 GMT Cache-Control: max-age=3600 Expires: Sat, 06 Aug 2022 05:24:55 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: C4vTyH3lcCuZoUhcGAMYPnYGO8iLRoxoO71MiM2mb_wlJd4hri_TNA== Age: 628 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /?tm=1&subid4=1659763601.0317020000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Dedicated%20Gaming%20Servers&KW4=B2B%20Travel%20Booking%20System&KW5=Elite%20Dating%20Services&KW6=Make%20Money%20From%20Home&KW7=Elite%20Dating%20Service&KW8=B2B%20Travel%20Booking%20System&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0 HTTP/1.1 Host: www1.craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://craftbuilders.com/ Upgrade-Insecure-Requests: 1	$Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018) Size: 5572 Md5: efedcb9015472ecc961b5d8fc43c2f54$ 13.248.148.254 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Sat, 06 Aug 2022 05:26:42 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Buckets: bucket103 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_tRdUgvk2KYyFu8Ky59C7G8Ey5oGsWO820HhKvuM8m/hH2NIi/5qc2souKxkqtDR6TdibqgMTEQ2uHRcnQLIwCA== X-Template: tpl_Urspring_twoclick X-Language: norwegian Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3018) Size: 5572 Md5: efedcb9015472ecc961b5d8fc43c2f54 Sha1: 226b19890e2708728201a57421ff3e61fb015bcb Sha256: 4aaad3a1ffa4bbc163f32ec5c7146747b021c350e7bded42b7be5015480071e9
GET /scripts/js3caf.js HTTP/1.1 Host: d1lxhc4jvstzrp.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/	54.230.245.141 HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 7000 Connection: keep-alive Server: nginx Date: Sat, 06 Aug 2022 00:50:16 GMT Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT Accept-Ranges: bytes ETag: "600022c9-1b58" X-Cache: Hit from cloudfront Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: CjwvzCN1yzt8iX354Ajdm2HeY56rocgYlk1_bztSERuBZVy0txw3nQ== Age: 16586 --- Additional Info --- Magic: ASCII text, with very long lines (316) Size: 7000 Md5: cce7f943ec8e7b4ba13be4aba6b463d9 Sha1: 220f3e8ca723daa91fd040cf518991a65f2bf110 Sha256: ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
GET /themes/urspring_2fef8ec8/style.css HTTP/1.1 Host: d1lxhc4jvstzrp.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/	54.230.245.141 HTTP/1.1 200 OK Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Server: nginx Date: Fri, 05 Aug 2022 16:43:33 GMT Last-Modified: Tue, 17 May 2022 14:10:00 GMT Content-Encoding: gzip ETag: W/"6283acb8-577" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: n1HsLCQfanrqJGPoCk6YGwL7duvNQwReaWMnm-yeFWbK17zQ0XzSDA== Age: 45789 --- Additional Info --- Magic: ASCII text Size: 595 Md5: 3467fcf391de4afa7667a4f28cf9bdee Sha1: e0bd69005cd9f0a608a230c8268e26e529240258 Sha256: 55ed4b318bf91e37cdca77a89b672b77f88ac9faf184aa4c63e5bcf5971141bc
GET /themes/assets/style.css HTTP/1.1 Host: d1lxhc4jvstzrp.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/	54.230.245.141 HTTP/1.1 200 OK Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Server: nginx Date: Fri, 05 Aug 2022 06:34:09 GMT Last-Modified: Tue, 12 May 2020 14:25:52 GMT Content-Encoding: gzip ETag: W/"5ebab1f0-33d" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: erBIS9UwCOaIoefFsSTCHwxpPMNmhNK5-stqMzRXlJ5UjYsBuJ6REQ== Age: 82353 --- Additional Info --- Magic: ASCII text Size: 343 Md5: 03a4a8c322fc0c99b0ee7cbbcc9eabcd Sha1: 6fc193276de2a3458cd853c474cb9269b900e00d Sha256: a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /adsense/domains/caf.js HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/	142.250.74.164 HTTP/1.1 200 OK Content-Type: text/javascript; charset=UTF-8 Accept-Ranges: bytes Vary: Accept-Encoding Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Date: Sat, 06 Aug 2022 05:26:42 GMT Expires: Sat, 06 Aug 2022 05:26:42 GMT Cache-Control: private, max-age=3600 ETag: "10318188865445771520" X-Content-Type-Options: nosniff Content-Encoding: gzip Transfer-Encoding: chunked Server: sffe X-XSS-Protection: 0 --- Additional Info --- Magic: ASCII text, with very long lines (2174) Size: 53347 Md5: b49b218d7f687ba7c72c44f928ea01e6 Sha1: 63fa95be78e6f1aa7938b2c16311a93d1ef5cded Sha256: 524ae14cebf76a15f15af3f75f021dbfa3c84b6e4af311ad850733a45395dac2
GET /scripts/sale_form.js HTTP/1.1 Host: c.parkingcrew.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/	185.53.178.30 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Sat, 06 Aug 2022 05:26:42 GMT Content-Length: 761 Connection: keep-alive Last-Modified: Tue, 12 May 2020 14:25:52 GMT ETag: "5ebab1f0-2f9" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text Size: 761 Md5: 64f809e06446647e192fce8d1ec34e09 Sha1: 5b7ced07da42e205067afa88615317a277a4a82c Sha256: f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 3052 Cache-Control: max-age=99091 Date: Sat, 06 Aug 2022 05:26:42 GMT Etag: "62eccfb9-1d7" Expires: Sun, 07 Aug 2022 08:58:13 GMT Last-Modified: Fri, 05 Aug 2022 08:07:21 GMT Server: ECS (ska/F705) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: ee9c2d2db5cdffcdf3d0de9dec5a75a7 Sha1: bfc2ba6d838914231592d4bdf57f03ae7fa829f5 Sha256: b5c8c1af3e56b1edd64a616826135ddfb269fdbe2a6b965a4b0eacc6fe5c6849
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: TwTJB1c4gR8zbXLyrZsWrQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	54.187.145.153 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: miKRHFtBufdqIb1dacQix1axScY= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /themes/urspring_2fef8ec8/img/arrows.png HTTP/1.1 Host: d1lxhc4jvstzrp.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/style.css	$Magic: PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data Size: 11375 Md5: 0cb2e5165dc9324eb462199f04e1ffa9$ 54.230.245.141 HTTP/1.1 200 OK Content-Type: image/png Content-Length: 11375 Connection: keep-alive Server: nginx Date: Sat, 06 Aug 2022 05:02:31 GMT Last-Modified: Tue, 17 May 2022 14:10:00 GMT Accept-Ranges: bytes ETag: "6283acb8-2c6f" X-Cache: Hit from cloudfront Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: jEphBXXeo8IG_pJ8-4E0l8_dBrNFA7idYgYc9OvOe16PVjoS0f89dg== Age: 1452 --- Additional Info --- Magic: PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data Size: 11375 Md5: 0cb2e5165dc9324eb462199f04e1ffa9 Sha1: 9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8 Sha256: 67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /favicon.ico HTTP/1.1 Host: www1.craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/?tm=1&subid4=1659763601.0317020000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Dedicated%20Gaming%20Servers&KW4=B2B%20Travel%20Booking%20System&KW5=Elite%20Dating%20Services&KW6=Make%20Money%20From%20Home&KW7=Elite%20Dating%20Service&KW8=B2B%20Travel%20Booking%20System&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0	13.248.148.254 HTTP/1.1 200 OK Content-Type: image/x-icon Date: Sat, 06 Aug 2022 05:26:43 GMT Content-Length: 0 Connection: keep-alive Server: nginx Last-Modified: Tue, 12 May 2020 14:25:52 GMT ETag: "5ebab1f0-0" Accept-Ranges: bytes --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track.php?domain=craftbuilders.com&toggle=browserjs&uid=MTY1OTc2MzYwMi4yNTExOmQxYzdlNTIxMmU3ZDM3Yzk4MjkzNDZjMTE3MzFmZjI0Y2FkMWM2NTY1OGQyOGU4YzViYjUzNzc2MzJkMzUwNzE6NjJlZGZiOTIzZDRjMA%3D%3D HTTP/1.1 Host: www1.craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/?tm=1&subid4=1659763601.0317020000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Dedicated%20Gaming%20Servers&KW4=B2B%20Travel%20Booking%20System&KW5=Elite%20Dating%20Services&KW6=Make%20Money%20From%20Home&KW7=Elite%20Dating%20Service&KW8=B2B%20Travel%20Booking%20System&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0	13.248.148.254 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Sat, 06 Aug 2022 05:26:43 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Custom-Track: browserjs Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip --- Additional Info --- Magic: data Size: 20 Md5: a4745abc5e7fdb89cc6df3069f3c6e69 Sha1: 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: f186efd9f74ae592f2ee45e97149e2a3 Sha1: 3875eb46c68554850f5871604d9fad421415f9f5 Sha256: 15cc3dabd9eb27be33bcef5e43d7ff98af1535d11612c1174db255d1b39c7fc3
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000534%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Best%20Mortgage%20Refinancing%20Rates%2CElite%20Dating%20Services%2CDedicated%20Gaming%20Servers%2CB2B%20Travel%20Booking%20System%2CElite%20Dating%20Services%2CMake%20Money%20From%20Home%2CElite%20Dating%20Service%2CB2B%20Travel%20Booking%20System%2CFree%20Credit%20Card%20Apply&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300953%2C17300956&format=r9%7Cs&nocache=6191659763603444&num=0&output=afd_ads&domain_name=www1.craftbuilders.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1659763603444&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&uio=--&cont=tc&jsid=caf&jsv=464605827&rurl=http%3A%2F%2Fwww1.craftbuilders.com%2F%3Ftm%3D1%26subid4%3D1659763601.0317020000%26KW1%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW2%3DElite%2520Dating%2520Services%26KW3%3DDedicated%2520Gaming%2520Servers%26KW4%3DB2B%2520Travel%2520Booking%2520System%26KW5%3DElite%2520Dating%2520Services%26KW6%3DMake%2520Money%2520From%2520Home%26KW7%3DElite%2520Dating%2520Service%26KW8%3DB2B%2520Travel%2520Booking%2520System%26KW9%3DFree%2520Credit%2520Card%2520Apply%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fcraftbuilders.com%2F&adbw=master-1%3A530 HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://www1.craftbuilders.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	$Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8240) Size: 2459 Md5: 0877f74742abd42e176ce66c2244610c$ 142.250.74.164 HTTP/2 200 OK content-type: text/html; charset=UTF-8 content-disposition: inline date: Sat, 06 Aug 2022 05:26:43 GMT expires: Sat, 06 Aug 2022 05:26:43 GMT cache-control: private, max-age=3600 content-encoding: br server: gws content-length: 2459 x-xss-protection: 0 set-cookie: CONSENT=PENDING+631; expires=Mon, 05-Aug-2024 05:26:43 GMT; path=/; domain=.google.com; Secure p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8240) Size: 2459 Md5: 0877f74742abd42e176ce66c2244610c Sha1: ebeb1428beafcaa017a2f7916336fd57d51f738a Sha256: ba74d421516a7d5285b544655a35dc9fed69f5ef3261a1a3c209b8a2cdda1f0d
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: c8965ef8a1a858ba992cda89452a9e60 Sha1: ac98d5a71e5c4838d8f610520f1c758663a94412 Sha256: 2c673e20f6572669c4fbf2966ab35fbe4595b27259f7e33762f1d08eaaf1b549
GET /gampad/cookie.js?domain=www1.craftbuilders.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1 Host: partner.googleadservices.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://www1.craftbuilders.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	142.250.74.98 HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin content-type: text/javascript; charset=UTF-8 x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip date: Sat, 06 Aug 2022 05:26:43 GMT server: cafe cache-control: private content-length: 188 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with no line terminators Size: 188 Md5: 18215bc11b8f493150ec245eece62094 Sha1: cc931202ca7708fd22023a2a59bf6b79ca34f6d9 Sha256: f146ba138132134047f1be19a8206aceef2c61f041d7f87efe9415ce1bc32a0b
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 83b236b553fa7d29608af3f9a86c6af0 Sha1: 6202bdcb064fd381cde2485a3105750c42fe692d Sha256: 1462d24e74f70b40fcf450c2ba1a4f5575bf20f15e4b9855ff3bcc0ec1fae41c
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: c8965ef8a1a858ba992cda89452a9e60 Sha1: ac98d5a71e5c4838d8f610520f1c758663a94412 Sha256: 2c673e20f6572669c4fbf2966ab35fbe4595b27259f7e33762f1d08eaaf1b549
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 3c01a986bff6780f56d885da12579e2a Sha1: a0d8e208182caa7e3d4aea1e85ac96c6be9b10b0 Sha256: 9a9d6c5f410f632ea1ec20c1f145b5a4b9c0febd718132280476a4ed89cd0321
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 3c01a986bff6780f56d885da12579e2a Sha1: a0d8e208182caa7e3d4aea1e85ac96c6be9b10b0 Sha256: 9a9d6c5f410f632ea1ec20c1f145b5a4b9c0febd718132280476a4ed89cd0321
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	$Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390) Size: 272 Md5: bbbac37f0b6e29a6099e4aa7cb19d6ca$ 142.250.74.1 HTTP/2 200 OK accept-ranges: bytes vary: Accept-Encoding content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 272 x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 date: Sat, 06 Aug 2022 01:16:13 GMT expires: Sun, 07 Aug 2022 00:16:13 GMT cache-control: public, max-age=82800 age: 15030 last-modified: Thu, 19 Dec 2019 14:15:00 GMT content-type: image/svg+xml alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390) Size: 272 Md5: bbbac37f0b6e29a6099e4aa7cb19d6ca Sha1: 0acafe95e2141f0af6109203efeb2d98e6b926c6 Sha256: a3d7b37475de5a3a350d4dc4790f14a6a5f4045726d2eae4cbe9bd59aeba2fe2
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	$Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators Size: 174 Md5: 4de8b85c8915995b571bde50e231be7c$ 142.250.74.1 HTTP/2 200 OK accept-ranges: bytes vary: Accept-Encoding content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 174 x-content-type-options: nosniff content-encoding: gzip server: sffe x-xss-protection: 0 date: Sat, 06 Aug 2022 02:16:27 GMT expires: Sun, 07 Aug 2022 01:16:27 GMT cache-control: public, max-age=82800 age: 11416 last-modified: Thu, 22 Oct 2020 21:45:00 GMT content-type: image/svg+xml alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators Size: 174 Md5: 4de8b85c8915995b571bde50e231be7c Sha1: 29c226ca7b9cbe1d44e5480ce95bbb42727b2d99 Sha256: 2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 3c01a986bff6780f56d885da12579e2a Sha1: a0d8e208182caa7e3d4aea1e85ac96c6be9b10b0 Sha256: 9a9d6c5f410f632ea1ec20c1f145b5a4b9c0febd718132280476a4ed89cd0321
GET /?tm=1&subid4=1659763601.0317020000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Dedicated%20Gaming%20Servers&KW4=B2B%20Travel%20Booking%20System&KW5=Elite%20Dating%20Services&KW6=Make%20Money%20From%20Home&KW7=Elite%20Dating%20Service&KW8=B2B%20Travel%20Booking%20System&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0 HTTP/1.1 Host: www1.craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: __gsas=ID=66e1138f0233bb81:T=1659763603:S=ALNI_MYfo0NJ_jwpE3iZ3lUXOOkHA7H7Ew Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0	$Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2986) Size: 5606 Md5: 83a46995f6d41583848d217227405829$ 13.248.148.254 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Sat, 06 Aug 2022 05:26:43 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Buckets: bucket103 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_tRdUgvk2KYyFu8Ky59C7G8Ey5oGsWO820HhKvuM8m/hH2NIi/5qc2souKxkqtDR6TdibqgMTEQ2uHRcnQLIwCA== X-Template: tpl_Urspring_twoclick X-Language: norwegian Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2986) Size: 5606 Md5: 83a46995f6d41583848d217227405829 Sha1: 3182c60d19ea9141e5c262c062c0a5406a891404 Sha256: 764f460ffb9a11691e8e60069d86fa97eae72c65064413e2e45e703269ea753e
GET /scripts/js3caf.js HTTP/1.1 Host: d1lxhc4jvstzrp.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/ If-Modified-Since: Thu, 14 Jan 2021 10:54:01 GMT If-None-Match: "600022c9-1b58" Cache-Control: max-age=0	54.230.245.141 HTTP/1.1 304 Not Modified Connection: keep-alive Server: nginx Date: Sat, 06 Aug 2022 00:50:16 GMT Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT ETag: "600022c9-1b58" X-Cache: Hit from cloudfront Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: 0qFVJ5ZLwqZNEhx2xSjX-lRRbzxok24AJJbnRc-b_a-dFKGwiokqnQ== Age: 16587 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adsense/domains/caf.js HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/ If-None-Match: "10318188865445771520" Cache-Control: max-age=0	142.250.74.164 HTTP/1.1 304 Not Modified Content-Type: text/javascript; charset=UTF-8 Cross-Origin-Resource-Policy: cross-origin Date: Sat, 06 Aug 2022 05:26:43 GMT Expires: Sat, 06 Aug 2022 05:26:43 GMT Cache-Control: private, max-age=3600 ETag: "10318188865445771520" X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/sale_form.js HTTP/1.1 Host: c.parkingcrew.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/ If-Modified-Since: Tue, 12 May 2020 14:25:52 GMT If-None-Match: "5ebab1f0-2f9" Cache-Control: max-age=0	185.53.178.30 HTTP/1.1 304 Not Modified Server: nginx Date: Sat, 06 Aug 2022 05:26:43 GMT Connection: keep-alive Last-Modified: Tue, 12 May 2020 14:25:52 GMT ETag: "5ebab1f0-2f9" --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632" Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9527 Expires: Sat, 06 Aug 2022 08:05:31 GMT Date: Sat, 06 Aug 2022 05:26:44 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7a0a47597b227144ff5720a6c9f2a348 Sha1: 97573348eaf4c2c512a8c0fc60838f8148e05937 Sha256: 7d129895dd82ace0d70fe0d261b7c2e924e869686cedf20c238efa6bfdf5e632
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632" Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9527 Expires: Sat, 06 Aug 2022 08:05:31 GMT Date: Sat, 06 Aug 2022 05:26:44 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7a0a47597b227144ff5720a6c9f2a348 Sha1: 97573348eaf4c2c512a8c0fc60838f8148e05937 Sha256: 7d129895dd82ace0d70fe0d261b7c2e924e869686cedf20c238efa6bfdf5e632
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632" Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9527 Expires: Sat, 06 Aug 2022 08:05:31 GMT Date: Sat, 06 Aug 2022 05:26:44 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7a0a47597b227144ff5720a6c9f2a348 Sha1: 97573348eaf4c2c512a8c0fc60838f8148e05937 Sha256: 7d129895dd82ace0d70fe0d261b7c2e924e869686cedf20c238efa6bfdf5e632
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632" Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9527 Expires: Sat, 06 Aug 2022 08:05:31 GMT Date: Sat, 06 Aug 2022 05:26:44 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7a0a47597b227144ff5720a6c9f2a348 Sha1: 97573348eaf4c2c512a8c0fc60838f8148e05937 Sha256: 7d129895dd82ace0d70fe0d261b7c2e924e869686cedf20c238efa6bfdf5e632
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632" Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9527 Expires: Sat, 06 Aug 2022 08:05:31 GMT Date: Sat, 06 Aug 2022 05:26:44 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7a0a47597b227144ff5720a6c9f2a348 Sha1: 97573348eaf4c2c512a8c0fc60838f8148e05937 Sha256: 7d129895dd82ace0d70fe0d261b7c2e924e869686cedf20c238efa6bfdf5e632
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1ae090b-bd08-4d44-b23a-0bfd6cc477c8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7455 Md5: 4c27632b8dd3a8b51eb11b1e8c782bdc$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 7455 x-amzn-requestid: 60252637-ff5f-4669-a63b-d439ca5891b8 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: WYMgKG-YoAMFmKw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62ecc134-2f732b45133bdc8e253ee0e4;Sampled=0 x-amzn-remapped-date: Fri, 05 Aug 2022 07:05:24 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: H-sOCFSZRcChV3-DUQ9bXRtNELuLtLX2HG-Huv0SNw5EEwY0JAr22Q== via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google date: Fri, 05 Aug 2022 07:51:09 GMT age: 77735 etag: "1f5fdbe8a1d612c91465dfc0f7ea46cf76910ad1" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7455 Md5: 4c27632b8dd3a8b51eb11b1e8c782bdc Sha1: 1f5fdbe8a1d612c91465dfc0f7ea46cf76910ad1 Sha256: a1ae68cde33d5e50b86fa9f33e544bbfc30ec78d853f89be2c20363923ad164d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbac29577-51fc-49f4-aa62-7bd10918f86c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10404 Md5: eb923e3f6bc2cea92c6be5adf2bd5f24$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 10404 x-amzn-requestid: 6b6adca1-a218-4b44-9da8-4f08cc10d3fb x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: WaNkhHBHoAMFk4g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62ed8fb6-241e27c07eff88721b51690f;Sampled=0 x-amzn-remapped-date: Fri, 05 Aug 2022 21:46:30 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: YiiwvDfkYJRWqTb7pPLrLz7fr2xw3uhUjr-eeY_pncDGmvQmfBo4gQ== via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google date: Fri, 05 Aug 2022 22:02:43 GMT age: 26641 etag: "429ef7bfc7ee3df047dbdd1f6fe3b5fd71e627ea" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10404 Md5: eb923e3f6bc2cea92c6be5adf2bd5f24 Sha1: 429ef7bfc7ee3df047dbdd1f6fe3b5fd71e627ea Sha256: a06cb841220e89bc85c0d2800b3a47918b47dc17dd983bed59de3fda882d0f8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47127619-5c86-4363-ad38-bd0ea52d7a06.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 3871 Md5: 2d2380784d41f22b7c39f22aa6ee89f5$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 3871 x-amzn-requestid: 8e2f628a-40e7-4a30-9250-e799388e3f06 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: WaMExESGIAMFmSg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62ed8d51-548ce53641314e2f14e5c4af;Sampled=0 x-amzn-remapped-date: Fri, 05 Aug 2022 21:36:17 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: N90ctXzr6WonpYvUPxVh9pub3pDwtN6P2RHXYhHEnvQojnGnfdXOiw== via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google date: Fri, 05 Aug 2022 22:01:03 GMT age: 26741 etag: "5aafd1e4d78ce8b097b9d9333f8a583a3004ed21" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 3871 Md5: 2d2380784d41f22b7c39f22aa6ee89f5 Sha1: 5aafd1e4d78ce8b097b9d9333f8a583a3004ed21 Sha256: 0c0f5233c5b6e055ab79900dcd96b99dcd837a2459c75c75ba54d1289dab4ec7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00c27fbc-f7dc-491c-92c7-70dd9c68da69.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7911 Md5: 662f84cbbc31ca3bd337c82f59e810fb$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 7911 x-amzn-requestid: d3776da5-df77-4b08-bdf4-a949df45920a x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: WOTuzF2-oAMF6qw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62e8ccc4-36cb6c6a64a2fcb85c4a98e8;Sampled=0 x-amzn-remapped-date: Tue, 02 Aug 2022 07:05:40 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: Sa8b4L8kCsNGyke-UI-zyBEpPPGb9jghFNWPSaWLonAuTxFGHsJviQ== via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google date: Fri, 05 Aug 2022 23:12:47 GMT age: 22437 etag: "126688362f54060110b92826e9ea513fabcfde4f" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7911 Md5: 662f84cbbc31ca3bd337c82f59e810fb Sha1: 126688362f54060110b92826e9ea513fabcfde4f Sha256: 22db946504dfb8ac5b27913a462593a14cbc4ddbb433b10f0a3e1ddee5dd6753
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0639416-8f2d-4ab7-9e3b-459448bd9daa.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10949 Md5: 6b23b52c323b1ebf1abd497da1051b47$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 10949 x-amzn-requestid: c1761599-dc8d-408b-87da-b2961ac6560f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: WUXu5FD2IAMFpnQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62eb3992-1c17ee5a619249e84c814b7a;Sampled=0 x-amzn-remapped-date: Thu, 04 Aug 2022 03:14:26 GMT x-amz-cf-pop: YVR50-C1 x-cache: Miss from cloudfront x-amz-cf-id: MgwKi7CqzjoVvketcgzMwT2q0Egm5MksC7_-AEICUW7cKe0ok2Ii7g== via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 733ae4e17f2a4786e797d3450daabd46.cloudfront.net (CloudFront), 1.1 google date: Sat, 06 Aug 2022 04:15:44 GMT age: 4260 etag: "084b4b2e95a731acefcee158e539c4fbc74060f2" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10949 Md5: 6b23b52c323b1ebf1abd497da1051b47 Sha1: 084b4b2e95a731acefcee158e539c4fbc74060f2 Sha256: d5fb15eb9611b3b67d3954a6f8c2ccd53a4c385d2beb6254d3063fc38f04f56e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfd5df4-420a-41ec-b1de-b396653699e3.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8223 Md5: 21cb9fd64193c9fa61a65be28fa65bda$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 8223 x-amzn-requestid: 281d5f74-7335-41bf-a1b0-b96f8524a3ad x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: WaMEqHQvoAMFluQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62ed8d50-1840e5c331544b671bd6c5ed;Sampled=0 x-amzn-remapped-date: Fri, 05 Aug 2022 21:36:16 GMT x-amz-cf-pop: HIO50-C1, YVR50-C1 x-cache: Miss from cloudfront x-amz-cf-id: o9EeZetfZImEDJCDFyMh8hj9JXl78bbKcn2046qAYRLMW0r8sTJjyQ== via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 87136170926d082ce5ff23d5ad5be32c.cloudfront.net (CloudFront), 1.1 google date: Fri, 05 Aug 2022 21:47:23 GMT etag: "9b19561b15e7e126ee65436ba20d4ae4098e6776" content-type: image/jpeg age: 27561 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8223 Md5: 21cb9fd64193c9fa61a65be28fa65bda Sha1: 9b19561b15e7e126ee65436ba20d4ae4098e6776 Sha256: 16676379a98b377329551dea82df06b036aa7a1902ecc18b2467b25c0bd0e4dd
GET /track.php?domain=craftbuilders.com&toggle=browserjs&uid=MTY1OTc2MzYwMy44MTM5OjNiNzQ2N2U2NDAyZGNjNjNmYjMyOGY5NTNiY2Y4NGRlZWI3ODI5MTg2OTk3NDY2ZTc1ODE3OGQ0YjYwYzkxZjQ6NjJlZGZiOTNjNmIyMQ%3D%3D HTTP/1.1 Host: www1.craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/?tm=1&subid4=1659763601.0317020000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Dedicated%20Gaming%20Servers&KW4=B2B%20Travel%20Booking%20System&KW5=Elite%20Dating%20Services&KW6=Make%20Money%20From%20Home&KW7=Elite%20Dating%20Service&KW8=B2B%20Travel%20Booking%20System&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0 Cookie: __gsas=ID=66e1138f0233bb81:T=1659763603:S=ALNI_MYfo0NJ_jwpE3iZ3lUXOOkHA7H7Ew	13.248.148.254 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Sat, 06 Aug 2022 05:26:44 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Custom-Track: browserjs Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip --- Additional Info --- Magic: data Size: 20 Md5: a4745abc5e7fdb89cc6df3069f3c6e69 Sha1: 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
POST /ls.php HTTP/1.1 Host: www1.craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 2938 Origin: http://www1.craftbuilders.com Connection: keep-alive Referer: http://www1.craftbuilders.com/?tm=1&subid4=1659763601.0317020000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Dedicated%20Gaming%20Servers&KW4=B2B%20Travel%20Booking%20System&KW5=Elite%20Dating%20Services&KW6=Make%20Money%20From%20Home&KW7=Elite%20Dating%20Service&KW8=B2B%20Travel%20Booking%20System&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0 Cookie: __gsas=ID=66e1138f0233bb81:T=1659763603:S=ALNI_MYfo0NJ_jwpE3iZ3lUXOOkHA7H7Ew Cache-Control: max-age=0	13.248.148.254 HTTP/1.1 201 Created Content-Type: text/javascript;charset=UTF-8 Date: Sat, 06 Aug 2022 05:26:44 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 X-Log-Success: 62edfb940a05ff589c234803 Charset: utf-8 Access-Control-Allow-Origin: http://www1.craftbuilders.com Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Max-Age: 86400 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_XswEZtarWERkkQfSwEgwaMpGclSlU32pl6GiT/zM5JOMjavPOQsY0f1Yxs/oYjCzjJvEyiIlTdN1r2wEfSFZ6w== --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - fortinet: Malware
GET /track.php?domain=craftbuilders.com&caf=1&toggle=answercheck&answer=yes&uid=MTY1OTc2MzYwMy44MTM5OjNiNzQ2N2U2NDAyZGNjNjNmYjMyOGY5NTNiY2Y4NGRlZWI3ODI5MTg2OTk3NDY2ZTc1ODE3OGQ0YjYwYzkxZjQ6NjJlZGZiOTNjNmIyMQ%3D%3D HTTP/1.1 Host: www1.craftbuilders.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www1.craftbuilders.com/?tm=1&subid4=1659763601.0317020000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=Elite%20Dating%20Services&KW3=Dedicated%20Gaming%20Servers&KW4=B2B%20Travel%20Booking%20System&KW5=Elite%20Dating%20Services&KW6=Make%20Money%20From%20Home&KW7=Elite%20Dating%20Service&KW8=B2B%20Travel%20Booking%20System&KW9=Free%20Credit%20Card%20Apply&searchbox=0&backfill=0 Cookie: __gsas=ID=66e1138f0233bb81:T=1659763603:S=ALNI_MYfo0NJ_jwpE3iZ3lUXOOkHA7H7Ew	13.248.148.254 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Sat, 06 Aug 2022 05:26:45 GMT Transfer-Encoding: chunked Connection: keep-alive Server: nginx Vary: Accept-Encoding X-Custom-Track: answercheck Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip --- Additional Info --- Magic: data Size: 20 Md5: a4745abc5e7fdb89cc6df3069f3c6e69 Sha1: 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf