r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5402
Expires: Tue, 22 Nov 2022 23:24:55 GMT
Date: Tue, 22 Nov 2022 21:54:53 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4954
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:53 GMT
Last-Modified: Tue, 22 Nov 2022 20:32:19 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
1intre.duckdns.org/orgt/02f3f4abdc64be57c56115b68ed27a5a/?cont=qerldmlsbwfzaza5&token=cd6ad25f27ba198a9400cfb42d277078
35.230.10.129302 Found 0 B URL HTTP/1.1 1intre.duckdns.org/orgt/02f3f4abdc64be57c56115b68ed27a5a/?cont=qerldmlsbwfzaza5&token=cd6ad25f27ba198a9400cfb42d277078
IP 35.230.10.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /orgt/02f3f4abdc64be57c56115b68ed27a5a/?cont=qerldmlsbwfzaza5&token=cd6ad25f27ba198a9400cfb42d277078 HTTP/1.1
Host: 1intre.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 22 Nov 2022 21:54:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=cb7e67b60bce54bb4a85e28fc54c23bd; path=/
Location: ../index.php
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19729
Expires: Wed, 23 Nov 2022 03:23:42 GMT
Date: Tue, 22 Nov 2022 21:54:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: St9lZ0uJ5U71KOtYNvETpHQVPKo3CNC4qDQPPPTxaw+97lGQ+8FTf9EfgSDgtQwhdJXUXaUEGhI=
x-amz-request-id: WGXMQJY7X9GKGNB5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 22 Nov 2022 21:42:44 GMT
age: 729
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 22 Nov 2022 21:09:19 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2734
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 21:54:53 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 22 Nov 2022 21:11:10 GMT
cache-control: public,max-age=3600
age: 2623
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a181d95550cfdf3b1fc4deb71631e40
37866f7293c41fbfb817e321754cae5c5bf59f93
6aa3d2763181cc48d2ad0ce7d227f3cb3324045c3f7858ccdbae675768dcec55
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6014
Cache-Control: max-age=132735
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:54 GMT
Etag: "637c912f-1d7"
Expires: Thu, 24 Nov 2022 10:47:09 GMT
Last-Modified: Tue, 22 Nov 2022 09:06:55 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.163.114.208101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.114.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LGnelsl5ifoHhpk4z9KPvw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rqQ1twmHZKHZxQ7jC3Jx4COtU6c=
1intre.duckdns.org/orgt/index.php
35.230.10.129302 Found 0 B URL HTTP/1.1 1intre.duckdns.org/orgt/index.php
IP 35.230.10.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /orgt/index.php HTTP/1.1
Host: 1intre.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=cb7e67b60bce54bb4a85e28fc54c23bd
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 22 Nov 2022 21:54:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: 4c9f74c6b4204ccf698ee170b42a7f57?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14710
Expires: Wed, 23 Nov 2022 02:00:05 GMT
Date: Tue, 22 Nov 2022 21:54:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14710
Expires: Wed, 23 Nov 2022 02:00:05 GMT
Date: Tue, 22 Nov 2022 21:54:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14710
Expires: Wed, 23 Nov 2022 02:00:05 GMT
Date: Tue, 22 Nov 2022 21:54:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ed6b76d15fc8d6295acdb6fb47461d3
b8c928f93a8d82b48491448d811a95ad99dc6aef
de326836a9de677438b9ae724198e94348b0900c62817ff10de3677ce93fdae0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8685
x-amzn-requestid: 66455cc7-83d7-4570-99f9-5fa838da947f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrAHwKoAMFUHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee46-354d65e9609bc05647556a5a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -9tZPsMl7i5hr0N1rwJdQBLiOImuEO12RDL0pcPNjf6t-LkRbPaN2A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:58:29 GMT
age: 86186
etag: "b8c928f93a8d82b48491448d811a95ad99dc6aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f3fad7453f45dfa617243c8beac64e1
56414a905340e1b1478a0a40a52b25365a724524
7befcfbedac5652eb04bc675b67f7b642631d4e918f7aaee17b0b594e26854d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6031
x-amzn-requestid: f59b04c5-4955-4847-9a7f-d9d53b47ca52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3cV0GC-oAMF5hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637940f1-0425b3cf6a4650b60936feba;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 20:47:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VabInML1mfcQLIp29OWRNsixwfSWt0Wv9l7I-Ak7TdUHlNt2ZEVtPg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 15:21:36 GMT
age: 23599
etag: "56414a905340e1b1478a0a40a52b25365a724524"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nwXP5jm9A2Cl3_-Lm194ycXkeClig1L9hwgUgE8i8NF-Vv2gNfj_4Q==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 15:03:51 GMT
age: 24664
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dafd9e17dc0023e71ae513c6025e4b80
12e2654db1f384bb04f5c5042848b25dda86b710
e9c885a102dc811648cec4ac292db63564e81a48d7a3611cb31fba73b37286dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4639
x-amzn-requestid: 8a93fa29-158b-4402-aac4-85ad29a74ae1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-I6oELooAMFWFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637beeaa-5a85509b26d9aeef7ae59b4c;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:33:30 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bmrDryUp_4bvIikGkppa36e9isEfvK0gjunV6xmU5ApJtxlLR_GYkA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:05:18 GMT
age: 85777
etag: "12e2654db1f384bb04f5c5042848b25dda86b710"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F559c6770-d162-460d-b372-5ff036a364d6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F559c6770-d162-460d-b372-5ff036a364d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9defa28d124bae7e5ef29a1fb165ee02
2afe813f0fefae511064297ccff9a6de548104e8
8cfdd12386dcc87cfd874ed0c2d42cd33ae2a05cb35127f1a94e163d17bd5b31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F559c6770-d162-460d-b372-5ff036a364d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11576
x-amzn-requestid: 9dd2cb2e-de79-4937-b525-05be9d57c03b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrdFuxoAMFa9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee49-5437ea0f1568967278fe96ad;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:53 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lBMBI-XAKxn1K1gX7rTsyft8ZQxN2qAapstHVJ_2bnPlA8Tx59jfSg==
via: 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:51:13 GMT
age: 699
etag: "2afe813f0fefae511064297ccff9a6de548104e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2
35.230.10.129301 Moved Permanently 337 B URL HTTP/1.1 1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2
IP 35.230.10.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6c5c6ba9c761b224f1d61527fc52cf06
588bc81697bbcc9b765ad8d1c0ebee81af20d067
2f75112cfee661a6e56045efff57a3de0075f5ea3a8b5634cb0d3f0955724e52
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /orgt/4c9f74c6b4204ccf698ee170b42a7f57?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2 HTTP/1.1
Host: 1intre.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=cb7e67b60bce54bb4a85e28fc54c23bd
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 22 Nov 2022 21:54:55 GMT
Server: Apache
Location: http://1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57/?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2
Content-Length: 337
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ab62c5a7c3296600de924eb0b283bc1
bc4a2dc43898e3fb78ba7301d8b09b280991d221
f2a4c0829a4fb9a585113ed358832d16470ec391035a302a8f3c4666172f02bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10556
x-amzn-requestid: d2426c6d-5e78-496c-8649-0496a872b380
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-Iq0GPVoAMF9bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee45-1ee6dc09394731cc4dbfc38a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sBNLrVAl4G6pJ-OBZ6aJZC64MrkkGQdsuZKITQwcqgYgP6-GJiblfA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:59:20 GMT
age: 86135
etag: "bc4a2dc43898e3fb78ba7301d8b09b280991d221"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57/?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2
35.230.10.129200 OK 30 kB URL HTTP/1.1 1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57/?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2
IP 35.230.10.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2689), with CRLF line terminators
Hash 5b96c871d5f1a369cfa3a9021c3dd8f4
e186ac7656a0b649b389028b65fb89008e0f1ead
883bea5121b437cd5339002ee66f6feffc3c5f8c6eadb4f614a4a8d3129d04b8
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /orgt/4c9f74c6b4204ccf698ee170b42a7f57/?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2 HTTP/1.1
Host: 1intre.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=cb7e67b60bce54bb4a85e28fc54c23bd
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 21:54:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.53.com/content/dam/fifth-third/dtm/init.js
104.88.20.89200 OK 315 B URL HTTP/1.1 www.53.com/content/dam/fifth-third/dtm/init.js
IP 104.88.20.89:0
File type HTML document, ASCII text
Hash 2a0b9cf4ed71e8491986959b7a806223
47d4a173e305de9d8d5ed9029d3160b48add045a
a9f6e499c1b5a52a54c3dd232e80b9d2766f95112e80719b357a7bcbde044912
GET /content/dam/fifth-third/dtm/init.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Disposition: attachment
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "234-58a1fe4b15740-gzip"
Last-Modified: Thu, 30 May 2019 19:27:49 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 315
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=73~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=b1316c2bd5b40b0d64d14a5d660dd286; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/css/cms.css?ver=2021040219
104.88.20.89200 OK 5.3 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/css/cms.css?ver=2021040219
IP 104.88.20.89:0
Hash a803f36ab5da967ccd91a5bc42836bd0
8acd311b42334d76a2271e69b140e037dbe9a21e
5bd3fd3a215129dcd805fe6e066b7e42f2cecd7d86bb7ae3b239ec457e3e23e1
GET /etc/designs/fifth-third/static/css/cms.css?ver=2021040219 HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: text/css
ETag: "60d9-5d11d427872c0-gzip"
Last-Modified: Fri, 19 Nov 2021 05:08:03 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 5254
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=7~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=b5a5af170cf5ac50b5dcde0e8cf8206e; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
104.88.20.89200 OK 1.7 kB URL HTTP/1.1 www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
IP 104.88.20.89:0
Hash 0264e75c4c4c653a14b734102c311c28
d6effbe11d0bbbbae8e1c975a8afe509ffb926ae
aebc185abc8dc4a2940f68aab24c0029d66ad2d9bb3c65ea6489f77abc5fbdf1
GET /etc.clientlibs/fifth-third/clientlibs/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: text/css;charset=utf-8
ETag: "20fb-5d11d3fba8b40-gzip"
Last-Modified: Fri, 19 Nov 2021 05:07:17 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 1715
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19E7DFE9F11764A7656CCA892FB115C6F9108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19E7DFE9F11764A7656CCA892FB115C6F9108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=19~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=6a8ebec0e60b335e88bdb11c004d6e4f; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/js/cms.js
104.88.20.89200 OK 6.1 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/cms.js
IP 104.88.20.89:0
Hash 91ccfe45439df5b6ce2bdb47eb86c0d9
3c6daa9644c046d389f17ea5454873a8df4b1768
abefc6b9ae1fcd99b1ea45f1f159b1a7bba111d1eaadb2642bba1ccb6b762673
GET /etc/designs/fifth-third/static/js/cms.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "63dd-5e228b43cb580-gzip"
Last-Modified: Fri, 24 Jun 2022 02:55:34 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 6094
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=36~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=3222743a5799901b781c73d8322c4fbe; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/css/style.css?ver=2021040219
104.88.20.89200 OK 29 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/css/style.css?ver=2021040219
IP 104.88.20.89:0
Hash 3e8e72441abb646e17aafa498d3035de
b4206c1fea949a7c1bdd65369c1dd2f823d96323
ecaf044e71d8feab1640e2c9761c7ee4b75972ffa19e435350eb3d69a6c0809f
GET /etc/designs/fifth-third/static/css/style.css?ver=2021040219 HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: text/css
ETag: "336d0-5d11d427872c0-gzip"
Last-Modified: Fri, 19 Nov 2021 05:08:03 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 28755
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=49~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=1ac76b43639d5ea768731def5b29932d; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/js/patternlab.js
104.88.20.89200 OK 117 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/patternlab.js
IP 104.88.20.89:0
File type ASCII text, with very long lines (11620)
Size 117 kB (117040 bytes)
Hash d7693531df963a0bbe2ea10dd3c42411
941330511ba3dead8fb00ac1db6c22ced0f748cc
688ebc13368b1338c5f61fe2e01624a5ad6cef264b1f2e1bb68e9c8692de1511
GET /etc/designs/fifth-third/static/js/patternlab.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "64602-5b6b686988980-gzip"
Last-Modified: Fri, 18 Dec 2020 05:39:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Tue, 22 Nov 2022 21:54:56 GMT
Content-Length: 117040
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=48~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=7b4d2654b1ed4f47afb4d707f9f0757e; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.53.com/etc/designs/fifth-third/static/js/loadLogonScript.js
104.88.20.89200 OK 437 B URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/loadLogonScript.js
IP 104.88.20.89:0
Hash 819c25bac8b67fd919faa2e03996720f
4ff204c63318cfb5d39c51e2df5d291af39ae2c2
70a043b11df6fddbdc53558768711790f4cda719ae92c410ce71b899c0821205
GET /etc/designs/fifth-third/static/js/loadLogonScript.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "42b-5d11d427872c0-gzip"
Last-Modified: Fri, 19 Nov 2021 05:08:03 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 437
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19E7DFE9F11764A7656CCA892FB115C6F9108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19E7DFE9F11764A7656CCA892FB115C6F9108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=85~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=c7c2026546b78befc8b73ec339e7ea9d; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/js/hogan-3.0.1.js
104.88.20.89200 OK 5.6 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/hogan-3.0.1.js
IP 104.88.20.89:0
Hash da805f6b0f5ab4e8b1dd83c55e234f22
12235b19373c944de3c64a4d489d4f8cb935bc46
5a16f5b26a048c97d8f94fccfb84114ba67129a37f4e611372798a1364e4a2bd
GET /etc/designs/fifth-third/static/js/hogan-3.0.1.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "505b-5b6b686988980-gzip"
Last-Modified: Fri, 18 Dec 2020 05:39:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 5615
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=97~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=fab151d44fc1564f370e3cfc9c72a536; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/js/jquery.min.js
104.88.20.89200 OK 30 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/jquery.min.js
IP 104.88.20.89:0
File type ASCII text, with very long lines (65451)
Hash fb0e6981c97fba54d76f9b2bca152299
7c26673f6d5dd46220ca13f2197a5f5e70d06335
09b221854d59bd9fb7dcd7042f9fcee8b6b8f958d932096a9ca307e2d63813d0
GET /etc/designs/fifth-third/static/js/jquery.min.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "1538f-5b6b686988980-gzip"
Last-Modified: Fri, 18 Dec 2020 05:39:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 30307
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=83~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=54abcf30d6f77267cf5e91f8f6f07373; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/js/swiftype/ba-hashchange.min.js
104.88.20.89200 OK 1.0 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/swiftype/ba-hashchange.min.js
IP 104.88.20.89:0
File type HTML document, ASCII text, with very long lines (1025)
Hash 31a39db51a698c421c7f81df8789e3c7
b0e3cb0d39b18c96e8f897cad71a6b61cab90868
b27ee1de9bc5651432446b233f751ebc1f5462ed50c844422ebc5e1207254e49
GET /etc/designs/fifth-third/static/js/swiftype/ba-hashchange.min.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "a02-5e228b43cb580-gzip"
Last-Modified: Fri, 24 Jun 2022 02:55:34 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 1044
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=13~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=3d625e4dfd3e8b026dc939d30e17457b; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/js/swiftype/autocomplete.js
104.88.20.89200 OK 4.1 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/swiftype/autocomplete.js
IP 104.88.20.89:0
Hash eff5ee014c02205dc8d4f5d535973eed
1eef9bc0ff7fe745286e27125f854f0c745fdfe1
1f58d5632b46eb5c4766c5ae4c9ad4b928120799b2d63bfcbfafa7387ac854ed
GET /etc/designs/fifth-third/static/js/swiftype/autocomplete.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "401f-5b6b686988980-gzip"
Last-Modified: Fri, 18 Dec 2020 05:39:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 4138
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=76~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=1735979c8b5b407d9850ed46ed42163e; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
104.88.20.89200 OK 77 kB URL HTTP/1.1 www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
IP 104.88.20.89:0
Hash 31ce3343bbfe6290ee3b45a8280d4059
8b01e5098f6ca16387bf4a7404f6a706cb6955a4
98b299b9bc79c61e27b72afa3331aa04559017e74bd1a00a17da3965ec8165be
GET /webcontent/ff8c8ce2ui232e1382865c0c47839f HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Mon, 31 Oct 2022 15:58:53 GMT
ETag: "673c7dd0eea66e06a9aba19f100033a0b2d5f2a3dc71ecd138711ecd5d8d7b00"
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 76990
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=3~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=93037316e40994ff874f30d51337ac63; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
_abck=CC1093C525ECD9A9A23497E984CA3B93~-1~YAAQKzIQYHsV6HWEAQAAeEVWoQh9YvmWVaph13E0gng4O7uVAlcFhcWOPCd6KyI1vK31MX2Ca2iGGFpGFWMD6bGxAhdWdJp+rX49aisgfMMRfv1t4Y6o0vLaQWCSZJmJ1V7eVJ269WGYbab/VAA9vkhVNb7mB8CskgIiRMrep5F4ejYYkgudxEl3aNqL2PcdtYUAYzFOgcNyDwSWDfSgA55g3GXZbf/UpnpdWGLVU5vfuGvTuVQt3xXyWThkRZLyC9HLAce9idd9h+d+fJeVeFFDFmTc4WPMcr3qQajoIULp3OK2sWmT3QWFcVBoF21wzspctCP674mtBUu4WPyfN7bw1tws3Ues5VZCt3y8VFrz92BR7N6HdSo=~-1~-1~-1; Domain=.53.com; Path=/; Expires=Wed, 22 Nov 2023 21:54:56 GMT; Max-Age=31536000; Secure
bm_sz=FE60699522919A924C85071E8C22CD8A~YAAQKzIQYHwV6HWEAQAAeEVWoRECRs+8IudPsnr1Jfz1sunyDx8+zxgrKThWjC3kXntSP6wHGL+PBfQu4KjooojRMj8WKCSpB2z7yYNy3oNlDG3Uf3lzV/p59XJcBfQZk23FaNk2P4JvLHV5BdceXzvzkQLHNs/IQHkXdCYEI+Z4dpplOHHIjTeGl4H5gOUKHjJlFGcnzS2D5UoZPzufxCVaH5XtuCmzT10a6UkGMEiKBD1pkU8FUvhE/shKV/q2qEbGEago725t7zyOILQVATq04LsMql3VHeEoI8n3Iw==~3160389~4339001; Domain=.53.com; Path=/; Expires=Wed, 23 Nov 2022 01:54:56 GMT; Max-Age=14400
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 2a5268017008ffb2166d5bea44b13f95
5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d
212e0380898762a2bbdedd642b12742dcc1146918b0f4735a5b3c737e5b202c3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 21:54:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 17:40:04 GMT
Expires: Sat, 26 Nov 2022 17:40:03 GMT
Etag: "5eb4d1cc2fe740f07c9839dbc2bc785ffb058c2d"
Cache-Control: max-age=329706,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e4e80f1e14b4e8-OSL
www.53.com/etc/designs/fifth-third/static/js/moveScripts.js
104.88.20.89200 OK 362 B URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/moveScripts.js
IP 104.88.20.89:0
Hash 98793722a89ebdf9e02f79f7d3cd7c79
118c630deb3edd4373faedcb5e676a993814049d
27b027eb7a428f0099a304e8e9810042e2a8086b829704a6ef90ec25b34bdb88
GET /etc/designs/fifth-third/static/js/moveScripts.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "2ee-5b6b686988980-gzip"
Last-Modified: Fri, 18 Dec 2020 05:39:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 362
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=53~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=da4056582948d8f24d85c7aa903a61aa; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/js/slick.min.js
104.88.20.89200 OK 10 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/js/slick.min.js
IP 104.88.20.89:0
File type ASCII text, with very long lines (42862)
Hash a200e519b47aabb15179d3d44b42a20d
40f67edd6550052b130507ed1a56650c6bdb798f
ea316b7198f70a2c53e9f534e6c2b9f6e570e4a7369d5c0508cd38de275717db
GET /etc/designs/fifth-third/static/js/slick.min.js HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/javascript
ETag: "a76f-5b6b686988980-gzip"
Last-Modified: Fri, 18 Dec 2020 05:39:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 10442
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=97~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=fab151d44fc1564f370e3cfc9c72a536; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/css/autocomplete.css
104.88.20.89200 OK 1.2 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/css/autocomplete.css
IP 104.88.20.89:0
File type ASCII text, with very long lines (624)
Hash 0d346fe9ec57a2ad8aa46c2b774b82da
9962bf2d8c53aa2ec9ba8459dfc2a18f10f8c0c6
a432e655baa663eaa60fb61ba3f621cdf82b0d37c9cdd5d66d3d24c2b15c843a
GET /etc/designs/fifth-third/static/css/autocomplete.css HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: text/css
ETag: "d8c-5d11d427872c0-gzip"
Last-Modified: Fri, 19 Nov 2021 05:08:03 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 1191
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=69~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=7e8198c6122d6d2a114cbb0e7055fb7b; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/etc/designs/fifth-third/static/css/search.css
104.88.20.89200 OK 1.0 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/static/css/search.css
IP 104.88.20.89:0
Hash ae0d2655b51f0a7663cc179ecc12b3c7
ab0acc91b9f03a6c3ea51fb3ce86cf91e71c2bdd
39a96de47f3ce7cc5412c018a1dd59bd113195d7a997e43a1380237f43a0223a
GET /etc/designs/fifth-third/static/css/search.css HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: text/css
ETag: "bd2-5d11c9898e640-gzip"
Last-Modified: Fri, 19 Nov 2021 04:20:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 1014
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=1~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=ef8fa98c90e4dce645c28acf68a2598c; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,700
142.250.74.10200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,700
IP 142.250.74.10:0
Hash 29539cf03d4f0bd25c27f3f508cd6338
742446f4c2fcca5f953dd223767a25df0378d638
d4230be8a5fc31ecc421d4868beb1bf569afcb88ac9063838e957edc31d1ea57
GET /css?family=Open+Sans:300,400,400i,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.53.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 22 Nov 2022 21:54:56 GMT
date: Tue, 22 Nov 2022 21:54:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123308 Permanent Redirect 171 B URL HTTP/1.1 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3c417e9efbcaeb3bf7e7df75cf3b22fd
00465aec6b8ec302eae8abb99678fc5c09c3f343
21bd143d38dbbae427615a7266a86a18dc95c417f3e510632d7a9180d98d3571
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 308 Permanent Redirect
Server: nginx/1.15.8
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/300/addthis_widget.js
Date: Tue, 22 Nov 2022 21:54:56 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
content-encoding: gzip
content-length: 116423
date: Tue, 22 Nov 2022 21:54:56 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57/css/login.css
35.230.10.129200 OK 9.7 kB URL HTTP/1.1 1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57/css/login.css
IP 35.230.10.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash d4e19952c9e7c67a9bf8460568b1eca1
fda123b2aa5a5f14184c9f33225684d4d0dee386
cf867e7dec535401587e0918a17796948a478c1efddf3d2e988979d8875c10ef
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /orgt/4c9f74c6b4204ccf698ee170b42a7f57/css/login.css HTTP/1.1
Host: 1intre.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/orgt/4c9f74c6b4204ccf698ee170b42a7f57/?cont=QERldmlsbWFzazA5&token=fb21d8f1557c8912b7ce11bd49a339a2
Cookie: PHPSESSID=cb7e67b60bce54bb4a85e28fc54c23bd
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 21:54:56 GMT
Server: Apache
Last-Modified: Tue, 22 Nov 2022 21:54:55 GMT
Accept-Ranges: bytes
Content-Length: 9692
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
devilsms.live/clve-min.js
199.188.200.254200 OK 51 kB URL HTTP/2 devilsms.live/clve-min.js
IP 199.188.200.254:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 724ad5d75674097f5d14e70982a3bc6e
87146103e33be6cdf8d828351685c70f2a6cb7e3
d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260
GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 29 Nov 2022 21:54:56 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Tue, 22 Nov 2022 21:54:56 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
devilsms.live/cleave.js
199.188.200.254200 OK 18 kB IP 199.188.200.254:0
File type Unicode text, UTF-8 text, with very long lines (1712)
Hash fe9f66e28ad0fde897ddcb9571324491
e5ab8ed2bad2578458397898778be698dff70917
ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f
GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 29 Nov 2022 21:54:56 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Tue, 22 Nov 2022 21:54:56 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.53.com/content/dam/fifth-third/brand/icons/equal_housing_logo.png
104.88.20.89200 OK 2.8 kB URL HTTP/1.1 www.53.com/content/dam/fifth-third/brand/icons/equal_housing_logo.png
IP 104.88.20.89:0
File type PNG image data, 18 x 15, 8-bit colormap, non-interlaced\012- data
Hash ba4bacebf5dffb84ec9fd4dfb1108a73
e4fb3286c17cb7bc8d9f50d9de6a492996e9bd80
c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45
GET /content/dam/fifth-third/brand/icons/equal_housing_logo.png HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Disposition: attachment
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: image/png
ETag: "ac6-57513c77957c0"
Last-Modified: Tue, 04 Sep 2018 23:11:35 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 2758
Date: Tue, 22 Nov 2022 21:54:57 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=19~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=6a8ebec0e60b335e88bdb11c004d6e4f; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/content/dam/fifth-third/heroes/1440x565-ftblue-other.jpg
104.88.20.89200 OK 66 kB URL HTTP/1.1 www.53.com/content/dam/fifth-third/heroes/1440x565-ftblue-other.jpg
IP 104.88.20.89:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2018:02:23 11:30:46], baseline, precision 8, 1440x565, components 3\012- data
Hash 01460094e2d6c39a79efeac9725d8827
84913c508530e4b3ea912144be758b40d358f037
a41032b705f624b9e188124f35ffa60061fb90257f32e532f80fb51e109c8fae
GET /content/dam/fifth-third/heroes/1440x565-ftblue-other.jpg HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache="set-cookie"
Content-Disposition: attachment
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: image/jpeg
ETag: "10157-57513bc633540"
Last-Modified: Tue, 04 Sep 2018 23:08:29 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 65879
Date: Tue, 22 Nov 2022 21:54:57 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=41~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=d24d972f8c68405ad0939ebef2e0de0a; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
assets.adobedtm.com/launch-ENf0bbb7156e514ac9ac6520d4cb47577a-staging.min.js
23.38.200.237200 OK 143 kB URL HTTP/1.1 assets.adobedtm.com/launch-ENf0bbb7156e514ac9ac6520d4cb47577a-staging.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32753)
Size 143 kB (142871 bytes)
Hash dd28d31700c2fccdda0746b3c89c3499
fcf0d5e8880861206afc6c3545841f500ad395c9
e2850711923cf5beae5734aaac16ac8bd494d73b7f4313725ef67a76589234ac
GET /launch-ENf0bbb7156e514ac9ac6520d4cb47577a-staging.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "99ca3775ebc5fea3aceba5c209673fbd:1668795451.226134"
Last-Modified: Fri, 18 Nov 2022 18:17:31 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Tue, 22 Nov 2022 21:54:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 22 Nov 2022 21:54:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Access-Control-Allow-Origin: http://1intre.duckdns.org
Timing-Allow-Origin: *
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js
23.38.200.237200 OK 8.8 kB URL HTTP/2 assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js
IP 23.38.200.237:0
File type exported SGML document, ASCII text, with very long lines (24962)
Hash f7c3cd00477192d76a42365d22f52833
778cb81eee6d249f032593b476b7f46e774576aa
fe4c959a3facbad59a49cdfa96a8c95edbfdf4fb22dbfd257764226b8a1f5c29
GET /extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7324535d27629ca693bad7fd0da315ea:1591133412.560246"
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 8764
expires: Tue, 22 Nov 2022 22:54:58 GMT
date: Tue, 22 Nov 2022 21:54:58 GMT
cache-control: no-cache
access-control-allow-origin: http://1intre.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
23.38.200.237200 OK 1.6 kB URL HTTP/2 assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (3177)
Hash 1e8bb58cfedfb7542f7cdfbb098a75b1
43a25eecb6f12c3e364c3089df1b9c99416177c5
4bfd11603afaf2fa5cdeed97332d247064ac3b84f5d2ef10239a614cb31c641c
GET /extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1607
expires: Tue, 22 Nov 2022 22:54:58 GMT
date: Tue, 22 Nov 2022 21:54:58 GMT
cache-control: no-cache
access-control-allow-origin: http://1intre.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32755)
Hash daac865d6c5a6e62fd3436b56135fae2
1e6bbb06e4a22ae7c403d9653b1dc51ab4187e9e
8c574adcd5fbb0d2182896ea0dd0b85f052389f7ec6314a7056ad173286c97be
GET /extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "41f1b46329a6056c0f2c993498eda989:1591133412.019903"
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12161
expires: Tue, 22 Nov 2022 22:54:58 GMT
date: Tue, 22 Nov 2022 21:54:58 GMT
cache-control: no-cache
access-control-allow-origin: http://1intre.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.en25.com/i/elqCfg.min.js
23.13.40.213200 OK 2.2 kB URL HTTP/1.1 img.en25.com/i/elqCfg.min.js
IP 23.13.40.213:0
File type ASCII text, with very long lines (6080), with no line terminators
Hash 653932b9065b662394993fd19677a932
854c6c3b96fc647f07bf9a1698387d1253bcb61c
ba8a6983167c051ebdd701cb59293a88346b84f2a9802f59ecc75ca49f383a7d
GET /i/elqCfg.min.js HTTP/1.1
Host: img.en25.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/x-javascript
Last-Modified: Mon, 03 Oct 2022 17:55:36 GMT
Accept-Ranges: bytes
ETag: "ff37a05751d7d81:0"
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: no-store
Expires: Tue, 22 Nov 2022 21:54:58 GMT
Date: Tue, 22 Nov 2022 21:54:58 GMT
Content-Length: 2183
Connection: keep-alive
dpm.demdex.net/id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=CBBDCBC1557213FE7F000101%40AdobeOrg&d_nsid=0&ts=1669154097717
52.213.64.117200 OK 479 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=CBBDCBC1557213FE7F000101%40AdobeOrg&d_nsid=0&ts=1669154097717
IP 52.213.64.117:0
File type JSON data\012- , ASCII text, with very long lines (858), with no line terminators
Hash e227c27274d17661a73a3f76103ba225
20cd128bc56db887120caea1b4f07263fe19f587
61fd4b0f4270f89cacc7a6759be26405464d2425b2087572d8e135cd8bd8b7b5
GET /id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=CBBDCBC1557213FE7F000101%40AdobeOrg&d_nsid=0&ts=1669154097717 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://1intre.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-05e780d2b.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=32090150232739222220161828069110168876; Max-Age=15552000; Expires=Sun, 21 May 2023 21:54:58 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: cMaDoa+XSh4=
Content-Length: 479
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=AW-983180037
142.250.74.168200 OK 53 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-983180037
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 0d855cb5fb4b88e8eed4edc5dd9cd515
e60325e053d2f7ef5eac7cc10e7b149629a2807c
8558cebf4c5878bfd8453a7466b807dc3ed90a9ce1fd2ecf1db8ad5f2d07aa3a
GET /gtag/js?id=AW-983180037 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 21:54:58 GMT
expires: Tue, 22 Nov 2022 21:54:58 GMT
cache-control: private, max-age=900
last-modified: Tue, 22 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 53046
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-965699254
142.250.74.168200 OK 67 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-965699254
IP 142.250.74.168:0
File type ASCII text, with very long lines (2917)
Hash 4a9d643136ce8100946ace28bee093e7
1edfae126a3f77e85f46a808c8093fc48c0b946b
f9da9b6a277f4b924994a58587c8c140e8e98d3c425df47319cf8714aaf9e0f0
GET /gtag/js?id=AW-965699254 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 21:54:58 GMT
expires: Tue, 22 Nov 2022 21:54:58 GMT
cache-control: private, max-age=900
last-modified: Tue, 22 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66935
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
collector-16829.us.tvsquared.com/tv2track.js
3.22.237.188200 OK 8.5 kB URL HTTP/1.1 collector-16829.us.tvsquared.com/tv2track.js
IP 3.22.237.188:0
File type ASCII text, with very long lines (1162)
Hash 0dfa43ce95b39a456eae5449442aff6e
f5a7a9573c38d97cb3c7d8d811b8b6707a7f2d88
3135834b3c8b03e052d94f9b63cf3f796ff4a3077256dd1daddc16d5c204306a
Analyzer Verdict Alert urlquery Phishing - Fifth Third Bank
GET /tv2track.js HTTP/1.1
Host: collector-16829.us.tvsquared.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 200 OK
Cache-Control: max-age=600
Content-Encoding: gzip
Content-Type: application/javascript
Date: Tue, 22 Nov 2022 21:54:58 GMT
ETag: "6306051b-2133"
Expires: Tue, 22 Nov 2022 22:04:58 GMT
Last-Modified: Wed, 24 Aug 2022 11:01:47 GMT
Server: nginx
X-Robots-Tag: noindex
Content-Length: 8499
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 05:42:51 GMT
expires: Fri, 17 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 490327
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.woff
104.88.20.89200 OK 32 kB URL HTTP/1.1 www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.woff
IP 104.88.20.89:0
File type Web Open Font Format, TrueType, length 31620, version 1.0\012- data
Hash a55db942b961e6a7cf7c70dfbca91616
15c5f647c3a9495e0dfcc316311191ce54b409ee
1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c
GET /etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.woff HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: https://www.53.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=86400, public, no-cache="set-cookie"
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/x-font-woff
ETag: "7b84-5bc3318dc5480-gzip"
Last-Modified: Fri, 26 Feb 2021 01:22:10 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Vary: user-agent, Accept-Encoding
Date: Tue, 22 Nov 2022 21:54:58 GMT
Content-Length: 31620
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=31~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=e9800926c28e7c2d9977320cb2b7f373; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
104.88.20.89201 Created 18 B URL HTTP/1.1 www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
IP 104.88.20.89:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
POST /webcontent/ff8c8ce2ui232e1382865c0c47839f HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2235
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Cookie: AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398; akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=41~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=d24d972f8c68405ad0939ebef2e0de0a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Content-Length: 18
Date: Tue, 22 Nov 2022 21:54:58 GMT
Connection: keep-alive
Content-Type: application/json
Set-Cookie: _abck=D69817A81DA53A8059B7772E2702F316~-1~YAAQKzIQYH8V6HWEAQAAdk1WoQgBMkg2R5hBPKSSRkklE4EjToTm1Wf4YLwbU1zslVDzic/xPn8VFoqDvHDHQdNEmaPNp3YNHeLqB2LaEPIjiw/xPvW1tAZgOELRbHmrN6X9gt15kROL926xCy13M1Y4ZIdzMSGCCVi1sZJn8/Iv5IVr4UzLtYaBZs6aIcfL/S2UqO0a+Wf+gS9nRZajsHa+WayPabsQvO7hPrwpzySk/D5R5oevZxgQOQdMcGI0kUhnJKtKt0gkdRCN6DnISITv2WojNrBtGMZfXawUlcfzEt/AbMI7JlXoe/BAAsRpKW0o4QH2HXRExAuRyq94+sPlxhM+4TLinyzKi0UpqS7NpVcIw3PVz30=~-1~-1~-1; Domain=.53.com; Path=/; Expires=Wed, 22 Nov 2023 21:54:58 GMT; Max-Age=31536000; Secure
bm_sz=0CAF9BFCFCAF83504401A5ED9D47E414~YAAQKzIQYIAV6HWEAQAAdk1WoRFPN46kZ4Qalu3wYyHIBakdeF1LoBYI3Vo2z/0jFxBShe6yYL02Gf8Fs2xoQPsLcnwumoNtVzgnvgg4Xyra1lKO61sciEH0R+CtUkRdenY/1xQlyahWZgWhkGgcuqkuXazjH7Q4N1qYfI9TH0+oj9nzoYtFFk9dtNg323DgTrKQpTLmCA0fDYTGgkf2racOh+P6/Treqar1hzfrjcf4HCNjuVl/ZgvRCLbnbAX/VsmX4Qi/WoDkmlIyUkZZe8YWTE9cM8cOMbxfLOEuew==~4470327~3158065; Domain=.53.com; Path=/; Expires=Wed, 23 Nov 2022 01:54:58 GMT; Max-Age=14400
collector-16829.us.tvsquared.com/tv2track.php?action_name=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&idsite=TV-8136187209-1&rec=1&r=788728&h=21&m=54&s=58&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&_id=9479a5e82345aef1&_idts=1669154098&_idvc=0&_idn=1&_viewts=&cookie=1&res=1280x1024>_ms=351
3.22.237.188200 OK 42 B URL HTTP/1.1 collector-16829.us.tvsquared.com/tv2track.php?action_name=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&idsite=TV-8136187209-1&rec=1&r=788728&h=21&m=54&s=58&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&_id=9479a5e82345aef1&_idts=1669154098&_idvc=0&_idn=1&_viewts=&cookie=1&res=1280x1024>_ms=351
IP 3.22.237.188:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 00657dd79637a8daf5e6196ca17f1887
3e064855d1fe7c6eac52981a646ec5840ba7efb5
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
Analyzer Verdict Alert urlquery Phishing - Fifth Third Bank
GET /tv2track.php?action_name=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&idsite=TV-8136187209-1&rec=1&r=788728&h=21&m=54&s=58&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&_id=9479a5e82345aef1&_idts=1669154098&_idvc=0&_idn=1&_viewts=&cookie=1&res=1280x1024>_ms=351 HTTP/1.1
Host: collector-16829.us.tvsquared.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Tue, 22 Nov 2022 21:54:58 GMT
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Request-Id: a3125a04-eaba-4a0f-addf-1fea72f6138d
Server: nginx
Content-Length: 42
Connection: keep-alive
assets.adobedtm.com/cadf1530cead/3d6f9db110e0/5f3d787abfed/RC610020f9feb9444981811dd2ff136847-source.min.js
23.38.200.237200 OK 536 B URL HTTP/2 assets.adobedtm.com/cadf1530cead/3d6f9db110e0/5f3d787abfed/RC610020f9feb9444981811dd2ff136847-source.min.js
IP 23.38.200.237:0
File type HTML document, ASCII text, with very long lines (796)
Hash b50fa88c53b3f2230ab9e738307674f1
9fca2e157f56d260a0028496d383bc1f13f9b263
5bd2f050d299ba4d47a7568280324fe2838064312feec0ff47766a92903e63ba
GET /cadf1530cead/3d6f9db110e0/5f3d787abfed/RC610020f9feb9444981811dd2ff136847-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "64a089b7065caaddcbd303eecc44279a:1668795452.029362"
last-modified: Fri, 18 Nov 2022 18:17:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 536
cache-control: max-age=3600
expires: Tue, 22 Nov 2022 22:54:58 GMT
date: Tue, 22 Nov 2022 21:54:58 GMT
access-control-allow-origin: http://1intre.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/cadf1530cead/3d6f9db110e0/5f3d787abfed/RC2fbb197127024365b804821684503738-source.min.js
23.38.200.237200 OK 530 B URL HTTP/2 assets.adobedtm.com/cadf1530cead/3d6f9db110e0/5f3d787abfed/RC2fbb197127024365b804821684503738-source.min.js
IP 23.38.200.237:0
File type HTML document, ASCII text, with very long lines (794)
Hash 97f673100c444a54d9139f9a68a21fa7
25407a476b0a138f5facadb7159b0fe3a6aa0289
a6768253a4ad24db86c3d97f6673a6ea75c86a419d2c3fbbae8e7430415d08cd
GET /cadf1530cead/3d6f9db110e0/5f3d787abfed/RC2fbb197127024365b804821684503738-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "64a089b7065caaddcbd303eecc44279a:1668795452.029362"
last-modified: Fri, 18 Nov 2022 18:17:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 530
cache-control: max-age=3600
expires: Tue, 22 Nov 2022 22:54:58 GMT
date: Tue, 22 Nov 2022 21:54:58 GMT
access-control-allow-origin: http://1intre.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/cadf1530cead/3d6f9db110e0/5f3d787abfed/RCaac05d6061834e998c7762867e58c1f4-source.min.js
23.38.200.237200 OK 567 B URL HTTP/2 assets.adobedtm.com/cadf1530cead/3d6f9db110e0/5f3d787abfed/RCaac05d6061834e998c7762867e58c1f4-source.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (1265)
Hash b09e8463e61c53d4ee4a303e55d2b4ab
5a19e1fd909aab80faee4b6b2186f623c159fd1c
1e3086d89b3e26d05b3f1fbd67eecb2168c3320482f3c31438f36721565035c0
GET /cadf1530cead/3d6f9db110e0/5f3d787abfed/RCaac05d6061834e998c7762867e58c1f4-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "64a089b7065caaddcbd303eecc44279a:1668795452.029362"
last-modified: Fri, 18 Nov 2022 18:17:32 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 567
cache-control: max-age=3600
expires: Tue, 22 Nov 2022 22:54:58 GMT
date: Tue, 22 Nov 2022 21:54:58 GMT
access-control-allow-origin: http://1intre.duckdns.org
timing-allow-origin: *
X-Firefox-Spdy: h2
collector-16829.us.tvsquared.com/tv2track.php?action_name=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&idsite=TV-8136187209-1&rec=1&r=556718&h=21&m=54&s=58&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&_id=9479a5e82345aef1&_idts=1669154098&_idvc=0&_idn=0&_viewts=&cookie=1&res=1280x1024>_ms=351
3.22.237.188200 OK 42 B URL HTTP/1.1 collector-16829.us.tvsquared.com/tv2track.php?action_name=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&idsite=TV-8136187209-1&rec=1&r=556718&h=21&m=54&s=58&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&_id=9479a5e82345aef1&_idts=1669154098&_idvc=0&_idn=0&_viewts=&cookie=1&res=1280x1024>_ms=351
IP 3.22.237.188:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 00657dd79637a8daf5e6196ca17f1887
3e064855d1fe7c6eac52981a646ec5840ba7efb5
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
Analyzer Verdict Alert urlquery Phishing - Fifth Third Bank
GET /tv2track.php?action_name=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&idsite=TV-8136187209-1&rec=1&r=556718&h=21&m=54&s=58&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&_id=9479a5e82345aef1&_idts=1669154098&_idvc=0&_idn=0&_viewts=&cookie=1&res=1280x1024>_ms=351 HTTP/1.1
Host: collector-16829.us.tvsquared.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Tue, 22 Nov 2022 21:54:58 GMT
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Request-Id: dac39a46-4e6a-4346-9f01-00beddf0bb9e
Server: nginx
Content-Length: 42
Connection: keep-alive
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Tue, 22 Nov 2022 21:54:58 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
fast.fifththird.demdex.net/dest5.html?d_nsid=0
23.36.76.161200 OK 2.8 kB URL HTTP/1.1 fast.fifththird.demdex.net/dest5.html?d_nsid=0
IP 23.36.76.161:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.fifththird.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Tue, 22 Nov 2022 21:54:58 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=contactforms.53.com
142.0.173.20301 Moved Permanently 289 B URL HTTP/1.1 contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=contactforms.53.com
IP 142.0.173.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 6b948a614f557be55e646abdd3f42558
1c20df5f99d775759cf23101c73167e1cad0621b
f2db8cd35612a9442ef62a393d68a3b76b4bc7672e538a46a2dcb175404a7960
GET /visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=contactforms.53.com HTTP/1.1
Host: contactforms.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=contactforms.53.com
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Tue, 22 Nov 2022 21:54:58 GMT
Content-Length: 289
www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.ttf
104.88.20.89200 OK 19 kB URL HTTP/1.1 www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.ttf
IP 104.88.20.89:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash 3dee617a0cb020b395ffdd1a8ffcfb07
4553a4d22801c61dcfe07a892aec1ec868d9926a
13280d6c0da839420dead4177c571e75dd27c9881d638dddbc6655032f0b711f
GET /etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.ttf HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: https://www.53.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400, public, no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/x-font-ttf
ETag: "7b38-5bc3318dc5480-gzip"
Last-Modified: Fri, 26 Feb 2021 01:22:10 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 18963
Date: Tue, 22 Nov 2022 21:54:58 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD195A31205D11DFCEB1C7FE8AE59DDA6D0C108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=61~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=11808d817ab8d21265ce27048071e925; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
104.88.20.89201 Created 18 B URL HTTP/1.1 www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
IP 104.88.20.89:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
POST /webcontent/ff8c8ce2ui232e1382865c0c47839f HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1967
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Cookie: AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398; akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=41~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=d24d972f8c68405ad0939ebef2e0de0a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Content-Length: 18
Date: Tue, 22 Nov 2022 21:54:59 GMT
Connection: keep-alive
Content-Type: application/json
Set-Cookie: _abck=EA085398D19F609BB6B7A2D74F43CCF8~-1~YAAQKzIQYIEV6HWEAQAA+09WoQhpjs7pa02Ya9sfQo1YtvtS5xZ8K7gMnu0ah3TGlyG/nWhXB9oDsSK55cfvqu5jElkKXukXJOFLw3vwFhSOajr7S7jRqEr34zIdB6nZ/iGXTqYvdxaX+RRGfs/rDkF5NYxtmhXrzy9J2t4mbQveElPZm2vRVG/k5gY3s83MB2JsVztKiHndN5r4m98jIbqBu5OIimR2kygv5wU5xd4mqJUPY851TkQbF9RTPtDwyOqGKScqBDX++uGKGDMGKT0zo0IVx0RB/+MDETwUrWimCwQWfJWGJycNrtavAVgN9L7jRXNHnj9X7UPKURsihSHeS5ffrAde3mzrYusAt1n3RT5RcQ7gK68=~-1~-1~-1; Domain=.53.com; Path=/; Expires=Wed, 22 Nov 2023 21:54:59 GMT; Max-Age=31536000; Secure
bm_sz=9F1351E7DE00147A4EC403A734435BE1~YAAQKzIQYIIV6HWEAQAA+09WoRHvC3TAU5ZL6P5ryq8D3qaQ+dyKVvHcEDq5JWLkCzrfG59EvVAbTF8AVuI0gkLTbGoBv09G7iTIyEzrfiykiLiabmHDpBc63hif3ZrTaBJ7rYx2rVGYH+UxU9NZGKBdZq05WfspsCYLJdcoAWgqhsJ3BfI4UdWYm8Jy2RjnLBbVaeyYwQ9SJ/0FHyy6Jogb71wkvh8Pf8Oe08orqlkjx42+SPjxxfAw3fnE5+xpm3mhyaQ6FWklZRLd269PSuUwTYGDqqsQ8lEHUcdiCg==~3684675~3621185; Domain=.53.com; Path=/; Expires=Wed, 23 Nov 2022 01:54:59 GMT; Max-Age=14400
www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.woff
104.88.20.89200 OK 32 kB URL HTTP/1.1 www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.woff
IP 104.88.20.89:0
File type Web Open Font Format, TrueType, length 31620, version 1.0\012- data
Hash a55db942b961e6a7cf7c70dfbca91616
15c5f647c3a9495e0dfcc316311191ce54b409ee
1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c
GET /etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.woff HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: https://www.53.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 26 Feb 2021 01:22:10 GMT
If-None-Match: "7b84-5bc3318dc5480-gzip"
HTTP/1.1 200 OK
Cache-Control: max-age=86400, public, no-cache="set-cookie"
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/x-font-woff
ETag: "7b84-5bc33d2e302c0-gzip"
Last-Modified: Fri, 26 Feb 2021 02:14:11 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Vary: user-agent, Accept-Encoding
Date: Tue, 22 Nov 2022 21:54:59 GMT
Content-Length: 31620
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD196272746263C81503A2C5E0BBACC163E1108C2659BC8362CBDCFA565726522413B95728EB3D3DE59F5523CCDEE54936BD;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=31~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=e9800926c28e7c2d9977320cb2b7f373; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=57043
date: Tue, 22 Nov 2022 21:54:59 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
platform.twitter.com/widgets.js
192.229.233.25200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 192.229.233.25:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 7899fffaf0046efb7f9be2495d9dc928
d4c60d88e8deea577a50f9d20e1b6b3a20cba2cf
07d50450f22df0588cc1b67f5a124cb91d99a032a229586eb7dc490cce9f7f30
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1349
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Tue, 22 Nov 2022 21:54:59 GMT
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F70E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
x-amzn-internal-status: 304
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29221
static.ads-twitter.com/uwt.js
151.101.84.157200 OK 15 kB URL HTTP/2 static.ads-twitter.com/uwt.js
IP 151.101.84.157:0
File type ASCII text, with very long lines (57596), with no line terminators
Hash 573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 27 Oct 2022 18:55:37 GMT
cache-control: no-cache
content-type: application/javascript; charset=utf-8
content-encoding: gzip
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
accept-ranges: bytes
date: Tue, 22 Nov 2022 21:54:59 GMT
x-served-by: cache-iad-kjyo7100147-IAD, cache-bma1652-BMA
x-cache: HIT, HIT
vary: Accept-Encoding,Host
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
content-length: 15375
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=32090150232739222220161828069110168876
99.80.65.0301 Moved Permanently 134 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=32090150232739222220161828069110168876
IP 99.80.65.0:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /cm/dd?d_uuid=32090150232739222220161828069110168876 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Tue, 22 Nov 2022 21:54:59 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=32090150232739222220161828069110168876
googleads.g.doubleclick.net/pagead/viewthroughconversion/986790419/?random=1669154098737&cv=11&fst=1669154098737&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 988 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/986790419/?random=1669154098737&cv=11&fst=1669154098737&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash d504036e1585ed4530cd2b4227b5b4d9
f37af77e928340028286dadb0bff79656e3acf0a
2bb11c723782eeeb703cdcf9cb3d0c57cc5ea6604f97bff30e95e731e08504f8
GET /pagead/viewthroughconversion/986790419/?random=1669154098737&cv=11&fst=1669154098737&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 988
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/787644850/?random=1669154098467&cv=11&fst=1669154098467&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 987 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/787644850/?random=1669154098467&cv=11&fst=1669154098467&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash 3ce46814ecdc3101509b737a5e978e8b
d3fa25c4e6e626086aac1866bdc1f0e94c505303
3d17165565a0f3c42dcf609579a886201e4c8cc4df44a90f2f51dd63c591155e
GET /pagead/viewthroughconversion/787644850/?random=1669154098467&cv=11&fst=1669154098467&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 987
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/854356612/?random=1669154098692&cv=11&fst=1669154098692&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 988 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/854356612/?random=1669154098692&cv=11&fst=1669154098692&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash 527892f8862902151fd13c7bfb3d8bf2
0adb0b258b0ddfaf47c900a349e9b5aba7698e34
fed6113f3ab238d83367f5ea944a284f1dd7bc97ab957af44007e7fe9face9aa
GET /pagead/viewthroughconversion/854356612/?random=1669154098692&cv=11&fst=1669154098692&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 988
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/965699254/?random=1669154098377&cv=11&fst=1669154098377&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 988 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/965699254/?random=1669154098377&cv=11&fst=1669154098377&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash 9f94f1777efb6d8fd0b31046f20b4ee6
6113acf1478cafce087dbe68e5de1aad5e25d33d
5d661bd35edb331719027c835943d72cd53bf5b9bd622db3cc5e0ce1a3a61827
GET /pagead/viewthroughconversion/965699254/?random=1669154098377&cv=11&fst=1669154098377&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 988
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/725123364/?random=1669154098706&cv=11&fst=1669154098706&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 987 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/725123364/?random=1669154098706&cv=11&fst=1669154098706&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash 7375a546f3b6f37f609600955dea6604
a5bd2afc534472da56a10ffa375683da8a89ad03
4698694b9649235fc4d986324e4599389f83ceec3790848a6cd2dfb7434be956
GET /pagead/viewthroughconversion/725123364/?random=1669154098706&cv=11&fst=1669154098706&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 987
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/847447334/?random=1669154098759&cv=11&fst=1669154098759&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 985 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/847447334/?random=1669154098759&cv=11&fst=1669154098759&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2143), with no line terminators
Hash 24e32198e6d17151ea29dff21c21be96
f95e24ef99e405d24492b14a1f0ab8541679ef6f
152fe5bf77053c3a038ac8e3b2a9288206fa824eddcce8a66d9ccf322e6e19be
GET /pagead/viewthroughconversion/847447334/?random=1669154098759&cv=11&fst=1669154098759&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 985
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/847447334/?random=1669154098753&cv=11&fst=1669154098753&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 984 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/847447334/?random=1669154098753&cv=11&fst=1669154098753&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash 31b89faba69c59f9f7e5e2e772e05ece
dc5c28a90311b25ffad33d9ca4c25968e923f33d
b8a142f5798fe404bab9effad659a6a85ed694cb8853b7f6bff2c69f5f0202f3
GET /pagead/viewthroughconversion/847447334/?random=1669154098753&cv=11&fst=1669154098753&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 984
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.ttf
104.88.20.89200 OK 16 kB URL HTTP/1.1 www.53.com/etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.ttf
IP 104.88.20.89:0
Hash 37b6970dbc9b4f097e999c5f8035bfe9
2854a5a09344a9e4ada767574a9156c3f37e32fa
b55d77e30c78ded3bb06376de830122ff11b56b7f72059417fa3c556c3703a4e
GET /etc.clientlibs/fifth-third/clientlibs/clientlib-fonts/resources/fonts/icomoon.ttf HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: https://www.53.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400, public, no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: application/x-font-ttf
ETag: "7b38-5bc3318dc5480-gzip"
Last-Modified: Fri, 26 Feb 2021 01:22:10 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 18963
Date: Tue, 22 Nov 2022 21:54:58 GMT
Connection: keep-alive
Set-Cookie: AWSELB=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900
AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=75~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=e6f4edd6e948b949c924e2f77d97fcd3; path=/; HttpOnly; Secure; SameSite=None; Domain=.www.53.com
www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
104.88.20.89201 Created 18 B URL HTTP/1.1 www.53.com/webcontent/ff8c8ce2ui232e1382865c0c47839f
IP 104.88.20.89:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
POST /webcontent/ff8c8ce2ui232e1382865c0c47839f HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2216
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Cookie: AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398; akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=41~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=d24d972f8c68405ad0939ebef2e0de0a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 201 Created
Content-Length: 18
Date: Tue, 22 Nov 2022 21:54:59 GMT
Connection: keep-alive
Content-Type: application/json
Set-Cookie: _abck=533361734DF3C02889431A566C750445~-1~YAAQKzIQYIMV6HWEAQAAj1FWoQhr71Y9EEerydpANRQKgduxN/HNNvfgTUblSoj54qMYrNxy2qavgRAqmdBt7Ro55sod4kXK9Voc9DWP5PfC0/npN8rknhs6r/GJfoQto3GJUtpPlMHVC12fdCGEAlYE/4hmHzKFzwNle2z0qOxiCRd4aU+rJz1zOhuhgoEg8qyq1disnw0ntVDNb2CR9uZEs0JqX7oEVT0vWczR3NYKCMlMfcczTJ6QejvQaytHAQ9J+h+Uxqz31ZvcGJacRF+tlNO3ith1ges5UypN2wuI7HGQ0OQGemhR786UWm5BjuCum14c22OjcU95TfeO/3LmsRlami9Ehvpgh3d3ufFRY19Kpd1Znb8=~-1~-1~-1; Domain=.53.com; Path=/; Expires=Wed, 22 Nov 2023 21:54:59 GMT; Max-Age=31536000; Secure
bm_sz=4EDCB9AEE0427268EBB69366D75A3734~YAAQKzIQYIQV6HWEAQAAj1FWoRFh9a1IzxFzLaqSzNoYOr0gOtmVuM/akNqhq94HId5wGA/heC+T1ZEjjCh+bvIuK03Y+BRcevpj3KAjMqlbQMQlpHAB0U4YL9uJKneFk1+m/VXd+yYMuJ2v2fXkCOjXFb1VwzidPtfVLdfuveMb3JZ8pt1zbwGuGOcnfLfx4m/EYDalLaIyG0UQDMTpmuVDGOaNoNJwmjy/raVzWu19c5fsazmmp0MPh14FjR34QZP9hGwHC40lgswx/H/m+z/V/vIVpQfL6dAkmAgOAw==~3684675~3621185; Domain=.53.com; Path=/; Expires=Wed, 23 Nov 2022 01:54:59 GMT; Max-Age=14400
m.addthis.com/live/red_lojson/300lo.json?si=637d45329c14d9e8&bkl=0&bl=1&pdt=3029&sid=637d45329c14d9e8&pub=ra-57fbbf0f65d1f6cb&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.53.com&fp=content%2Ffifth-third%2Fen%2Flogin.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1669154098273&jsl=8193&uvs=637d4532245e794a000&skipb=1&callback=addthis.cbs.jsonp__261199626052477260
23.38.200.123200 OK 90 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=637d45329c14d9e8&bkl=0&bl=1&pdt=3029&sid=637d45329c14d9e8&pub=ra-57fbbf0f65d1f6cb&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.53.com&fp=content%2Ffifth-third%2Fen%2Flogin.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1669154098273&jsl=8193&uvs=637d4532245e794a000&skipb=1&callback=addthis.cbs.jsonp__261199626052477260
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash af1ab68591942f940cf40ad1f764be49
426bb4fe12996f7e702343ece5f0c7d99c0f62b2
830aeaf1e461af784c7380f6d40c276b415f9b79f3e9ef7db39273936a1fa82c
GET /live/red_lojson/300lo.json?si=637d45329c14d9e8&bkl=0&bl=1&pdt=3029&sid=637d45329c14d9e8&pub=ra-57fbbf0f65d1f6cb&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.53.com&fp=content%2Ffifth-third%2Fen%2Flogin.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1669154098273&jsl=8193&uvs=637d4532245e794a000&skipb=1&callback=addthis.cbs.jsonp__261199626052477260 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 90
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Tue, 22 Nov 2022 21:54:59 GMT
X-Firefox-Spdy: h2
v1.addthisedge.com/live/boost/ra-57fbbf0f65d1f6cb/_ate.track.config_resp
23.38.200.123200 OK 519 B URL HTTP/2 v1.addthisedge.com/live/boost/ra-57fbbf0f65d1f6cb/_ate.track.config_resp
IP 23.38.200.123:0
File type ASCII text, with very long lines (1453), with no line terminators
Hash 76324c2cd3d5ecac24a41c8416ae321a
edda4d596062c82ac9476377e20610379bcbfe32
ac3db93d9c92bb344e7a6c991e742d788c7b5bed5429d7dc8e01b564aca7f183
GET /live/boost/ra-57fbbf0f65d1f6cb/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 519
etag: 823650384--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=17, s-maxage=86400
date: Tue, 22 Nov 2022 21:54:59 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0be3e3b6a55789993d7a1a175bb8e335
70e1b2ef23731397872aa67d3da9f97d40e4fad4
155e55bec061fd76dc2a73b570ebbac9ad17f22e95394c7bf96094a0729a7a54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5976
Cache-Control: max-age=130534
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Etag: "637c88c1-1d7"
Expires: Thu, 24 Nov 2022 10:10:33 GMT
Last-Modified: Tue, 22 Nov 2022 08:30:57 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/983180037/?random=1669154098345&cv=11&fst=1669154098345&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 988 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/983180037/?random=1669154098345&cv=11&fst=1669154098345&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2143), with no line terminators
Hash 3e518b6995d7713aecd34242605d099f
eb1a25b24a89cdd8b2fd8af3eae2e042e4191050
18b514dba1df0645a14f026ae69ffb19254bba5c531a77cec925ee1df356ef5c
GET /pagead/viewthroughconversion/983180037/?random=1669154098345&cv=11&fst=1669154098345&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 988
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/783154456/?random=1669154098601&cv=11&fst=1669154098601&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 987 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/783154456/?random=1669154098601&cv=11&fst=1669154098601&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash c18711dad6dffae7e77d19bd15ca5afd
f9f73b7524c368f8d6edb38b19f99026ab4f8257
5616b031f9d63a61767a70a7328f49e1894563dd78a5b1eeeca20f8170140658
GET /pagead/viewthroughconversion/783154456/?random=1669154098601&cv=11&fst=1669154098601&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 987
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel.mathtag.com/event/js?mt_id=1475743&mt_adid=236841
23.38.200.207302 Moved Temporarily 0 B URL HTTP/1.1 pixel.mathtag.com/event/js?mt_id=1475743&mt_adid=236841
IP 23.38.200.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event/js?mt_id=1475743&mt_adid=236841 HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 302 Moved Temporarily
Content-Type: text/javascript
Content-Length: 0
Access-Control-Allow-Origin: *
Server: MT3 169 32252b7 master iad-pixel-x9 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://pixel.mathtag.com/event/js?mt_id=1475743&mt_adid=236841
Expires: Tue, 22 Nov 2022 21:54:58 GMT
Date: Tue, 22 Nov 2022 21:54:59 GMT
Connection: keep-alive
eloqua.53.com/visitor/v200/svrGP?pps=3&siteid=1240377118&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=eloqua.53.com
142.0.165.165302 Found 289 B URL HTTP/1.1 eloqua.53.com/visitor/v200/svrGP?pps=3&siteid=1240377118&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=eloqua.53.com
IP 142.0.165.165:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4e6ebcd438308762a973d13de1a3784b
a097f7fe8f3fca93d2fd246b2cbd3715c76193ab
10493e99ffb3fa855fa496d23c2c46788024cde9003f2247d66e2a4ef6c7b7fd
GET /visitor/v200/svrGP?pps=3&siteid=1240377118&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=eloqua.53.com HTTP/1.1
Host: eloqua.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 302 Found
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://eloqua.53.com/visitor/v200/svrGP?pps=3&siteid=1240377118&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=27FCFEBD62D442FC98D6EFDEB27EB96A
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Tue, 22 Nov 2022 21:54:59 GMT
Content-Length: 289
googleads.g.doubleclick.net/pagead/viewthroughconversion/965699254/?random=1669154098386&cv=11&fst=1669154098386&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 988 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/965699254/?random=1669154098386&cv=11&fst=1669154098386&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash 80bbea5e5abde083d2141abd8e7a7ea6
01954a3e4107031c58d2906750c5275d54079f1c
40916d82d33aedb7a190c0772eb9603c1a4db5818de749b94288a514fba47848
GET /pagead/viewthroughconversion/965699254/?random=1669154098386&cv=11&fst=1669154098386&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 988
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.53.com/etc/designs/fifth-third/favicons/android-chrome-192x192.png
104.88.20.89200 OK 12 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/favicons/android-chrome-192x192.png
IP 104.88.20.89:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 6196296d6da29c45fa85682fff153ecf
3d20183ede291a0f86f7a0a7d7fb81efa8b06c01
c84fa4b619a90081150350106c4d17279b260f7b0dc6ceea709ec8488cc34466
GET /etc/designs/fifth-third/favicons/android-chrome-192x192.png HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Cookie: AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398; akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=41~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=d24d972f8c68405ad0939ebef2e0de0a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: image/png
ETag: "2fbb-573a4ff438880"
Last-Modified: Fri, 17 Aug 2018 17:36:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 12219
Date: Tue, 22 Nov 2022 21:54:59 GMT
Connection: keep-alive
www.53.com/etc/designs/fifth-third/favicons/favicon-16x16.png
104.88.20.89200 OK 1.1 kB URL HTTP/1.1 www.53.com/etc/designs/fifth-third/favicons/favicon-16x16.png
IP 104.88.20.89:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash d78dff827d07973f71be81870d61fbe5
0988755c34c40f7594926eae9c1e039ebffff95c
d7df254755e9212bf50242a91039e2c2e1485000ffd795a8a3e52c21522c4a6b
GET /etc/designs/fifth-third/favicons/favicon-16x16.png HTTP/1.1
Host: www.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Cookie: AWSELBCORS=B503ED2F1EF9700649607026C911227B888706CD19505F65B10C47E2B4499BF456963A7248108C2659BC8362CBDCFA56572652241332775EF06F84FC936786FFD5E0D31398; akaalb_ALB_www_53_com=~op=LBM_www_53_com:Adobe|~rv=41~m=Adobe:0|~os=660684d2f9244e64940948b40aec0281~id=d24d972f8c68405ad0939ebef2e0de0a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'none';form-action 'self';
Content-Type: image/png
ETag: "426-573a4ff438880"
Last-Modified: Fri, 17 Aug 2018 17:36:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 1062
Date: Tue, 22 Nov 2022 21:54:59 GMT
Connection: keep-alive
platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2F1intre.duckdns.org
192.229.233.25200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2F1intre.duckdns.org
IP 192.229.233.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 2b4968b185495eddda0d85b2351ebb71
c665785ca0f4039f8c71d94631cd50a879d866b5
eb8af089d8082a58a6e90fedc23007f17a9e89ddbc6a29b6e535e4847ba94160
GET /widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=http%3A%2F%2F1intre.duckdns.org HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1726446
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 22 Nov 2022 21:54:59 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 4.6 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12961)
Hash c1a25b303b61b25e995516f5559bcdea
3c16a6fa3a2a6dc59d57a9ea1588c4f259884688
2063d2d1415ce9437e9331cb9a798714a5b2e106a65d6dc0ef0d426a5a4c30f2
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=32478
date: Tue, 22 Nov 2022 21:54:59 GMT
content-length: 4581
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9e3dfb4ad751d5870a8b016a7cd400d9
191f263905817bf829d4071d7df808bc432c4647
0a1e3d80d317539c490959bf59676adff9e85cb4ce2fb1619be71a022c0a4aa3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6009
Cache-Control: max-age=142790
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Etag: "637cb880-139"
Expires: Thu, 24 Nov 2022 13:34:49 GMT
Last-Modified: Tue, 22 Nov 2022 11:54:40 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 313
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: AZjerdPkFkmlZ/CCz6yfo7Rn26ULEuxIHg9dQfx/YdvbUP/a3KICYnqxlaQbu/pMbtoECMhyfYWj6W0XNZOeXg==
content-length: 27340
x-fb-trip-id: 1679558926
date: Tue, 22 Nov 2022 21:54:59 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0be3e3b6a55789993d7a1a175bb8e335
70e1b2ef23731397872aa67d3da9f97d40e4fad4
155e55bec061fd76dc2a73b570ebbac9ad17f22e95394c7bf96094a0729a7a54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5976
Cache-Control: max-age=130534
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Etag: "637c88c1-1d7"
Expires: Thu, 24 Nov 2022 10:10:33 GMT
Last-Modified: Tue, 22 Nov 2022 08:30:57 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/936762750/?random=1669154098551&cv=11&fst=1669154098551&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 986 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/936762750/?random=1669154098551&cv=11&fst=1669154098551&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2145), with no line terminators
Hash a12990a2127172923d29e978c1967cc4
8851d0d2fdf2cc11e475b62567ab80c4bb1c202e
51c37de481821413095a4b9e6fa70d05c834dd9805c38b6b92b6cca07ad967d5
GET /pagead/viewthroughconversion/936762750/?random=1669154098551&cv=11&fst=1669154098551&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&auid=13096682.1669154098&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:54:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 986
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 22:09:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 775de7f778ccefb7779be755ceaebea0
468bf6b7ae1f5cc99dd4a01fdc8ab6b0e6c0efc3
017436f8988b4eed753f49f7719fcc9ec7d875c7f4b2c9b3a81d7b17a9d4d78e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6126
Cache-Control: max-age=118413
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:54:59 GMT
Etag: "637c58d2-138"
Expires: Thu, 24 Nov 2022 06:48:32 GMT
Last-Modified: Tue, 22 Nov 2022 05:06:26 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 312
t.co/i/adsct?bci=3&eci=2&event_id=2e91713c-ae3b-4092-a9c0-d14c82dc9e70&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7061bebe-8dd1-4018-b390-aa3c9ae7d4b9&tw_document_href=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny99k&type=javascript&version=2.3.29
104.244.42.197200 OK 43 B URL HTTP/2 t.co/i/adsct?bci=3&eci=2&event_id=2e91713c-ae3b-4092-a9c0-d14c82dc9e70&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7061bebe-8dd1-4018-b390-aa3c9ae7d4b9&tw_document_href=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny99k&type=javascript&version=2.3.29
IP 104.244.42.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=2e91713c-ae3b-4092-a9c0-d14c82dc9e70&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7061bebe-8dd1-4018-b390-aa3c9ae7d4b9&tw_document_href=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny99k&type=javascript&version=2.3.29 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 21:54:59 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=944b402f-1edf-49db-a772-9bcb503ce12a; Max-Age=63072000; Expires=Thu, 21 Nov 2024 21:54:59 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 750ba9722a05ffe8
strict-transport-security: max-age=0
x-response-time: 104
x-connection-hash: c783e7eb58410cce5673de012b3376a69db45b8605a9f4924a60a75f694f2569
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=7d1c2c79d65a71c5f52d627b822077ebc13e472a
104.244.42.200200 OK 374 B URL HTTP/2 syndication.twitter.com/settings?session_id=7d1c2c79d65a71c5f52d627b822077ebc13e472a
IP 104.244.42.200:0
File type JSON data\012- , ASCII text, with very long lines (913), with no line terminators
Hash 925c2a7587f39436ea29513221652474
695b7f2f3d99f407bcdfd0b372db0e28193cc60c
62e36e14e5c219119cb51c3cdf43a2005512a1bd6ebf2d68d0c610a2e6e3ef0f
GET /settings?session_id=7d1c2c79d65a71c5f52d627b822077ebc13e472a HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 21:54:59 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Tue, 22 Nov 2022 21:54:59 GMT
content-length: 374
content-encoding: gzip
x-transaction-id: 40a237d295139bdf
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 103
x-connection-hash: ce1022913aec65f139f2463da49b85f2e4c04192a5dc10de745d884b593e3e50
X-Firefox-Spdy: h2
eloqua.53.com/visitor/v200/svrGP?pps=3&siteid=1240377118&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=27FCFEBD62D442FC98D6EFDEB27EB96A
142.0.165.165200 OK 49 B URL HTTP/1.1 eloqua.53.com/visitor/v200/svrGP?pps=3&siteid=1240377118&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=27FCFEBD62D442FC98D6EFDEB27EB96A
IP 142.0.165.165:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash dbefe00673f01d8b0f2791f3e30565cc
6b3227ad1a39504f155cb0117293a44ab3cbec3a
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
GET /visitor/v200/svrGP?pps=3&siteid=1240377118&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=27FCFEBD62D442FC98D6EFDEB27EB96A HTTP/1.1
Host: eloqua.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://1intre.duckdns.org/
Connection: keep-alive
HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: image/gif
Expires: -1
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Set-Cookie: ELOQUA=GUID=27FCFEBD62D442FC98D6EFDEB27EB96A; domain=53.com; expires=Fri, 22-Dec-2023 21:54:59 GMT; path=/
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Tue, 22 Nov 2022 21:54:59 GMT
Content-Length: 49
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
23.38.200.123200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP 23.38.200.123:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 9a77dff666eebb6cf4bbc4c67c7b563b
9e98d7824a7b4e34665c2690d6f52caddad1fe4b
6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Tue, 22 Nov 2022 21:55:00 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash dc18476a17e787dc0700f3ee8dc99bcf
4db3ef7edb2683d8141280b9dd780ce4375e3c0f
4082538731e62eb96bd62690e973875ef9e3048432a3a849d7bedd37872b79ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/847447334/?random=1669154098753&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3172329191&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/847447334/?random=1669154098753&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3172329191&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/847447334/?random=1669154098753&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3172329191&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/983180037/?random=1669154098345&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=532363868&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/983180037/?random=1669154098345&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=532363868&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/983180037/?random=1669154098345&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=532363868&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/787644850/?random=1669154098467&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3387116181&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/787644850/?random=1669154098467&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3387116181&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/787644850/?random=1669154098467&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3387116181&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/854346853/?random=1669154098772&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2489850826&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/854346853/?random=1669154098772&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2489850826&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/854346853/?random=1669154098772&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2489850826&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/936762750/?random=1669154098551&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3153382604&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/936762750/?random=1669154098551&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3153382604&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/936762750/?random=1669154098551&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3153382604&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/965699254/?random=1669154098386&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3769331401&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/965699254/?random=1669154098386&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3769331401&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/965699254/?random=1669154098386&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3769331401&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/783154456/?random=1669154098601&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3070889848&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/783154456/?random=1669154098601&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3070889848&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/783154456/?random=1669154098601&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3070889848&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/986790419/?random=1669154098737&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3792108668&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/986790419/?random=1669154098737&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3792108668&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/986790419/?random=1669154098737&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3792108668&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/847447334/?random=1669154098759&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=900686013&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/847447334/?random=1669154098759&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=900686013&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/847447334/?random=1669154098759&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=900686013&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/965699254/?random=1669154098377&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849419481&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/965699254/?random=1669154098377&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849419481&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/965699254/?random=1669154098377&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849419481&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 30f9b470687377b0ddabd9073d76447d
23ee4a275e671fa0efb57ed83dc7b07ac1210b28
90193ca46aa9709c2d418c8b028b67096e9f7022a95bb3d801b175849d3c75a3
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "90193CA46AA9709C2D418C8B028B67096E9F7022A95BB3D801B175849D3C75A3"
Last-Modified: Tue, 22 Nov 2022 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3568
Expires: Tue, 22 Nov 2022 22:54:28 GMT
Date: Tue, 22 Nov 2022 21:55:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fab2cb3bd48a955d89176110d75459e4
8e642591b32f0095b8302d23b2aa3d4849352c56
71e3ae0dd72335874bd1e42e216d72a6185fb21786e55efbf3012ee0094692a0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fab2cb3bd48a955d89176110d75459e4
8e642591b32f0095b8302d23b2aa3d4849352c56
71e3ae0dd72335874bd1e42e216d72a6185fb21786e55efbf3012ee0094692a0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash dc18476a17e787dc0700f3ee8dc99bcf
4db3ef7edb2683d8141280b9dd780ce4375e3c0f
4082538731e62eb96bd62690e973875ef9e3048432a3a849d7bedd37872b79ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fab2cb3bd48a955d89176110d75459e4
8e642591b32f0095b8302d23b2aa3d4849352c56
71e3ae0dd72335874bd1e42e216d72a6185fb21786e55efbf3012ee0094692a0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash dc18476a17e787dc0700f3ee8dc99bcf
4db3ef7edb2683d8141280b9dd780ce4375e3c0f
4082538731e62eb96bd62690e973875ef9e3048432a3a849d7bedd37872b79ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/965699254/?random=1669154098377&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849419481&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/965699254/?random=1669154098377&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849419481&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/965699254/?random=1669154098377&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849419481&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/983180037/?random=1669154098345&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=532363868&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/983180037/?random=1669154098345&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=532363868&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/983180037/?random=1669154098345&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=532363868&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/854346853/?random=1669154098772&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2489850826&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/854346853/?random=1669154098772&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2489850826&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/854346853/?random=1669154098772&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2489850826&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 1828009c17ee45989a90f67fff62a21a
af8a608051b3c746727e3d38ad94b50e575a8d86
b212bae2c1752d2edf32d7384dc73efe7ae8fa2adf5afd5cd3b518294cf29dd2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6459
Cache-Control: max-age=97873
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Etag: "637c074a-13a"
Expires: Thu, 24 Nov 2022 01:06:13 GMT
Last-Modified: Mon, 21 Nov 2022 23:18:34 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 314
www.google.com/pagead/1p-user-list/936762750/?random=1669154098551&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3153382604&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/936762750/?random=1669154098551&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3153382604&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/936762750/?random=1669154098551&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3153382604&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/847447334/?random=1669154098753&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3172329191&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/847447334/?random=1669154098753&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3172329191&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/847447334/?random=1669154098753&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3172329191&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/986790419/?random=1669154098737&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3792108668&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/986790419/?random=1669154098737&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3792108668&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/986790419/?random=1669154098737&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3792108668&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/783154456/?random=1669154098601&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3070889848&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/783154456/?random=1669154098601&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3070889848&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/783154456/?random=1669154098601&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3070889848&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/965699254/?random=1669154098386&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3769331401&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/965699254/?random=1669154098386&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3769331401&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/965699254/?random=1669154098386&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3769331401&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/854356612/?random=1669154098692&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2870485613&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/854356612/?random=1669154098692&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2870485613&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/854356612/?random=1669154098692&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2870485613&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/787644850/?random=1669154098467&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3387116181&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/787644850/?random=1669154098467&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3387116181&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/787644850/?random=1669154098467&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3387116181&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/854356612/?random=1669154098692&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2870485613&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/854356612/?random=1669154098692&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2870485613&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/854356612/?random=1669154098692&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2870485613&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/847447334/?random=1669154098759&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=900686013&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/847447334/?random=1669154098759&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=900686013&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/847447334/?random=1669154098759&cv=11&fst=1669150800000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tiba=Fifth%20Third%20Banking%20Login%20%7C%20Fifth%20Third%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=900686013&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 21:55:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9ef11a2d1e232b4b45e40ff0c29fa8b0
0966963f13e3b149e3e3c8c2c81e7986d1d8a07b
9ce8b9ab5f1dfdc0686d1660ed64c6eff5cc3d1492d82aa769ac58e3a159dd1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=contactforms.53.com
142.0.173.20302 Found 290 B URL HTTP/1.1 contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=contactforms.53.com
IP 142.0.173.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c40e3b0009e97598157e19d12d84cdd9
86fc5635e5f66f533e23cc2612ab31df87abd02b
1c0d81097a14dbf371dc5e219a3b93828ef4942b0b206b163fadec36a5a2a271
GET /visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&firstPartyCookieDomain=contactforms.53.com HTTP/1.1
Host: contactforms.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=C9195A3F41BF4AEB9B1D0594669CA3C3
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Tue, 22 Nov 2022 21:54:59 GMT
Content-Length: 290
pixel.mathtag.com/event/js?mt_id=1475743&mt_adid=236841
23.38.200.207200 OK 2.2 kB URL HTTP/1.1 pixel.mathtag.com/event/js?mt_id=1475743&mt_adid=236841
IP 23.38.200.207:0
Hash 12894ea3b55faf7888c4394e61bda61b
505c57b3cc7438e96a62af48d0169990e65c4b8a
a1e03cea68b9cbf8b5444dd638dc02ee38c7022f35c450aba411e27359d16cc4
GET /event/js?mt_id=1475743&mt_adid=236841 HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 2150
Access-Control-Allow-Origin: *
Server: MT3 169 32252b7 master iad-pixel-x19 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Tue, 22 Nov 2022 21:54:59 GMT
Date: Tue, 22 Nov 2022 21:55:00 GMT
Connection: keep-alive
Set-Cookie: uuid=208e637d-4534-4700-9209-e0936546491d; domain=.mathtag.com; path=/; expires=Wed, 20-Dec-2023 21:55:00 GMT; SameSite=None; Secure
px.ads.linkedin.com/collect?v=2&fmt=js&pid=1227018&time=1669154099471&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=1227018&time=1669154099471&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=1227018&time=1669154099471&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1227018%26time%3D1669154099471%26url%3Dhttp%253A%252F%252F1intre.duckdns.org%252Forgt%252F4c9f74c6b4204ccf698ee170b42a7f57%252F%253Fcont%253DQERldmlsbWFzazA5%2526token%253Dfb21d8f1557c8912b7ce11bd49a339a2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJbcTKUSjeOYQAAAYShVlTo1aTDcSPSCuPhfutjMpEKNheo3RSIPwB3pKr5Rn-GLnYHHaVnzMVRrQ; Max-Age=2592000; Expires=Thu, 22 Dec 2022 21:55:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQLAvsPtiC40gAAAAYShVlToTwz6GmeTTkwITHsUOT5GdRHP85MO0E5TBf6EZJB6o1H5t51lwB88ENk40mEJeg; Max-Age=2592000; Expires=Thu, 22 Dec 2022 21:55:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&1524c4e5-3039-4596-8cbb-3ad997d324ad"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 22-Nov-2023 21:55:00 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2435:u=1:x=1:i=1669154100:t=1669240500:v=2:sig=AQFQ0j2eAeKqpBPEaeUU3DcMcp7JPiAW"; Expires=Wed, 23 Nov 2022 21:55:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXuFjk7WTflZmva9KeYeg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: F23663265AE3463C867C2100A0482073 Ref B: OSL30EDGE0321 Ref C: 2022-11-22T21:55:00Z
date: Tue, 22 Nov 2022 21:54:59 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/1227018/domain/1intre.duckdns.org/token
54.230.111.8200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/1227018/domain/1intre.duckdns.org/token
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/1227018/domain/1intre.duckdns.org/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://1intre.duckdns.org/
Origin: http://1intre.duckdns.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Tue, 22 Nov 2022 21:55:00 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nmCXY4tbxU2CcxL3FPs4BytcnWYLAoyM6hGYNJcy2lghAdcK1hDD1w==
X-Firefox-Spdy: h2
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=2e91713c-ae3b-4092-a9c0-d14c82dc9e70&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7061bebe-8dd1-4018-b390-aa3c9ae7d4b9&tw_document_href=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny99k&type=javascript&version=2.3.29
104.244.42.131200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=2e91713c-ae3b-4092-a9c0-d14c82dc9e70&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7061bebe-8dd1-4018-b390-aa3c9ae7d4b9&tw_document_href=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny99k&type=javascript&version=2.3.29
IP 104.244.42.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=2e91713c-ae3b-4092-a9c0-d14c82dc9e70&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7061bebe-8dd1-4018-b390-aa3c9ae7d4b9&tw_document_href=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny99k&type=javascript&version=2.3.29 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 21:55:00 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_DIfoe2F+fO4wcOn+x/WfLg=="; Max-Age=63072000; Expires=Thu, 21 Nov 2024 21:55:00 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 2c8c113859ad5e75
strict-transport-security: max-age=631138519
x-response-time: 116
x-connection-hash: 6a06f05c19a3fbef50abdd6c793b9c8ffbffdd10b6dca192744c33e75b640c08
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=1221502774554360&ev=PageView&dl=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&rl=&if=false&ts=1669154100143&sw=1280&sh=1024&v=2.9.89&r=stable&a=adobe_launch&ec=0&o=28&fbp=fb.2.1669154100142.499145839&it=1669154099489&coo=false&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=1221502774554360&ev=PageView&dl=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&rl=&if=false&ts=1669154100143&sw=1280&sh=1024&v=2.9.89&r=stable&a=adobe_launch&ec=0&o=28&fbp=fb.2.1669154100142.499145839&it=1669154099489&coo=false&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=1221502774554360&ev=PageView&dl=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&rl=&if=false&ts=1669154100143&sw=1280&sh=1024&v=2.9.89&r=stable&a=adobe_launch&ec=0&o=28&fbp=fb.2.1669154100142.499145839&it=1669154099489&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Nov 2022 21:55:00 GMT
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1227018%26time%3D1669154099471%26url%3Dhttp%253A%252F%252F1intre.duckdns.org%252Forgt%252F4c9f74c6b4204ccf698ee170b42a7f57%252F%253Fcont%253DQERldmlsbWFzazA5%2526token%253Dfb21d8f1557c8912b7ce11bd49a339a2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1227018%26time%3D1669154099471%26url%3Dhttp%253A%252F%252F1intre.duckdns.org%252Forgt%252F4c9f74c6b4204ccf698ee170b42a7f57%252F%253Fcont%253DQERldmlsbWFzazA5%2526token%253Dfb21d8f1557c8912b7ce11bd49a339a2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1227018%26time%3D1669154099471%26url%3Dhttp%253A%252F%252F1intre.duckdns.org%252Forgt%252F4c9f74c6b4204ccf698ee170b42a7f57%252F%253Fcont%253DQERldmlsbWFzazA5%2526token%253Dfb21d8f1557c8912b7ce11bd49a339a2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1227018&time=1669154099471&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&271d9bd8-1c0a-46a7-85c5-8398c53b8b93"; Domain=.linkedin.com; Expires=Wed, 22-Nov-2023 21:55:00 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202211222155006b56d8b2-23c3-4549-8a40-a1aa35edeab6AQFNSgLoMw_bXpoizOfrRM-_Nqr71yUG"; Domain=.www.linkedin.com; Expires=Wed, 22-Nov-2023 21:55:00 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjkxNTQxMDA7MjswMjExpw+MBg1FYAe0ZVzvL1Vou9NKrceRnDgmTZmhCECYsQ==; Domain=.linkedin.com; Expires=Sun, 21 May 2023 21:55:00 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2419:u=1:x=1:i=1669154100:t=1669240500:v=2:sig=AQEL20ok-1FxyDfZAOb_HHOi5kE7ocES"; Expires=Wed, 23 Nov 2022 21:55:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXuFjk+5Y+CJrdG6zZRJw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: FF104AEF9BC446C1B9A9B927C271168A Ref B: OSL30EDGE0321 Ref C: 2022-11-22T21:55:00Z
date: Tue, 22 Nov 2022 21:54:59 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 40c88d70b5c149a5035df4029d0c771a
aa7f844e7e0663ab5f4d1c2f48e6f55ac8d358c0
d8437bad8650159abf4fbe194b2002cb3fdf2b07d6c0a9d5f3709b6271b27d65
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=149056
Date: Tue, 22 Nov 2022 21:55:00 GMT
Etag: "637cd61d-1d7"
Expires: Thu, 24 Nov 2022 15:19:16 GMT
Last-Modified: Tue, 22 Nov 2022 14:01:01 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -tV55jN1vCrDz_nx6MFmA4ApuPwC-NfO1eXjeyU12kKDKM5L6IOKcA==
Age: 4695
cm.everesttech.net/cm/dd?d_uuid=32090150232739222220161828069110168876
99.80.65.0302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=32090150232739222220161828069110168876
IP 99.80.65.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=32090150232739222220161828069110168876 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Tue, 22 Nov 2022 21:55:00 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y31FNAAAAKpZ2AOJ; Domain=.everesttech.net; Expires=Wed, 22-Nov-2023 21:55:00 GMT; Path=/
everest_session_v2=Y31FNAAAAKpZ2QOJ; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ
Server: AMO-cookiemap/1.1
px.ads.linkedin.com/collect?v=2&fmt=js&pid=1227018&time=1669154099471&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=1227018&time=1669154099471&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=1227018&time=1669154099471&url=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&3b1f8ac2-0306-40bd-8310-ae55a4fea9fe"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 22-Nov-2023 21:55:00 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2419:u=1:x=1:i=1669154100:t=1669240500:v=2:sig=AQEL20ok-1FxyDfZAOb_HHOi5kE7ocES"; Expires=Wed, 23 Nov 2022 21:55:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXuFjlBkWVbmP320YeqYw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 7C7768854C034D308CDF858C41D7CE84 Ref B: OSL30EDGE0321 Ref C: 2022-11-22T21:55:00Z
date: Tue, 22 Nov 2022 21:54:59 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 36c40931f200b053661f419c9548c26b
f87e73222e34a158745517f3c60e70754007b710
c73d5254d4cc5b686a91cacf534f7487d8c34025eea21084947a3a11b4efd130
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1507
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 21:55:00 GMT
Last-Modified: Tue, 22 Nov 2022 21:29:54 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/ibs:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ
52.213.64.117302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ
IP 52.213.64.117:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-048420acf.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=83947994983438256121782515965608091539; Max-Age=15552000; Expires=Sun, 21 May 2023 21:55:00 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: RPWZoSuuShE=
Content-Length: 0
Connection: keep-alive
contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=C9195A3F41BF4AEB9B1D0594669CA3C3
142.0.173.20200 OK 49 B URL HTTP/1.1 contactforms.53.com/visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=C9195A3F41BF4AEB9B1D0594669CA3C3
IP 142.0.173.20:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash dbefe00673f01d8b0f2791f3e30565cc
6b3227ad1a39504f155cb0117293a44ab3cbec3a
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
GET /visitor/v200/svrGP?pps=3&siteid=1165&ref2=elqNone&tzo=0&ms=121&optin=disabled&elq1pcGUID=C9195A3F41BF4AEB9B1D0594669CA3C3 HTTP/1.1
Host: contactforms.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: image/gif
Expires: -1
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Set-Cookie: ELOQUA=GUID=C9195A3F41BF4AEB9B1D0594669CA3C3; domain=53.com; expires=Fri, 22-Dec-2023 21:55:00 GMT; path=/
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Tue, 22 Nov 2022 21:55:00 GMT
Content-Length: 49
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ
52.213.64.117200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ
IP 52.213.64.117:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y31FNAAAAKpZ2AOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1intre.duckdns.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0e1730cee.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: OOcu6qP1Rqw=
Content-Length: 59
Connection: keep-alive
tms.53.com/b/ss/fifththirdbankdev/10/JS-2.20.0-LCXS/s11884201027933?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=22%2F10%2F2022%2021%3A55%3A0%202%200&d.&nsid=0&jsonv=1&.d&ts=2022-11-22T21%3A55%3A00.875Z&mid=32084093951958105240157859859578085726&aamlh=6&ce=UTF-8&pageName=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&g=1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F&c.&getTimeParting=6.3&.c&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&v2=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&v22=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D22%20%7C%20day%3DTuesday%20%7C%20time%3D4%3A55%20PM&v27=2022-11-22T17%3A55%3A00.875&c40=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&v40=1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F&c64=1&v64=New&c65=5.5&c66=Cookies%20Not%20Supported&c67=%7Cundefined%7Cundefined&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&mcorgid=CBBDCBC1557213FE7F000101%40AdobeOrg&AQE=1
13.36.218.177200 OK 638 B URL HTTP/1.1 tms.53.com/b/ss/fifththirdbankdev/10/JS-2.20.0-LCXS/s11884201027933?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=22%2F10%2F2022%2021%3A55%3A0%202%200&d.&nsid=0&jsonv=1&.d&ts=2022-11-22T21%3A55%3A00.875Z&mid=32084093951958105240157859859578085726&aamlh=6&ce=UTF-8&pageName=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&g=1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F&c.&getTimeParting=6.3&.c&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&v2=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&v22=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D22%20%7C%20day%3DTuesday%20%7C%20time%3D4%3A55%20PM&v27=2022-11-22T17%3A55%3A00.875&c40=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&v40=1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F&c64=1&v64=New&c65=5.5&c66=Cookies%20Not%20Supported&c67=%7Cundefined%7Cundefined&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&mcorgid=CBBDCBC1557213FE7F000101%40AdobeOrg&AQE=1
IP 13.36.218.177:0
File type ASCII text, with very long lines (637)
Hash 3ca025d14c8cd394952fe4ee391afc91
1981ac1b079c4a7469e2e6de13f7ae89f1603f14
f68452a90ec258d8536c7c6876a2163a14c22cdbdcfb17d2f9b279715c9e180e
GET /b/ss/fifththirdbankdev/10/JS-2.20.0-LCXS/s11884201027933?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=22%2F10%2F2022%2021%3A55%3A0%202%200&d.&nsid=0&jsonv=1&.d&ts=2022-11-22T21%3A55%3A00.875Z&mid=32084093951958105240157859859578085726&aamlh=6&ce=UTF-8&pageName=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&g=1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F&c.&getTimeParting=6.3&.c&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&v2=fifth%20third%20bank%20%7C%20orgt%20%7C%204c9f74c6b4204ccf698ee170b42a7f57%20%7C%20&v22=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D22%20%7C%20day%3DTuesday%20%7C%20time%3D4%3A55%20PM&v27=2022-11-22T17%3A55%3A00.875&c40=http%3A%2F%2F1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F%3Fcont%3DQERldmlsbWFzazA5%26token%3Dfb21d8f1557c8912b7ce11bd49a339a2&v40=1intre.duckdns.org%2Forgt%2F4c9f74c6b4204ccf698ee170b42a7f57%2F&c64=1&v64=New&c65=5.5&c66=Cookies%20Not%20Supported&c67=%7Cundefined%7Cundefined&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&mcorgid=CBBDCBC1557213FE7F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: tms.53.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1intre.duckdns.org/
HTTP/1.1 200 OK
access-control-allow-origin: *
date: Tue, 22 Nov 2022 21:55:01 GMT
expires: Mon, 21 Nov 2022 21:55:01 GMT
last-modified: Wed, 23 Nov 2022 21:55:01 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3584481138761203712-4619383871627794861
vary: *
dcs: dcs-prod-irl1-1-v045-0a2056b15.edge-irl1.demdex.com 4 ms
x-aam-tid: edkruHcPTXw=
content-type: application/x-javascript;charset=utf-8
content-length: 638
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cdn.linkedin.oribi.io/partner/1227018/domain/1intre.duckdns.org/token
54.230.111.8200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/1227018/domain/1intre.duckdns.org/token
IP 54.230.111.8:0
GET /partner/1227018/domain/1intre.duckdns.org/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://1intre.duckdns.org
Connection: keep-alive
Referer: http://1intre.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Tue, 22 Nov 2022 21:55:00 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lto0vmNwgiqoTUZx1OY1fujhlsC8TFjb9bwLWDPbexwS4JaJJjknWw==
X-Firefox-Spdy: h2