Report - discountcard.com/

Report Overview

Submitted URL
discountcard.com/
IP
45.33.20.235
ASN
#63949 Linode, LLC
Submitted
2022-12-04 08:55:38
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	4.9 kB	142.250.74.131
partner.googleadservices.com	798	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	845 B	216.58.207.226
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	48 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	95.101.11.115
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.41.201.177
www1.discountcard.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.7 kB	16 kB	76.223.26.96
d38psrni17bvxu.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	20 kB	54.230.245.22
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
discountcard.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	834 B	5.9 kB	198.58.118.167
afs.googleusercontent.com	12123	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	885 B	2.3 kB	142.250.74.97
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	182 kB	142.250.74.132
c.parkingcrew.net	70582	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	297 B	1.0 kB	185.53.178.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	discountcard.com/	Malware
2022-12-04	medium	discountcard.com/mtm/async/.eJxdi0sOwjAMBe-SZYkalnzEWZBx3dZSfjhuiYS4OymwYjfzRu9pFmFzMs5YAzKVho2ERhKSr8yp6DVCoKYDF0xLVAQZekxheyFS1taUqrpZg7eQs2cE5RRd3ZZd_V-DP98v-_5oOcBEDlYef_igW7ad6z79YF5vAt82Zw:1p1kmU:1mjs9ityd14g23kDgGTVNp9ZM0c/1/	Malware
2022-12-04	medium	d38psrni17bvxu.cloudfront.net/scripts/maincaf.js	Malware
2022-12-04	medium	d38psrni17bvxu.cloudfront.net/scripts/maincaf.js	Malware
2022-12-04	medium	www1.discountcard.com/ls.php	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	c.parkingcrew.net/scripts/sale_form.js	761 B	2023-03-07	2024-04-21
Pretty URL c.parkingcrew.net/scripts/sale_form.js IP 185.53.178.30 ASN #19905 NEUSTAR-AS6 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-21 20:15:13 Times Seen10843 Hash 64f809e06446647e192fce8d1ec34e09 5b7ced07da42e205067afa88615317a277a4a82c f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	103 B	2023-03-07	2023-03-17
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-03-17 23:32:26 Times Seen1 Hash eff198359d7830815fe4e33472820d4c d0675c7fc2fa176b9b912473f6f94a56d5e02821 a1ed7e13b07622a1293006c15579645d48e9c0cc0704dfc837a19d4c88461dda Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	386 B	2023-03-07	2023-03-17
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:44:55 Last Seen2023-03-17 23:32:26 Times Seen1 Hash e0f461f5e786de00532cae23265f8fa7 00aeec0405f209f8e537dfce729fb7970d332c70 6cf19b1406d2f42b163e5a58b451e5e5f1c31f46e9bd30edd8a1b7ee643f987b Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	1.4 kB	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash cf344601a8892395fbd65b6fdd99bad2 c5db8ee66c245a588326392a1dc6d4a51c3a8606 ad6ce98e7ab6b70a17f2fb7b6d3d76e2d198806ed3a2960b7ca1cd13c5df3909 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	3.1 kB	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash dda74f580ff5959d58395e479b6cda20 b4515b44a8313b72d761ae6c7af4979942146b57 5819159efb65c94d8ee0d46acfb5389bd4f635d8cbd7f1d0a8988ab5d8209dfe Loading...

	d38psrni17bvxu.cloudfront.net/scripts/maincaf.js	7.0 kB	2023-03-08	2023-03-17
Pretty URL d38psrni17bvxu.cloudfront.net/scripts/maincaf.js IP 54.230.245.22 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:52 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 3c7567521347bf95b105ffa7fdc7da86 08739adacbf1300c74d8ae1cf100d00d9fbd0e5f 0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29 Loading...

	www.google.com/adsense/domains/caf.js	147 kB	2023-03-08	2023-03-11
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:19 Last Seen2023-03-11 23:47:42 Times Seen1 Hash fbba6e330434113426fb962f3ccd35e1 55295f9e3b4ea3dfead558d5a57e92e5b2448aed 5b7f508d516cbf45d4f1ebd7e6c87602b22af377aaa77806c0605b3f4324788e Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	61 B	2023-03-07	2023-03-17
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:51 Last Seen2023-03-17 12:47:15 Times Seen1 Hash 042d4061a36091d9ba024a6cbe086e84 36837c713a75a2cde5dc18bc68e13a0d0c9cc255 f1206d5eee746d4a12b09d7200535c1141e6644da7790e9d7c3b18a9ecc25cf1 Loading...

	partner.googleadservices.com/gampad/cookie.js?domain=www1.discountcard.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie	193 B	2023-03-08	2023-03-08
Pretty URL partner.googleadservices.com/gampad/cookie.js?domain=www1.discountcard.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash de65ebd5190b3977594abd99af93a0e2 9a8d18b7ec5a35aba2995a791f0bcc453f8a8608 1165fbed67f56a93bd696a65049ca478ce5910ad6083a503c77c2eae87817475 Loading...

	www.google.com/adsense/domains/caf.js	147 kB	2023-03-08	2023-03-17
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:52 Last Seen2023-03-17 23:32:26 Times Seen1 Hash ecb02f055907ac2f0259c767ec1561f1 3e2b52544f532b3ef25dd1c32cce35fb01d5f9a2 b306374dbb55c7b712575242c471ac0c0adef4ef4181c0eab60144e5ad0470f9 Loading...

	unknown	0 B	2023-03-07	2024-04-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 08:50:24 Times Seen37018115 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	963 B	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash cbf166fcdb6ebcc4db78f3208cd7620b f753b1d7017a4edbec085e4945cbef1d2d9c1216 b50976df9a7e8f251758e9dbd7742590ec7d01687cf5d15ba74bef49608ba2e0 Loading...

	www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000299%2Cbucket103&client=dp-teaminternet12_3ph&r=m&sct=ID%3D181bba91a7bdaa42%3AT%3D1670144128%3AS%3DALNI_MaZjex_UxJc1TAy6NgvQpnzD1oymw&sc_status=6&hl=en&terms=Fundraising%20Management%20Software%2COnline%20School%20Fundraisers%2CCrowdfunding%20Payment%20Processor&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3%7Cs&nocache=9301670144127888&num=0&output=afd_ads&domain_name=www1.discountcard.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1670144127889&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=491710121&uio=--&cont=tc&jsid=caf&jsv=491710121&rurl=http%3A%2F%2Fwww1.discountcard.com%2F%3Ftm%3D1%26subid4%3D1670144127.0183680000%26kw%3Dfundraising%26KW1%3DFundraising%2520Management%2520Software%26KW2%3DOnline%2520School%2520Fundraisers%26KW3%3DCrowdfunding%2520Payment%2520Processor%26searchbox%3D0%26domainname%3D0%26backfill%3D0&adbw=master-1%3A530	6.4 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000299%2Cbucket103&client=dp-teaminternet12_3ph&r=m&sct=ID%3D181bba91a7bdaa42%3AT%3D1670144128%3AS%3DALNI_MaZjex_UxJc1TAy6NgvQpnzD1oymw&sc_status=6&hl=en&terms=Fundraising%20Management%20Software%2COnline%20School%20Fundraisers%2CCrowdfunding%20Payment%20Processor&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3%7Cs&nocache=9301670144127888&num=0&output=afd_ads&domain_name=www1.discountcard.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1670144127889&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=491710121&uio=--&cont=tc&jsid=caf&jsv=491710121&rurl=http%3A%2F%2Fwww1.discountcard.com%2F%3Ftm%3D1%26subid4%3D1670144127.0183680000%26kw%3Dfundraising%26KW1%3DFundraising%2520Management%2520Software%26KW2%3DOnline%2520School%2520Fundraisers%26KW3%3DCrowdfunding%2520Payment%2520Processor%26searchbox%3D0%26domainname%3D0%26backfill%3D0&adbw=master-1%3A530 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash 470976a2f37996879c0135a4b7b0bb16 1503f90380c38c1cf90fc3284d4b8422aa86683b ea05ffa0ff1f34414612f6ea96bbac1b4635fbe272ba7ef89cabe19e86e6da78 Loading...

	discountcard.com/	3.7 kB	2023-03-08	2023-03-08
Pretty URL discountcard.com/ IP 198.58.118.167 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash d5d219166f808fe62521f4c2e32e29e3 2b8b9b5074c06f8517381cf6ab3ef8914f406837 64006986fa2eb7d24007d70fdd1512451855d708bf2b70d45f03c7e43f4d4f0a Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	1.4 kB	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash d230d1764fb12b7d13363284839ba50c 5e9d6201e334e75260b387d32dbda22f80b123c7 31a802471e4657a600b7428eb0f40ff5bd275b66ee87830985b179fa37205a3e Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	27 B	2023-03-07	2023-03-17
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:06:24 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 720b2952fc220bbb17d6476ce04ec7fc b1209ee10c137b68502c6539492b922c4e43b606 e0ee6463779db16c9fe5457d0b899ccf233a692aca40e7bdbf7bf09354e43ece Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	3.1 kB	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash dd8d5920ced6a275dda5c96a45bc796f 85a071847b59eadb11bda1cba75b105dbc0285af 8b557f71b08ecac06478c3e1cef57f4f4366b4334a88360843f709e6ee2a23ab Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	40 B	2023-03-08	2023-05-23
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:24:08 Last Seen2023-05-23 17:14:04 Times Seen4695 Hash bbf1d9896eb3544c767d965a657e142c 5df55c7669b87f414501ffc91de02e4756141a83 f73cb6aef53ef853b780335ddf7d4cb319edcf02c8c050f270639a91226a09bc Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	71 B	2023-03-08	2024-01-04
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:23:53 Last Seen2024-01-04 08:38:22 Times Seen25410 Hash 1a5a5e1b6a26f57b95e3dd42f60612f4 b62a27e55a59b49084e682bd3c1588f6a40881ab 4066da16910907c7962da8e7011bf0cd62b6f2dcddb1911e3ea2de03ce3e1dc7 Loading...

	www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000299%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Fundraising%20Management%20Software%2COnline%20School%20Fundraisers%2CCrowdfunding%20Payment%20Processor&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300001&format=r3%7Cs&nocache=3841670144126457&num=0&output=afd_ads&domain_name=www1.discountcard.com&v=3&bsl=8&pac=1&u_his=2&u_tz=0&dt=1670144126459&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=491710121&uio=--&cont=tc&jsid=caf&jsv=491710121&rurl=http%3A%2F%2Fwww1.discountcard.com%2F%3Ftm%3D1%26subid4%3D1670144127.0183680000%26kw%3Dfundraising%26KW1%3DFundraising%2520Management%2520Software%26KW2%3DOnline%2520School%2520Fundraisers%26KW3%3DCrowdfunding%2520Payment%2520Processor%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fdiscountcard.com%2F&adbw=master-1%3A530	6.3 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000299%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Fundraising%20Management%20Software%2COnline%20School%20Fundraisers%2CCrowdfunding%20Payment%20Processor&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300001&format=r3%7Cs&nocache=3841670144126457&num=0&output=afd_ads&domain_name=www1.discountcard.com&v=3&bsl=8&pac=1&u_his=2&u_tz=0&dt=1670144126459&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=491710121&uio=--&cont=tc&jsid=caf&jsv=491710121&rurl=http%3A%2F%2Fwww1.discountcard.com%2F%3Ftm%3D1%26subid4%3D1670144127.0183680000%26kw%3Dfundraising%26KW1%3DFundraising%2520Management%2520Software%26KW2%3DOnline%2520School%2520Fundraisers%26KW3%3DCrowdfunding%2520Payment%2520Processor%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fdiscountcard.com%2F&adbw=master-1%3A530 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash 926b87756a5b6f882f4a065c0ecc76af 9812dd2e0a36ef9bed4f0910433924accb8be089 227c91a36e422ce9fbd95cb89cd8ef701645f00113ab821f7be2938a33ee7fd1 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	968 B	2023-03-08	2024-04-22
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:24:08 Last Seen2024-04-22 22:19:32 Times Seen27693 Hash c77554570ae0fa8e4fb31747dc213058 e989fbde07e6a68975c7a31e1d4df76afd90b96f c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	166 B	2023-03-07	2023-03-17
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:44:55 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 989c3090bdce93db83506dbbea3d636a 518f92aa83893b6c59e328112707e0023ac1fd0c d94b5f67f2517418f079ed4de6e5f09d6f64863f89648684aff4daa4edeb0ac5 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	387 B	2023-03-07	2023-03-17
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-03-17 23:32:26 Times Seen1 Hash 3e73c65a22bdd2d72118af9b51b80b40 f0c600cc278c9111e0164d3d6e20966a4bc8823f 3d7df9ca4013d27166a7de884bad461d25a47400a19b542f62258b2989c9e552 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	242 B	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash 76e1ba6dd040c9a038c3397604dd492b 43799dda66eae4191e2bc6ca4a4cc69562f52cdd ce7723039cd187cb188e90eb52a33681f3a0b0b9d99569c494823b249db02e9c Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	955 B	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash f03d5198ec0f2a799d9cda349274713d 06441bba8dcf9f36ed20313857acbbab2c9ad339 a26835957b9fa96e4dc95c1aae634695ba6ab788550d2fbc7e86228f6f2fa3d3 Loading...

	www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0	242 B	2023-03-08	2023-03-08
Pretty URL www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 IP 76.223.26.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:39 Last Seen2023-03-08 15:49:39 Times Seen1 Hash b5ec5ead9aceb00beb7a4dd960ebc235 a3b3dce5ba9333252579e6c34fc5f8c87c511faf cb201808c82fb1f53adc759b9a453df3523a275aa41bb090968ca8396047ded1 Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14279
Expires: Sun, 04 Dec 2022 12:53:25 GMT
Date: Sun, 04 Dec 2022 08:55:26 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5608
Cache-Control: max-age=97754
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:26 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 12:04:40 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13928
Expires: Sun, 04 Dec 2022 12:47:34 GMT
Date: Sun, 04 Dec 2022 08:55:26 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 08:20:05 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2121
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 9aYeyQ4JPzGTxQARwl7xv+BdsNQPRnximtrlP0KyBF3tp5HMMvAImnSV74pw8kZEmFav0ZRBdus=
x-amz-request-id: SHPNZ73294ZJKCWR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 08:46:54 GMT
age: 512
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 08:55:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

discountcard.com/

198.58.118.167

200 OK

4.7 kB

URL HTTP/1.1
discountcard.com/
IP
198.58.118.167:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (301)
Size
4.7 kB (4660 bytes)
Hash
052535d7db2b2caa2e83d64e039f5782
bf6e789d401eb6d2a1094ad9676c85ad5a72044a
6cef47be3cc99883d2e40da5cadc9f012e5d661a5f4093798ca681d8ade6ced2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sun, 04 Dec 2022 08:55:26 GMT
content-type: text/html; charset=utf-8
content-length: 4660
vary: Accept-Language
content-language: en
connection: close

discountcard.com/mtm/async/.eJxdi0sOwjAMBe-SZYkalnzEWZBx3dZSfjhuiYS4OymwYjfzRu9pFmFzMs5YAzKVho2ERhKSr8yp6DVCoKYDF0xLVAQZekxheyFS1taUqrpZg7eQs2cE5RRd3ZZd_V-DP98v-_5oOcBEDlYef_igW7ad6z79YF5vAt82Zw:1p1kmU:1mjs9ityd14g23kDgGTVNp9ZM0c/1/

198.58.118.167

200 OK

227 B

URL HTTP/1.1
discountcard.com/mtm/async/.eJxdi0sOwjAMBe-SZYkalnzEWZBx3dZSfjhuiYS4OymwYjfzRu9pFmFzMs5YAzKVho2ERhKSr8yp6DVCoKYDF0xLVAQZekxheyFS1taUqrpZg7eQs2cE5RRd3ZZd_V-DP98v-_5oOcBEDlYef_igW7ad6z79YF5vAt82Zw:1p1kmU:1mjs9ityd14g23kDgGTVNp9ZM0c/1/
IP
198.58.118.167:0
ASN
#63949 Linode, LLC

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
a6bbacbb940e72c0b33e36b0156ea592
4d98b0f13ffe73fe091b0e5c2f5bc4bdadfbe722
4dc7104674fc5312febc87aa84cbbf3db4793503d3b70446644c43abf1540197

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /mtm/async/.eJxdi0sOwjAMBe-SZYkalnzEWZBx3dZSfjhuiYS4OymwYjfzRu9pFmFzMs5YAzKVho2ERhKSr8yp6DVCoKYDF0xLVAQZekxheyFS1taUqrpZg7eQs2cE5RRd3ZZd_V-DP98v-_5oOcBEDlYef_igW7ad6z79YF5vAt82Zw:1p1kmU:1mjs9ityd14g23kDgGTVNp9ZM0c/1/ HTTP/1.1
Host: discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://discountcard.com/
Connection: keep-alive

HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sun, 04 Dec 2022 08:55:27 GMT
content-type: text/html; charset=utf-8
content-length: 227
x-mtm-path: 4
x-mtm-prov: 300:0.00;308:2.03
x-mtm-rd: 0.18
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJkaXNjb3VudGNhcmQuY29tIiwiaHR0cDovL3d3dzEuZGlzY291bnRjYXJkLmNvbS8_dG09MSZzdWJpZDQ9MTY3MDE0NDEyNy4wMTgzNjgwMDAwJmt3PWZ1bmRyYWlzaW5nJktXMT1GdW5kcmFpc2luZyUyME1hbmFnZW1lbnQlMjBTb2Z0d2FyZSZLVzI9T25saW5lJTIwU2Nob29sJTIwRnVuZHJhaXNlcnMmS1czPUNyb3dkZnVuZGluZyUyMFBheW1lbnQlMjBQcm9jZXNzb3Imc2VhcmNoYm94PTAmZG9tYWlubmFtZT0wJmJhY2tmaWxsPTAiLDEsIjIwMjItMTItMDQgMDg6NTU6MjciLDEsIjE2NzAxNDQxMjcuMDE4MzY4MDAwMCIsMzA4LG51bGwsbnVsbF0:1p1kmV:VrnHVPAhslRdGOqSk1CvvlFV97o; expires=Sun, 04-Dec-2022 09:55:27 GMT; Max-Age=3600; Path=/
connection: close

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 08:11:19 GMT
cache-control: public,max-age=3600
age: 2648
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5597
Cache-Control: max-age=92681
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:27 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:40:08 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0

76.223.26.96

200 OK

6.3 kB

URL HTTP/1.1
www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2886)
Size
6.3 kB (6270 bytes)
Hash
91019dd4f019dbd79fd8b4dd35d68611
efe1d65ac72d9d61950b06e0cdabcba12a97463e
bd7d2aa0342cd637ad672c6b4de98efc28a0425aa8f0d45213d2d4beaabba956

HTTP Headers

GET /?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 HTTP/1.1
Host: www1.discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discountcard.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 08:55:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_AY6/IKMj5pzYIXGZcj8gXaMrjQO9YZ6iWE2oZ4EqfdpPbOY5F50qRGXrT/5kjQo66L4eSudYFwLMYF6zyRdaGA==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip

d38psrni17bvxu.cloudfront.net/scripts/maincaf.js

54.230.245.22

200 OK

7.0 kB

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP
54.230.245.22:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (316)
Size
7.0 kB (7006 bytes)
Hash
3c7567521347bf95b105ffa7fdc7da86
08739adacbf1300c74d8ae1cf100d00d9fbd0e5f
0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7006
Connection: keep-alive
Server: nginx
Date: Sun, 04 Dec 2022 02:41:51 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
Accept-Ranges: bytes
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cawScjzHu-d5eylfHersCtBqo6DtadhO3Dw5_0iYzy47VOJ2c60__g==
Age: 22416

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

54 kB

URL HTTP/1.1
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1885)
Size
54 kB (53486 bytes)
Hash
47e20d0c5337f2d283c816002e868fbf
537eacfb8513cc60fd954c2d35b0704b12f8251c
110fbbf01b88ae152215b6efd95a3c234380014f47481d3c717fb743fa805fd3

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 04 Dec 2022 08:55:27 GMT
Expires: Sun, 04 Dec 2022 08:55:27 GMT
Cache-Control: private, max-age=3600
ETag: "18246006565324410195"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

push.services.mozilla.com/

52.41.201.177

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.201.177:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uAKY/cFHo9sJIhXeoWuHPQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xHEACsabxYA3ms0Z4e1AbCo1ENc=

c.parkingcrew.net/scripts/sale_form.js

185.53.178.30

200 OK

761 B

URL HTTP/1.1
c.parkingcrew.net/scripts/sale_form.js
IP
185.53.178.30:0
ASN
#19905 NEUSTAR-AS6

File type
ASCII text
Size
761 B (761 bytes)
Hash
64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3

HTTP Headers

GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 08:55:27 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

54.230.245.22

200 OK

11 kB

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
54.230.245.22:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11375 bytes)
Hash
0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 04 Dec 2022 02:14:25 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: A556KeXaGF1VflXFRfFPSmtiyL96vCVVvMOHKH4E0twcg3fca8VZrw==
Age: 24063

www1.discountcard.com/favicon.ico

76.223.26.96

200 OK

0 B

URL HTTP/1.1
www1.discountcard.com/favicon.ico
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www1.discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 08:55:28 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

www1.discountcard.com/track.php?domain=discountcard.com&toggle=browserjs&uid=MTY3MDE0NDEyNy43Mzc6N2QyMTE1MjljMjZjZDk1NjVmODJlMjg3MTAyNDMyMmU4MTI4N2M4ZmQzYTkwMjNhNjgwMTI0NjQ4NjBiY2M3Mzo2MzhjNjA3ZmIzZWVh

76.223.26.96

200 OK

20 B

URL HTTP/1.1
www1.discountcard.com/track.php?domain=discountcard.com&toggle=browserjs&uid=MTY3MDE0NDEyNy43Mzc6N2QyMTE1MjljMjZjZDk1NjVmODJlMjg3MTAyNDMyMmU4MTI4N2M4ZmQzYTkwMjNhNjgwMTI0NjQ4NjBiY2M3Mzo2MzhjNjA3ZmIzZWVh
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=discountcard.com&toggle=browserjs&uid=MTY3MDE0NDEyNy43Mzc6N2QyMTE1MjljMjZjZDk1NjVmODJlMjg3MTAyNDMyMmU4MTI4N2M4ZmQzYTkwMjNhNjgwMTI0NjQ4NjBiY2M3Mzo2MzhjNjA3ZmIzZWVh HTTP/1.1
Host: www1.discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 08:55:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7c9e0bb25e8c28e8b10038806b0a7190
9fa6097aeb8eacde8ba7c9ab80a7a7d2405ae2bc
f4864000960be2f888ed7d2467f74130231fed6f56ad48ff15861f5769e95a58

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000299%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Fundraising%20Management%20Software%2COnline%20School%20Fundraisers%2CCrowdfunding%20Payment%20Processor&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300001&format=r3%7Cs&nocache=3841670144126457&num=0&output=afd_ads&domain_name=www1.discountcard.com&v=3&bsl=8&pac=1&u_his=2&u_tz=0&dt=1670144126459&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=491710121&uio=--&cont=tc&jsid=caf&jsv=491710121&rurl=http%3A%2F%2Fwww1.discountcard.com%2F%3Ftm%3D1%26subid4%3D1670144127.0183680000%26kw%3Dfundraising%26KW1%3DFundraising%2520Management%2520Software%26KW2%3DOnline%2520School%2520Fundraisers%26KW3%3DCrowdfunding%2520Payment%2520Processor%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fdiscountcard.com%2F&adbw=master-1%3A530

142.250.74.132

200 OK

2.2 kB

URL HTTP/2
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000299%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Fundraising%20Management%20Software%2COnline%20School%20Fundraisers%2CCrowdfunding%20Payment%20Processor&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300001&format=r3%7Cs&nocache=3841670144126457&num=0&output=afd_ads&domain_name=www1.discountcard.com&v=3&bsl=8&pac=1&u_his=2&u_tz=0&dt=1670144126459&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=491710121&uio=--&cont=tc&jsid=caf&jsv=491710121&rurl=http%3A%2F%2Fwww1.discountcard.com%2F%3Ftm%3D1%26subid4%3D1670144127.0183680000%26kw%3Dfundraising%26KW1%3DFundraising%2520Management%2520Software%26KW2%3DOnline%2520School%2520Fundraisers%26KW3%3DCrowdfunding%2520Payment%2520Processor%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fdiscountcard.com%2F&adbw=master-1%3A530
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6253)
Size
2.2 kB (2165 bytes)
Hash
017fc0d75f1fcaa2568b1ec73b748271
094fff000548279b3bcaac06b5f09b09f74c7112
cae43dfef36fdcb9d5117f189cb2ba3998c04785ca503160ffbf16d9939f86ad

HTTP Headers

GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000299%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Fundraising%20Management%20Software%2COnline%20School%20Fundraisers%2CCrowdfunding%20Payment%20Processor&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300001&format=r3%7Cs&nocache=3841670144126457&num=0&output=afd_ads&domain_name=www1.discountcard.com&v=3&bsl=8&pac=1&u_his=2&u_tz=0&dt=1670144126459&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=491710121&uio=--&cont=tc&jsid=caf&jsv=491710121&rurl=http%3A%2F%2Fwww1.discountcard.com%2F%3Ftm%3D1%26subid4%3D1670144127.0183680000%26kw%3Dfundraising%26KW1%3DFundraising%2520Management%2520Software%26KW2%3DOnline%2520School%2520Fundraisers%26KW3%3DCrowdfunding%2520Payment%2520Processor%26searchbox%3D0%26domainname%3D0%26backfill%3D0&referer=http%3A%2F%2Fdiscountcard.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.discountcard.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 04 Dec 2022 08:55:28 GMT
expires: Sun, 04 Dec 2022 08:55:28 GMT
cache-control: private, max-age=3600
x-content-security-policy-report-only: default-src https: data:; options eval-script inline-script; report-uri /csp_report; referrer origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2165
x-xss-protection: 0
set-cookie: CONSENT=PENDING+674; expires=Tue, 03-Dec-2024 08:55:28 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a2365b2356f35547e7a8a0eeac1a5e71
f070192cf1ad964c90dd00bdf6b04fa598618d61
50415514239bdc4345cb6f75e5aba42fe0f093aaf21de22276aaeceab84c0450

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

partner.googleadservices.com/gampad/cookie.js?domain=www1.discountcard.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie

216.58.207.226

200 OK

182 B

URL HTTP/2
partner.googleadservices.com/gampad/cookie.js?domain=www1.discountcard.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
cc62f426c27aa9092f6d7479adb30e78
666c0cee58ad669d4ae97fa3d4919e37187fa548
558ffb34737041e29e1c048eed272e2bc8c83b02aaa52409bbb4b5fbe573f774

HTTP Headers

GET /gampad/cookie.js?domain=www1.discountcard.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.discountcard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 04 Dec 2022 08:55:28 GMT
server: cafe
cache-control: private
content-length: 182
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a2365b2356f35547e7a8a0eeac1a5e71
f070192cf1ad964c90dd00bdf6b04fa598618d61
50415514239bdc4345cb6f75e5aba42fe0f093aaf21de22276aaeceab84c0450

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14491
Expires: Sun, 04 Dec 2022 12:57:00 GMT
Date: Sun, 04 Dec 2022 08:55:29 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14491
Expires: Sun, 04 Dec 2022 12:57:00 GMT
Date: Sun, 04 Dec 2022 08:55:29 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14491
Expires: Sun, 04 Dec 2022 12:57:00 GMT
Date: Sun, 04 Dec 2022 08:55:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7849
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 08:55:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 39771
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9356 bytes)
Hash
591104ff3c76193fe3c24fbbbb332f7d
aa134912d4f5ddfb371c45d9975506246af68400
af0cbb5c37c901019c1e684fe9a019bb7a2fb8359909ab831b7ff86cbc3d0fec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9356
x-amzn-requestid: 11f22578-a356-4f74-99bf-6d8462e25fdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ckdKGG8RIAMFc9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b4240-5c5fa5332d60db084c8d3bb6;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 12:34:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LHI_AR5lwe0vmuK0mOQapt3YQW0WE7BLN-PSn4pVMBTWoYbv4IV9ow==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 04:19:12 GMT
age: 16577
etag: "aa134912d4f5ddfb371c45d9975506246af68400"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7503 bytes)
Hash
c1a6f4805f59db44f9d3520d88701a58
6a0258e8c97ce09f1723382c8a16d9682b7dc50c
ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:16:07 GMT
age: 5962
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

70 kB

URL HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
data
Size
70 kB (69613 bytes)
Hash
b91cc4702ac4a64d9f195aebe93fced8
08055ebe3fec999b1902dc0774b1bf458044d0ac
b66b0ebdfdd51b17aa461c34de70a8e4c07b5c8d4629ce9978108d93b84c02d2

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 04 Dec 2022 08:55:28 GMT
expires: Sun, 04 Dec 2022 08:55:28 GMT
cache-control: private, max-age=3600
etag: "38673936637626654"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8285 bytes)
Hash
2c37ed587ee5e3fbdc8cab86ef1345f9
364a32a224b2cacc26b138d57a8945c191e537b1
3c66654da4670e0d5ec87afb6c62f0a420d90875c57b280710f2592269a9303e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8285
x-amzn-requestid: 882c673f-4e3f-4f84-a51d-bbac56f716eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAAEWUoAMFWuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-3a2c571d6272b3493ec2a1c5;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wAFD-w3-gBFoOjjOYdnZRDPDkkeCf89uS38upjXPknfUZxtSxRpxvg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:50 GMT
age: 39759
etag: "364a32a224b2cacc26b138d57a8945c191e537b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11482 bytes)
Hash
1521243a6fc065bb631bfbde22886fa2
527220e4e8cd1065ce05fcd0694d0d703d817e2e
b83ebf768bbfb34f49d5467f3dfb43ceb3ca3d30d3454e6f37db9aef72d7689a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11482
x-amzn-requestid: d1db05ab-bd5d-4ad4-96b4-8f439152e435
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clssNEeAoAMFh_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc181-0221c53842a2f5ef071e8071;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t1vmY4fBoLpFjqHbLyMewgUrpvRjqG4QTAuA4BeB4Gl2jqbxI0gYQA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:08 GMT
age: 39921
etag: "527220e4e8cd1065ce05fcd0694d0d703d817e2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
64eb3a8f7cc11324c6f4c77e1c11f7ee
8ad889db020018b726362929a9477872a6808f0a
481082e2478f937b15faec7128ab1a60bf1157b417bfa63022472f434ae240fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
64eb3a8f7cc11324c6f4c77e1c11f7ee
8ad889db020018b726362929a9477872a6808f0a
481082e2478f937b15faec7128ab1a60bf1157b417bfa63022472f434ae240fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

142.250.74.97

200 OK

270 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size
270 B (270 bytes)
Hash
5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 03 Dec 2022 18:14:30 GMT
expires: Sun, 04 Dec 2022 17:14:30 GMT
cache-control: public, max-age=82800
age: 52859
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.74.97

200 OK

174 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 03 Dec 2022 17:59:49 GMT
expires: Sun, 04 Dec 2022 16:59:49 GMT
cache-control: public, max-age=82800
age: 53740
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
64eb3a8f7cc11324c6f4c77e1c11f7ee
8ad889db020018b726362929a9477872a6808f0a
481082e2478f937b15faec7128ab1a60bf1157b417bfa63022472f434ae240fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:55:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

76.223.26.96

200 OK

6.3 kB

URL HTTP/1.1
www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2862)
Size
6.3 kB (6278 bytes)
Hash
560211689c51442720fc6fe9c605e5c9
cf4559343eb85700e3dfb5057366ef2298351e05
7496dc1ad2615c6e0de0d196594b1f727ff09634090759ae9e3cb6d290804695

HTTP Headers

GET /?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0 HTTP/1.1
Host: www1.discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __gsas=ID=181bba91a7bdaa42:T=1670144128:S=ALNI_MaZjex_UxJc1TAy6NgvQpnzD1oymw
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 08:55:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_AY6/IKMj5pzYIXGZcj8gXaMrjQO9YZ6iWE2oZ4EqfdpPbOY5F50qRGXrT/5kjQo66L4eSudYFwLMYF6zyRdaGA==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip

d38psrni17bvxu.cloudfront.net/scripts/maincaf.js

54.230.245.22

304 Not Modified

0 B

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP
54.230.245.22:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/
If-Modified-Since: Tue, 15 Nov 2022 15:10:24 GMT
If-None-Match: "6373abe0-1b5e"
Cache-Control: max-age=0

HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Sun, 04 Dec 2022 02:41:51 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4BzWOq3LTro5aoK4IYWmBNwbEkjAme3VwaQXD0IDmVJVYv4c1Px2sA==
Age: 22418

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

54 kB

URL HTTP/1.1
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1885)
Size
54 kB (53487 bytes)
Hash
38bab3c6ccb019bd62d64142d7e19d90
4d8aaf07a19e2a86a9566ba9b3fe6ddd32b8f386
05c93a63c1af05afd643d5fdb4cc4c899a162d21c87d407130f7aa81b9bd546f

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/
If-None-Match: "18246006565324410195"
Cache-Control: max-age=0

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 04 Dec 2022 08:55:29 GMT
Expires: Sun, 04 Dec 2022 08:55:29 GMT
Cache-Control: private, max-age=3600
ETag: "3609449013642164181"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

54.230.245.22

304 Not Modified

0 B

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
54.230.245.22:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/
If-Modified-Since: Thu, 23 Jun 2022 10:44:43 GMT
If-None-Match: "62b4441b-2c6f"
Cache-Control: max-age=0

HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Sun, 04 Dec 2022 02:14:25 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -jYLDfjfefxy2_cabHXOa1oiWH0e-NcDXn0euhmFaTXAsyjdvmSVBQ==
Age: 24065

www1.discountcard.com/track.php?domain=discountcard.com&toggle=browserjs&uid=MTY3MDE0NDEyOS4yNzE5OjdhMDBjMmNlYTRjM2Y3MzZjZjdkMjAwNDRiNGMwMjEzMjRlOGVlMDA2MmRkYTZjZjY4ZjQ1MjdjMzc4ZDYyNjA6NjM4YzYwODE0MjYyMA%3D%3D

76.223.26.96

200 OK

20 B

URL HTTP/1.1
www1.discountcard.com/track.php?domain=discountcard.com&toggle=browserjs&uid=MTY3MDE0NDEyOS4yNzE5OjdhMDBjMmNlYTRjM2Y3MzZjZjdkMjAwNDRiNGMwMjEzMjRlOGVlMDA2MmRkYTZjZjY4ZjQ1MjdjMzc4ZDYyNjA6NjM4YzYwODE0MjYyMA%3D%3D
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=discountcard.com&toggle=browserjs&uid=MTY3MDE0NDEyOS4yNzE5OjdhMDBjMmNlYTRjM2Y3MzZjZjdkMjAwNDRiNGMwMjEzMjRlOGVlMDA2MmRkYTZjZjY4ZjQ1MjdjMzc4ZDYyNjA6NjM4YzYwODE0MjYyMA%3D%3D HTTP/1.1
Host: www1.discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0
Cookie: __gsas=ID=181bba91a7bdaa42:T=1670144128:S=ALNI_MaZjex_UxJc1TAy6NgvQpnzD1oymw

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 08:55:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www1.discountcard.com/ls.php

76.223.26.96

201 Created

0 B

URL HTTP/1.1
www1.discountcard.com/ls.php
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /ls.php HTTP/1.1
Host: www1.discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2814
Origin: http://www1.discountcard.com
Connection: keep-alive
Referer: http://www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0
Cookie: __gsas=ID=181bba91a7bdaa42:T=1670144128:S=ALNI_MaZjex_UxJc1TAy6NgvQpnzD1oymw; GoogleAdServingTest=Good
Cache-Control: max-age=0

HTTP/1.1 201 Created
Date: Sun, 04 Dec 2022 08:55:30 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 638c6082d7a8da4e521d980d
Charset: utf-8
Access-Control-Allow-Origin: http://www1.discountcard.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_JoSaiQ7fjaK+T0gAYcTB6j1V8Kz3OEAXE5Mm+7m7iP4Gcfr1sdK8NDbHu4E2c96/fC1RZVRx5UN38DSkUzu2AA==

www1.discountcard.com/track.php?domain=discountcard.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MDE0NDEyOS4yNzE5OjdhMDBjMmNlYTRjM2Y3MzZjZjdkMjAwNDRiNGMwMjEzMjRlOGVlMDA2MmRkYTZjZjY4ZjQ1MjdjMzc4ZDYyNjA6NjM4YzYwODE0MjYyMA%3D%3D

76.223.26.96

200 OK

20 B

URL HTTP/1.1
www1.discountcard.com/track.php?domain=discountcard.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MDE0NDEyOS4yNzE5OjdhMDBjMmNlYTRjM2Y3MzZjZjdkMjAwNDRiNGMwMjEzMjRlOGVlMDA2MmRkYTZjZjY4ZjQ1MjdjMzc4ZDYyNjA6NjM4YzYwODE0MjYyMA%3D%3D
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=discountcard.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3MDE0NDEyOS4yNzE5OjdhMDBjMmNlYTRjM2Y3MzZjZjdkMjAwNDRiNGMwMjEzMjRlOGVlMDA2MmRkYTZjZjY4ZjQ1MjdjMzc4ZDYyNjA6NjM4YzYwODE0MjYyMA%3D%3D HTTP/1.1
Host: www1.discountcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.discountcard.com/?tm=1&subid4=1670144127.0183680000&kw=fundraising&KW1=Fundraising%20Management%20Software&KW2=Online%20School%20Fundraisers&KW3=Crowdfunding%20Payment%20Processor&searchbox=0&domainname=0&backfill=0
Cookie: __gsas=ID=181bba91a7bdaa42:T=1670144128:S=ALNI_MaZjex_UxJc1TAy6NgvQpnzD1oymw

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 08:55:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations