r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3076
Expires: Sun, 05 Feb 2023 12:45:28 GMT
Date: Sun, 05 Feb 2023 11:54:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4067
Expires: Sun, 05 Feb 2023 13:01:59 GMT
Date: Sun, 05 Feb 2023 11:54:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18691
Expires: Sun, 05 Feb 2023 17:05:43 GMT
Date: Sun, 05 Feb 2023 11:54:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 11:33:54 GMT
content-type: application/json
age: 1218
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +j0Q0AAexMinmTwBtRzmFxdYV8erJ2GV9z/pqKF6K+X/2SaKu/zj+yrBtcGEuAksfMOItDuuDJc=
x-amz-request-id: YK6T4B8V6ENMRGST
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 11:24:27 GMT
age: 1785
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 11:54:12 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
aoi.fit/
150.95.255.38200 OK 2.5 kB IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 8e246d7d4e0a1878662a46232a1f9183
fb49f0e507b553a8578150ba900e9a488b371182
6665eb03a13fe39bcaa739e22b6557d171eb29fe7c6d0d5e88f86fab958e3112
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET / HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:12 GMT
Server: Apache
Content-Length: 2491
Connection: close
Content-Type: text/html; charset=UTF-8
aoi.fit/css/style.css?1675598052
150.95.255.38200 OK 3.8 kB URL HTTP/1.1 aoi.fit/css/style.css?1675598052
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type ASCII text, with very long lines (3777), with CRLF line terminators
Hash 2137ea5d6d4330fa76a099d8c6cf73cd
646c8b3f9145d9ff62b2dbc44fb6a613a749eded
6ca4c704054a43b2ebccb4fa780930c22b058cc9b86436fcd78bd067fd5bd096
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /css/style.css?1675598052 HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:12 GMT
Server: Apache
Last-Modified: Fri, 16 Oct 2020 03:09:12 GMT
ETag: "ec3-5b1c116bf6600"
Accept-Ranges: bytes
Content-Length: 3779
Connection: close
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 11:07:20 GMT
age: 2812
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PXWVMT
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-PXWVMT
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1bc44c175d7df761a27217e6a392a5e6
d0a3282bc3353895a7fec7b38fd7dd74e8c8d5f5
cf37e87d37039f0b30c48a3d867985afaf51c18a2c2eff4b15ec2d48bcedb07c
GET /gtm.js?id=GTM-PXWVMT HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-PXWVMT
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 05 Feb 2023 11:54:12 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8607
Expires: Sun, 05 Feb 2023 14:17:40 GMT
Date: Sun, 05 Feb 2023 11:54:13 GMT
Connection: keep-alive
www.googletagmanager.com/gtm.js?id=GTM-PXWVMT
142.250.74.168200 OK 104 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PXWVMT
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (37648)
Size 104 kB (104190 bytes)
Hash 1d72563b57c58426ab2afe7971061861
b484205ea2f8d1ce4d5aa88f48d6a1ab8e45f597
627c1d395062df73d579a7f60abb4bb62080a2d19f31f2ff5f292b1868ac0755
GET /gtm.js?id=GTM-PXWVMT HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://aoi.fit/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 11:54:13 GMT
expires: Sun, 05 Feb 2023 11:54:13 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Feb 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-SKHZPJHJCP&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-SKHZPJHJCP&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 37974ce0212af165086b1f0b8be79527
55b38db5ae6cd7fb9a031cd3b84995e0f6db47d0
a3cd2c4a9369d283919acd0495d8d2bb46b2d45fed71b67f1146dafe4ab2bad2
GET /gtag/js?id=G-SKHZPJHJCP&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-SKHZPJHJCP&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 05 Feb 2023 11:54:13 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtm.js?id=GTM-WFB538P&l=dataLayer
142.250.74.168302 Found 267 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-WFB538P&l=dataLayer
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c6ae9ab8744fb2d85487d2c2c0a24bab
354cbb900e7d15af2bd125b5b045d9304ac2d8b1
a2ee68cc2397711c88b591bba6e8d69458ea0fffcca10af51972ac00af1c35fd
GET /gtm.js?id=GTM-WFB538P&l=dataLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-WFB538P&l=dataLayer
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 05 Feb 2023 11:54:13 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 267
X-XSS-Protection: 0
cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@2.0.2/dist/index.js
151.101.65.229200 OK 1.3 kB URL HTTP/2 cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@2.0.2/dist/index.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (2850), with no line terminators
Hash 7ca5c1ffa7b465551c971018fd5e3769
33836bc950b7f20705d064d956cebc6362923524
23781a4d7ab649a5ecefd43e6738eff99e507db7a347ed9b345ef3103ed28ae0
GET /npm/@amplitude/amplitude-js-gtm@2.0.2/dist/index.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.0.2
x-jsd-version-type: version
etag: W/"b22-n2o9T9k7cye7ujWQ0K/tCJdFJAM"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 05 Feb 2023 11:54:13 GMT
age: 8332803
x-served-by: cache-fra-eddf8230040-FRA, cache-bma1676-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1301
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash f631b12dd224526c5d0fdde85e220479
e8295d79eaeec9992dcc782a419a99ee10fca9e7
ef301b65b1be608ef139bbf2073bde3816373a996ad29097a756209c295e9dcd
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "5B748F4733A18D4EFF96F4C2C82FF8E650AE6D20"
Expires: Sun, 05 Feb 2023 22:00:00 GMT
Last-Modified: Sun, 05 Feb 2023 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2854
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794b7339c809b4f1-OSL
aoi.fit/include/parking.html
150.95.255.38200 OK 15 kB URL HTTP/1.1 aoi.fit/include/parking.html
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 776b097eb39e0b0cc1938a5e73c6234c
a4293a0c2a57f49cd773253ddebc359313fd8939
a93d1b7107299b68cb383b9946a0d3956c73ee302b02511ce2eebfccb3918f02
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/parking.html HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
52.42.182.211101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.182.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3c6hb7E2jg+Pb1cyqHNnPw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: e9ehZEsOanuUUzNkEovJ42FhMb4=
aoi.fit/js/jquery-1.12.4.min.js
150.95.255.38200 OK 97 kB URL HTTP/1.1 aoi.fit/js/jquery-1.12.4.min.js
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type ASCII text, with very long lines (32077)
Hash 4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /js/jquery-1.12.4.min.js HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Server: Apache
Last-Modified: Tue, 15 Dec 2020 10:20:31 GMT
ETag: "17b8b-5b67e1bbc19c0"
Accept-Ranges: bytes
Content-Length: 97163
Connection: close
Content-Type: application/javascript
aoi.fit/include/swiper.min.css
150.95.255.38200 OK 14 kB URL HTTP/1.1 aoi.fit/include/swiper.min.css
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type ASCII text, with very long lines (13411)
Hash 6f831a2cd3a66125860b090b99b5497e
deef2feb26d0aec53dd92f3afc8d7328cbe2fab8
67e54a2ad4686f2024e769df1f2f2d4ad53011cf2d83db0eec93729f995cc516
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/swiper.min.css HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "3563-5f3c13e15df1b"
Accept-Ranges: bytes
Content-Length: 13667
Connection: close
Content-Type: text/css
hm.mieru-ca.com/service/js/mieruca-hm.js?v=1675598093918
143.204.55.88200 OK 6.8 kB URL HTTP/1.1 hm.mieru-ca.com/service/js/mieruca-hm.js?v=1675598093918
IP 143.204.55.88:0
File type ASCII text, with very long lines (6805)
Hash 1ebbe7a116939b5100d1767a6b2c5a4e
93d9b1c1ca7c7cd02322ac22848c02f5ad113c95
1445028636cfa1f52098b06c678585dac784dff5e10c1e278c0ca4941f54396d
GET /service/js/mieruca-hm.js?v=1675598093918 HTTP/1.1
Host: hm.mieru-ca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 6806
Connection: keep-alive
Last-Modified: Wed, 28 Dec 2022 03:55:36 GMT
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Server: AmazonS3
Date: Sun, 05 Feb 2023 02:27:37 GMT
ETag: "1ebbe7a116939b5100d1767a6b2c5a4e"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: m_P-SjfjK4H6VrZs-G62QeDMvUpoh1ygv5kAU_Vjv0SSV95Nk7360g==
Age: 33997
jscdn.appier.net/aa.js?id=onamae.com
23.36.76.178200 OK 20 kB URL HTTP/1.1 jscdn.appier.net/aa.js?id=onamae.com
IP 23.36.76.178:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (31981)
Hash 7d4729cb037d7715cb7ac46ff6aefbf4
a53ad6a08cf4f37c628208410807952a72306f08
cd254b4bf93c3e5c4665d35b0fbfd1b806887285595aedec35ef5cb5769bb028
GET /aa.js?id=onamae.com HTTP/1.1
Host: jscdn.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/javascript; charset=utf-8
ETag: W/"1f3acb4991ca202b7d7a0497424b152b"
Content-Encoding: gzip
Content-Length: 20158
Cache-Control: max-age=300
Date: Sun, 05 Feb 2023 11:54:13 GMT
Connection: keep-alive
Vary: Accept-Encoding
region1.analytics.google.com/g/collect?v=2&tid=G-SKHZPJHJCP>m=45je3210&_p=123823121&_gaz=1&cid=280698019.1675598094&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675598093&sct=1&seg=0&dl=http%3A%2F%2Faoi.fit%2F&dt=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-SKHZPJHJCP>m=45je3210&_p=123823121&_gaz=1&cid=280698019.1675598094&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675598093&sct=1&seg=0&dl=http%3A%2F%2Faoi.fit%2F&dt=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-SKHZPJHJCP>m=45je3210&_p=123823121&_gaz=1&cid=280698019.1675598094&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675598093&sct=1&seg=0&dl=http%3A%2F%2Faoi.fit%2F&dt=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://aoi.fit
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://aoi.fit
date: Sun, 05 Feb 2023 11:54:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20085
Date: Sun, 05 Feb 2023 11:43:22 GMT
Expires: Sun, 05 Feb 2023 13:43:22 GMT
Cache-Control: public, max-age=7200
Age: 652
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript
stats.g.doubleclick.net/g/collect?v=2&tid=G-SKHZPJHJCP&cid=280698019.1675598094>m=45je3210&aip=1
64.233.165.157204 No Content 0 B URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-SKHZPJHJCP&cid=280698019.1675598094>m=45je3210&aip=1
IP 64.233.165.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-SKHZPJHJCP&cid=280698019.1675598094>m=45je3210&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://aoi.fit
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://aoi.fit
date: Sun, 05 Feb 2023 11:54:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/1033267383/?random=1675598093390&cv=11&fst=1675598093390&bg=ffffff&guid=ON&async=1>m=45He3210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Faoi.fit%2F&tiba=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&auid=1770881811.1675598093&rfmt=3&fmt=4
142.250.74.130200 OK 926 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1033267383/?random=1675598093390&cv=11&fst=1675598093390&bg=ffffff&guid=ON&async=1>m=45He3210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Faoi.fit%2F&tiba=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&auid=1770881811.1675598093&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (2137), with no line terminators
Hash ccf35c77825b7f8fce26e87050109dc3
fd1c589a987a0ac92b8d43ebfabd4bc27cb6c0e9
2eccf44b6ee06ea3a368542305f6c83c9f8d5e122f7778bb002c701d1b959ee7
GET /pagead/viewthroughconversion/1033267383/?random=1675598093390&cv=11&fst=1675598093390&bg=ffffff&guid=ON&async=1>m=45He3210&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Faoi.fit%2F&tiba=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&auid=1770881811.1675598093&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 11:54:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 926
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2023 12:09:14 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SKHZPJHJCP&cid=280698019.1675598094>m=45je3210&aip=1&z=430031281
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SKHZPJHJCP&cid=280698019.1675598094>m=45je3210&aip=1&z=430031281
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SKHZPJHJCP&cid=280698019.1675598094>m=45je3210&aip=1&z=430031281 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 11:54:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=123823121&t=pageview&_s=1&dl=http%3A%2F%2Faoi.fit%2F&ul=en-us&de=UTF-8&dt=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAEABAAAAACAAI~&jid=777887803&gjid=1782941007&cid=280698019.1675598094&tid=UA-47544241-5&_gid=1835370947.1675598094&_r=1&_slc=1>m=45He3210n71PXWVMT&z=911715810
142.250.74.110200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=123823121&t=pageview&_s=1&dl=http%3A%2F%2Faoi.fit%2F&ul=en-us&de=UTF-8&dt=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAEABAAAAACAAI~&jid=777887803&gjid=1782941007&cid=280698019.1675598094&tid=UA-47544241-5&_gid=1835370947.1675598094&_r=1&_slc=1>m=45He3210n71PXWVMT&z=911715810
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j99&a=123823121&t=pageview&_s=1&dl=http%3A%2F%2Faoi.fit%2F&ul=en-us&de=UTF-8&dt=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAEABAAAAACAAI~&jid=777887803&gjid=1782941007&cid=280698019.1675598094&tid=UA-47544241-5&_gid=1835370947.1675598094&_r=1&_slc=1>m=45He3210n71PXWVMT&z=911715810 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://aoi.fit
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://aoi.fit
date: Sun, 05 Feb 2023 11:54:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aoi.fit/include/parking.css
150.95.255.38200 OK 76 kB URL HTTP/1.1 aoi.fit/include/parking.css
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type Unicode text, UTF-8 text, with very long lines (65484), with no line terminators
Hash ed4fe89a2d15a11baef1fed551cf79ec
a7fa9425c5c3ff8d2c4d2de9c110b222ffd7fb71
9935a92cba9bc9e92be2dfebcbfa82a3971f1c4acefa2459bcaec51f141d6ac1
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/parking.css HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "12a44-5f3c13e16e665"
Accept-Ranges: bytes
Content-Length: 76356
Connection: close
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a78b06ca527ce7542b24b349e0485d8b
6f5e5126c1c9d40c9ba09d58e1755d2ca39d02ab
bc7dc156ab8b2b33422fff0922e219246eb1d12469d10ac8007416fed41ac473
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/1033267383/?random=1675598093390&cv=11&fst=1675594800000&bg=ffffff&guid=ON&async=1>m=45He3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Faoi.fit%2F&tiba=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&fmt=3&is_vtc=1&random=1579952931&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1033267383/?random=1675598093390&cv=11&fst=1675594800000&bg=ffffff&guid=ON&async=1>m=45He3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Faoi.fit%2F&tiba=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&fmt=3&is_vtc=1&random=1579952931&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1033267383/?random=1675598093390&cv=11&fst=1675594800000&bg=ffffff&guid=ON&async=1>m=45He3210&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Faoi.fit%2F&tiba=aoi.fit%20%E2%80%93%20%E3%81%93%E3%81%AE%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E3%81%AF%E3%81%8A%E5%90%8D%E5%89%8D.com%E3%81%A7%E5%8F%96%E5%BE%97%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%E3%80%82&fmt=3&is_vtc=1&random=1579952931&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 11:54:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
aoi.fit/favicon.ico
150.95.255.38302 Found 210 B IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 49f438e0a5ed23fa962fb757827efab0
124ef6dc5ece6a3a27b2c81c29893ce050a58edc
a42f7ab147e2a37e8d538b340c8f7c9b53dca8478b0104606a1f6d7017cffc86
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /favicon.ico HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 302 Found
Date: Sun, 05 Feb 2023 11:54:14 GMT
Server: Apache
Location: http://dfltweb1.onamae.com
Content-Length: 210
Connection: close
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:54:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ntjp.mieru-ca.com/hm
54.150.80.33101 Switching Protocols 0 B IP 54.150.80.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hm HTTP/1.1
Host: ntjp.mieru-ca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://aoi.fit
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wJ5jOrB+oFlYyl+4lNWQ2w==
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 05 Feb 2023 11:54:14 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: sV/kySEvXV3cGiL0HVh5uWVKGK8=
aoi.fit/include/s_code.js
150.95.255.38200 OK 52 kB URL HTTP/1.1 aoi.fit/include/s_code.js
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type Unicode text, UTF-8 text, with very long lines (1005)
Hash 8ecd1984cf33042f3657549a8e0516e1
02eef2ad1cac90619d86454be40f8a1f424c2069
234a4f2bbf411e95e6cb09c7989b069b21d9bc53cd1022a6fdfc869637022d7b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/s_code.js HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "ccdb-5f3c13e15db33"
Accept-Ranges: bytes
Content-Length: 52443
Connection: close
Content-Type: application/javascript
aoi.fit/include/jquery-1.12.4.min.js
150.95.255.38200 OK 97 kB URL HTTP/1.1 aoi.fit/include/jquery-1.12.4.min.js
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type ASCII text, with very long lines (32077)
Hash 4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/jquery-1.12.4.min.js HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "17b8b-5f3c13e16e27d"
Accept-Ranges: bytes
Content-Length: 97163
Connection: close
Content-Type: application/javascript
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2464
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:54:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2464
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:54:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2464
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:54:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2464
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:54:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2464
Expires: Sun, 05 Feb 2023 12:35:18 GMT
Date: Sun, 05 Feb 2023 11:54:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 49456
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:30:31 GMT
age: 1423
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75caf9549ac23c827c10d6baabb84884
e8391e4046acb91cd4a6113974fda1c44dcd3865
a01e3a9aaa0b0fa156303bcbf38c1c45ea6abe8d0a052734b05ea4da82f176c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7060
x-amzn-requestid: 9379b64e-3a3f-4b8d-aba2-bc3cd7dab98f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3cgFCkIAMFrhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c4f-6ac6da215407497043249929;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:51 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75uKxGlJDSXzIUgR5Rm4f13SClTT1UIDLgbkTrFDEDvKmGmViQ3Djg==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:25:50 GMT
age: 48504
etag: "e8391e4046acb91cd4a6113974fda1c44dcd3865"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 29475
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 1813
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5beaead015b2b4fb6d36009926ba0378
67e7c49ea7648fc6d1dffc22588862c993b785b7
6ae0cec9ade23fd53e9c1407b0324a8060892a65a6b675ccffa4a4c82b66f1ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 280f7003-2696-4a82-bd50-82b0a2b66faf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsSpoEA0oAMFSBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3170-35dcb9513c891af201b973d1;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 03:43:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IxfTibTq6T_wq9a5YCIBZLBb70BI7AOLEAYMYYuMZPhvVKjDbFfrvA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:52:08 GMT
etag: "67e7c49ea7648fc6d1dffc22588862c993b785b7"
content-type: image/jpeg
age: 50526
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
aoi.fit/include/swiper.min.js
150.95.255.38200 OK 138 kB URL HTTP/1.1 aoi.fit/include/swiper.min.js
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type ASCII text, with very long lines (65280)
Size 138 kB (138499 bytes)
Hash cd5e9023967a0cd17a7633c9aaca748a
e99576a0513d1c1dfc4e8730ff6ad74609eba8f4
3cad5361705995f61ac053ca047f4e9b02eb99832561de41809e9ffb4d671063
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/swiper.min.js HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:13 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "21d03-5f3c13e16ea4d"
Accept-Ranges: bytes
Content-Length: 138499
Connection: close
Content-Type: application/javascript
cdn.amplitude.com/libs/amplitude-8.18.1-min.gz.js
54.230.245.209200 OK 25 kB URL HTTP/2 cdn.amplitude.com/libs/amplitude-8.18.1-min.gz.js
IP 54.230.245.209:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c3ec696faef16420de280b85d83e117f
a68b3f52ffef1e195a0b4b8ab3cc529ebd39c90c
1bc43df38598427bed5b681a8731618ffd8270fab6a935c96cd94f33919f2d7f
GET /libs/amplitude-8.18.1-min.gz.js HTTP/1.1
Host: cdn.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://aoi.fit
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 25443
date: Sun, 05 Feb 2023 11:54:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Wed, 06 Apr 2022 01:05:30 GMT
etag: "c3ec696faef16420de280b85d83e117f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
content-encoding: gzip
x-amz-version-id: II_SYzym81QVleeRt9SdBWN0SkU4nVoj
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: o3CmneF2NKoi_hum7eKDYM8s9HznGJhUmJd9HQ8skPj3dMJWkDf72g==
X-Firefox-Spdy: h2
aoi.fit/include/inc_85off.png
150.95.255.38200 OK 6.2 kB URL HTTP/1.1 aoi.fit/include/inc_85off.png
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type PNG image data, 680 x 272, 8-bit colormap, non-interlaced\012- data
Hash 85438fc2114ef3c32dc50641df0b1bf3
1effff61f7bfe320f50191d8641cdccf26ced2a6
50574ece6efecd5af55f5765b0665e22bbfec1ecd68513a0c1f6d1c55e7059d1
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/inc_85off.png HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:14 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "183d-5f3c13e15d363"
Accept-Ranges: bytes
Content-Length: 6205
Connection: close
Content-Type: image/png
d.clarity.ms/collect
40.76.174.66204 No Content 0 B IP 40.76.174.66:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: d.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2670
Origin: http://aoi.fit
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
access-control-allow-origin: http://aoi.fit
access-control-allow-credentials: true
date: Sun, 05 Feb 2023 11:54:14 GMT
X-Firefox-Spdy: h2
hpjp.mieru-ca.com/embed?service=heatmap-popup&tokenId=203397161&protocol=http:&hostname=aoi.fit&pathname=%2F&search=&hash=&dv=d
35.73.152.215200 OK 73 B URL HTTP/1.1 hpjp.mieru-ca.com/embed?service=heatmap-popup&tokenId=203397161&protocol=http:&hostname=aoi.fit&pathname=%2F&search=&hash=&dv=d
IP 35.73.152.215:0
File type ASCII text, with no line terminators
Hash 1015fe24eb7a44ed1720ca021a38650b
18ead847489881866bb715fae5c0ab1ac195abc3
3781e6a0ee299fb580df8e48f1a97e7d79014ace9136cab4ca90294e8c3fd4b6
GET /embed?service=heatmap-popup&tokenId=203397161&protocol=http:&hostname=aoi.fit&pathname=%2F&search=&hash=&dv=d HTTP/1.1
Host: hpjp.mieru-ca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 73
Connection: keep-alive
server: Mieruca HeatMap
access-control-allow-headers: Content-Type
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Accept-Encoding
accept-ranges: bytes
dfltweb1.onamae.com/
150.95.255.38200 OK 2.5 kB IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 4f975b4b747ba945266019088f15c009
a1b6bc6d8450ac45f918e027749380de747aad84
c5349f461cce3840abc2d27e3562dc0a21bdba784d33f31a3b9e13d2125a8ef8
GET / HTTP/1.1
Host: dfltweb1.onamae.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://aoi.fit/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Content-Length: 2503
Connection: close
Content-Type: text/html; charset=UTF-8
aoi.fit/include/card_renew.svg
150.95.255.38200 OK 1.1 kB URL HTTP/1.1 aoi.fit/include/card_renew.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1097), with no line terminators
Hash f52f3038bc5f58e4626b4dc152bebe24
d10ee1980ae4b5a72ea9bfec33f245c3ef79ca5e
87c003abb45d57cc66fc55510efc6e07f71b93584ac5d355b370f61d9a522805
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_renew.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "449-5f3c13e16daad"
Accept-Ranges: bytes
Content-Length: 1097
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/card_server.svg
150.95.255.38200 OK 1.2 kB URL HTTP/1.1 aoi.fit/include/card_server.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1244), with no line terminators
Hash 42ba038cb3f3433156e99da2618466e1
afd3b6aedb30523184b6e6a5f28d863aa23a00ef
11db717da9c728aa73decfde3f1903f472fe7eadf91c7f1c8fe35b006b8c2b69
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_server.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "4dc-5f3c13e16daad"
Accept-Ranges: bytes
Content-Length: 1244
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/card_moving.svg
150.95.255.38200 OK 1.2 kB URL HTTP/1.1 aoi.fit/include/card_moving.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1217), with no line terminators
Hash 7cee6c46bfafb9089ff5a351277c6ed7
15b3a0b94a54187c7cb9d11b51cd1eaf76be0227
813f9a194531058745f101e5774b0d4eed108eed2f47243bdfed0d16a05cd1fa
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_moving.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "4c1-5f3c13e15cf7b"
Accept-Ranges: bytes
Content-Length: 1217
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/onamae_domain_icon.woff
150.95.255.38200 OK 7.1 kB URL HTTP/1.1 aoi.fit/include/onamae_domain_icon.woff
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type Web Open Font Format, TrueType, length 7124, version 1.0\012- data
Hash e0c7d06ee03bb3fb4351eee7e7ba8edb
ada31299cd708945fbb49347006d916eb5949a62
87ef17955794fea2f5a22fb8149520a3378fba3e365743e58aaff88943931968
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/onamae_domain_icon.woff HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://aoi.fit/include/parking.css
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.2.280698019.1675598094; _gid=GA1.2.1835370947.1675598094; _gat_UA-47544241-5=1; _clck=hl0rhn|1|f8v|0; s_fid=44DA9429366BC7BD-0F9B420DD8821D1F; s_nr=1675598094927; gmoinonamaecom_eVar26=2023%2F2%2F5; gmoinonamaecom_eVar27=8%3A45PM; gmoinonamaecom_prop28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html; s_ppn=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "1bd4-5f3c13e16e665"
Accept-Ranges: bytes
Content-Length: 7124
Connection: close
Content-Type: application/font-woff
ocsp.comodoca.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 7f6500984d576d60f2c14d6862600aa0
4c3a313c83c7c24d93096ddb2ab82137b26af1a7
76c2179b7329622efaeb7fd6af7442d5e6a5e5df8e6108359560aa9fee13b700
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 15:38:22 GMT
Expires: Sat, 11 Feb 2023 15:38:21 GMT
Etag: "4c3a313c83c7c24d93096ddb2ab82137b26af1a7"
Cache-Control: max-age=602447,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1448
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794b7347288cb4f4-OSL
aoi.fit/include/card_search.svg
150.95.255.38200 OK 1.7 kB URL HTTP/1.1 aoi.fit/include/card_search.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1682), with no line terminators
Hash 7a32739001a6ec5ffa482b8713a15b21
8ca37f39814eefbe8ae337fbefc2b90cb9ca30ea
bfef035cd2207ec5b19ab0738fbf540c89dfd2d4374d7147a94a9c0a06199c0a
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_search.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "692-5f3c13e16daad"
Accept-Ranges: bytes
Content-Length: 1682
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/whats_domain.png
150.95.255.38200 OK 37 kB URL HTTP/1.1 aoi.fit/include/whats_domain.png
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type PNG image data, 680 x 272, 8-bit/color RGBA, non-interlaced\012- data
Hash 7893348b620e3f40ad40609103df053b
7fa03834fb044d762a87ec9d3dfa3f00e1215d1e
24485194525f582ad7610f75e5508e468a4a730baaecaae8848e596ef04f2dde
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/whats_domain.png HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "902c-5f3c13e16ea4d"
Accept-Ranges: bytes
Content-Length: 36908
Connection: close
Content-Type: image/png
aoi.fit/include/server_0yen_03.png
150.95.255.38200 OK 15 kB URL HTTP/1.1 aoi.fit/include/server_0yen_03.png
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type PNG image data, 680 x 272, 8-bit colormap, non-interlaced\012- data
Hash e35c75607868c71b3179698f5dd63303
eec60ff74731236aaf34a81f75fe039296cb5587
b40ed9ea5e7e2c2d0eb7897380fa09af5647d764593a9b67a6c57abecc231cb4
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/server_0yen_03.png HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "3c26-5f3c13e16ea4d"
Accept-Ranges: bytes
Content-Length: 15398
Connection: close
Content-Type: image/png
aoi.fit/include/whatdomain.svg
150.95.255.38200 OK 19 kB URL HTTP/1.1 aoi.fit/include/whatdomain.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (19049), with no line terminators
Hash bd28ae99952a4e5bc7d14d13feaef181
57ce8678a05ed6450848c8b1fd7e0afb59ea6e7d
196cb08a0052f8acaef647963a9b8d130ca4c21b97b2ea27d72d4862ee5f2db4
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/whatdomain.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "4a69-5f3c13e15df1b"
Accept-Ranges: bytes
Content-Length: 19049
Connection: close
Content-Type: image/svg+xml
api.amplitude.com/
52.12.35.186200 OK 0 B IP 52.12.35.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cross-origin-resource-policy
Referer: http://aoi.fit/
Origin: http://aoi.fit
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:54:15 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: cross-origin-resource-policy
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
api.amplitude.com/
52.12.35.186200 OK 7 B IP 52.12.35.186:0
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 1372
Origin: http://aoi.fit
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:54:15 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63df98e7-25386da67388c09f69edbdea
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
aoi.fit/include/bulkdomain.png
150.95.255.38200 OK 4.8 kB URL HTTP/1.1 aoi.fit/include/bulkdomain.png
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type PNG image data, 680 x 272, 8-bit colormap, non-interlaced\012- data
Hash 24b8df64f43149e4f21b189fc54237e2
122008e44ef61279ba6d9474b219527b7e6c6d4b
6f14f8526064e3a4c9a82af9277863b83fecccbce0c7ce18b7870192895b155b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/bulkdomain.png HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "12c4-5f3c13e16daad"
Accept-Ranges: bytes
Content-Length: 4804
Connection: close
Content-Type: image/png
aoi.fit/include/transfer.png
150.95.255.38200 OK 26 kB URL HTTP/1.1 aoi.fit/include/transfer.png
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type PNG image data, 680 x 272, 8-bit/color RGBA, non-interlaced\012- data
Hash d765abf43fcc8e188fbef4991a5fbc5d
916b2e9359d4075386944becdd32cebaf17e6cf8
5cc4a2cb1dee0b9201aea4b9e2c3e5dcf7f8c7d207ccb950fded1853b1037511
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/transfer.png HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "65e9-5f3c13e15df1b"
Accept-Ranges: bytes
Content-Length: 26089
Connection: close
Content-Type: image/png
aoi.fit/include/card_transfer.svg
150.95.255.38200 OK 1.4 kB URL HTTP/1.1 aoi.fit/include/card_transfer.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1412), with no line terminators
Hash d36f759c60eaa99cea9d519f6cac80c5
7acaca97d71d1df552ae3b23ed2c8c1c6a589c0a
b077e2146c5e0a2d3ec43cbd8c2bea1cafd2a055d58c2bd80822ce1266741e77
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_transfer.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "584-5f3c13e16de95"
Accept-Ranges: bytes
Content-Length: 1412
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/beauty_sur.png
150.95.255.38200 OK 175 kB URL HTTP/1.1 aoi.fit/include/beauty_sur.png
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type PNG image data, 680 x 272, 8-bit/color RGBA, non-interlaced\012- data
Size 175 kB (174842 bytes)
Hash 20d6d5715c9e74a0881d4ac09d877ea1
c49278eadafbea815f1ac24a980eddf6de36d685
cbd13de976b8242cd6f4cd5c037e8929cd7477647136695766a2ce3a8e51be3f
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/beauty_sur.png HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:15 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "2aafa-5f3c13e15cf7b"
Accept-Ranges: bytes
Content-Length: 174842
Connection: close
Content-Type: image/png
aoi.fit/include/card_dns.svg
150.95.255.38200 OK 2.7 kB URL HTTP/1.1 aoi.fit/include/card_dns.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2727), with no line terminators
Hash 036a4f435b593fc7ca707e8833a9cd54
d5f6bf87a620a3e5ccdecc9e480f26348cc69f30
1234e2b68c7f7dc9b8c8291db70aa6bf13465026edb1f3fa887c8463f63f289f
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_dns.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:16 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "aa7-5f3c13e16daad"
Accept-Ranges: bytes
Content-Length: 2727
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/card_ssl.svg
150.95.255.38200 OK 1.3 kB URL HTTP/1.1 aoi.fit/include/card_ssl.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1269), with no line terminators
Hash 85243b2c5c333e6b0894bea4297f4e2c
fe2c5e5eeda3d6172cb78a57a3ca1eabf3f4429d
72488a34b47dfcfe7007f7615f62e099272c174ea91d914299a5eda4b7544707
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_ssl.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:16 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "4f5-5f3c13e15d363"
Accept-Ranges: bytes
Content-Length: 1269
Connection: close
Content-Type: image/svg+xml
cache.img.gmo.jp/onamae/images/logo.svg
163.171.134.109200 OK 28 kB URL HTTP/1.1 cache.img.gmo.jp/onamae/images/logo.svg
IP 163.171.134.109:0
ASN #54994 QUANTILNETWORKS
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (10462)
Hash 3a98348e489618314d9070557019a36c
5f5b0fe03f676b1980190eb0b7381fd91331c42f
38d2a961276192286a34b9c937c8d0be462b5ec0eaf79f1a873e1698b17a9cf6
GET /onamae/images/logo.svg HTTP/1.1
Host: cache.img.gmo.jp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:16 GMT
Content-Type: image/svg+xml
Content-Length: 27730
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Mon, 29 Aug 2022 02:04:32 GMT
ETag: "6c52-5e757af47ba4e"
Accept-Ranges: bytes
Age: 8803
Via: 1.1 PSxjpSin5jv185:7 (W), 1.1 PSdgflkfFRA1bc200:6 (W), 1.1 PS-ARN-01C8L93:5 (W)
X-Px: ht PS-ARN-01C8L93ARN
X-Ws-Request-Id: 63df98e8_PSrdsdgemSTO1sw92_28028-41265
Cache-Control: max-age=86400
aoi.fit/include/card_whois.svg
150.95.255.38200 OK 2.5 kB URL HTTP/1.1 aoi.fit/include/card_whois.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2465), with no line terminators
Hash f0d265c519a59f0fe7e482316be4f7de
4755f81539652f148ff84afe310673f07a485d1e
662f3099ec415e9c3e3c07ddb0cf9a1caf5bfd5931ada3ff910107a5dfb9c804
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_whois.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:16 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "9a1-5f3c13e16de95"
Accept-Ranges: bytes
Content-Length: 2465
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/secondary_auction_icon.svg
150.95.255.38200 OK 1.5 kB URL HTTP/1.1 aoi.fit/include/secondary_auction_icon.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1533), with no line terminators
Hash f33934e7a627486bf074e6b97b1ca2ae
a8fcdfed6b78ed98ec07d4c1b05a4192e70b78c5
d1998eb5f85f983680734d8223efda72378c5c195884e9238dc8c05f4d8ab7e4
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/secondary_auction_icon.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:16 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "5fd-5f3c13e15db33"
Accept-Ranges: bytes
Content-Length: 1533
Connection: close
Content-Type: image/svg+xml
aoi.fit/include/card_backorder.svg
150.95.255.38200 OK 2.1 kB URL HTTP/1.1 aoi.fit/include/card_backorder.svg
IP 150.95.255.38:0
ASN #7506 GMO Internet,Inc
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2075), with no line terminators
Hash 0f24589d39f07b691065ffa353532365
fe3d823c7ec1aad98d67e5520a1b0f59a211b178
37fe5eb318b732071485da2d6ab51adafa2072f8767e9ec466ab77f2b1bcf658
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.fit Domain
GET /include/card_backorder.svg HTTP/1.1
Host: aoi.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/include/parking.html
Cookie: _gcl_au=1.1.1770881811.1675598093; _ga_SKHZPJHJCP=GS1.1.1675598093.1.0.1675598093.60.0.0; _ga=GA1.1.280698019.1675598094
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 11:54:16 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2023 01:02:59 GMT
ETag: "81b-5f3c13e15cf7b"
Accept-Ranges: bytes
Content-Length: 2075
Connection: close
Content-Type: image/svg+xml
gmointernet.112.2o7.net/b/ss/gmoinonamaecom/1/JS-2.8.0/s76291199709963?AQB=1&ndh=1&pf=1&t=5%2F1%2F2023%2011%3A54%3A54%200%200&fid=44DA9429366BC7BD-0F9B420DD8821D1F&ce=UTF-8&ns=gmointernet&cdp=2&pageName=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html&g=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&cc=JPY&ch=include&c6=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c18=%7C%7CnotKaiin%7C%7C&c19=%7C%7CnotKaiin%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c24=notAD&c25=New&v25=New&c26=2023%2F2%2F5&v26=2023%2F2%2F5&c27=8%3A45PM&v27=8%3A45PM&c28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c29=%7CnotAd%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c30=%7CNew%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v34=D%3Dc34&c44=20151225_1%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c45=20151225_1&c48=aoi.fit&v48=aoi.fit&c49=D%3Dr&c50=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=150&AQE=1
13.37.25.97302 Found 0 B URL HTTP/1.1 gmointernet.112.2o7.net/b/ss/gmoinonamaecom/1/JS-2.8.0/s76291199709963?AQB=1&ndh=1&pf=1&t=5%2F1%2F2023%2011%3A54%3A54%200%200&fid=44DA9429366BC7BD-0F9B420DD8821D1F&ce=UTF-8&ns=gmointernet&cdp=2&pageName=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html&g=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&cc=JPY&ch=include&c6=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c18=%7C%7CnotKaiin%7C%7C&c19=%7C%7CnotKaiin%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c24=notAD&c25=New&v25=New&c26=2023%2F2%2F5&v26=2023%2F2%2F5&c27=8%3A45PM&v27=8%3A45PM&c28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c29=%7CnotAd%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c30=%7CNew%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v34=D%3Dc34&c44=20151225_1%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c45=20151225_1&c48=aoi.fit&v48=aoi.fit&c49=D%3Dr&c50=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=150&AQE=1
IP 13.37.25.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/ss/gmoinonamaecom/1/JS-2.8.0/s76291199709963?AQB=1&ndh=1&pf=1&t=5%2F1%2F2023%2011%3A54%3A54%200%200&fid=44DA9429366BC7BD-0F9B420DD8821D1F&ce=UTF-8&ns=gmointernet&cdp=2&pageName=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html&g=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&cc=JPY&ch=include&c6=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c18=%7C%7CnotKaiin%7C%7C&c19=%7C%7CnotKaiin%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c24=notAD&c25=New&v25=New&c26=2023%2F2%2F5&v26=2023%2F2%2F5&c27=8%3A45PM&v27=8%3A45PM&c28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c29=%7CnotAd%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c30=%7CNew%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v34=D%3Dc34&c44=20151225_1%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c45=20151225_1&c48=aoi.fit&v48=aoi.fit&c49=D%3Dr&c50=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=150&AQE=1 HTTP/1.1
Host: gmointernet.112.2o7.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aoi.fit/
HTTP/1.1 302 Found
access-control-allow-origin: *
vary: Origin
date: Sun, 05 Feb 2023 11:54:16 GMT
content-type: text/plain;charset=utf-8
expires: Sat, 04 Feb 2023 11:54:16 GMT
last-modified: Mon, 06 Feb 2023 11:54:16 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31EFCC740AF03D48-600017D65356E42C[CE]; Path=/; Domain=gmointernet.112.2o7.net; Max-Age=63072000; Expires=Tue, 04 Feb 2025 11:54:54 GMT; SameSite=None;
location: http://gmointernet.112.2o7.net/b/ss/gmoinonamaecom/1/JS-2.8.0/s76291199709963?AQB=1&pccr=true&vidn=31EFCC740AF03D48-600017D65356E42C&ndh=1&pf=1&t=5%2F1%2F2023%2011%3A54%3A54%200%200&fid=44DA9429366BC7BD-0F9B420DD8821D1F&ce=UTF-8&ns=gmointernet&cdp=2&pageName=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html&g=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&cc=JPY&ch=include&c6=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c18=%7C%7CnotKaiin%7C%7C&c19=%7C%7CnotKaiin%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c24=notAD&c25=New&v25=New&c26=2023%2F2%2F5&v26=2023%2F2%2F5&c27=8%3A45PM&v27=8%3A45PM&c28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c29=%7CnotAd%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c30=%7CNew%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v34=D%3Dc34&c44=20151225_1%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c45=20151225_1&c48=aoi.fit&v48=aoi.fit&c49=D%3Dr&c50=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=150&AQE=1
content-length: 0
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
gmointernet.112.2o7.net/b/ss/gmoinonamaecom/1/JS-2.8.0/s76291199709963?AQB=1&pccr=true&vidn=31EFCC740AF03D48-600017D65356E42C&ndh=1&pf=1&t=5%2F1%2F2023%2011%3A54%3A54%200%200&fid=44DA9429366BC7BD-0F9B420DD8821D1F&ce=UTF-8&ns=gmointernet&cdp=2&pageName=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html&g=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&cc=JPY&ch=include&c6=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c18=%7C%7CnotKaiin%7C%7C&c19=%7C%7CnotKaiin%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c24=notAD&c25=New&v25=New&c26=2023%2F2%2F5&v26=2023%2F2%2F5&c27=8%3A45PM&v27=8%3A45PM&c28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c29=%7CnotAd%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c30=%7CNew%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v34=D%3Dc34&c44=20151225_1%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c45=20151225_1&c48=aoi.fit&v48=aoi.fit&c49=D%3Dr&c50=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=150&AQE=1
13.37.25.97200 OK 43 B URL HTTP/1.1 gmointernet.112.2o7.net/b/ss/gmoinonamaecom/1/JS-2.8.0/s76291199709963?AQB=1&pccr=true&vidn=31EFCC740AF03D48-600017D65356E42C&ndh=1&pf=1&t=5%2F1%2F2023%2011%3A54%3A54%200%200&fid=44DA9429366BC7BD-0F9B420DD8821D1F&ce=UTF-8&ns=gmointernet&cdp=2&pageName=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html&g=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&cc=JPY&ch=include&c6=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c18=%7C%7CnotKaiin%7C%7C&c19=%7C%7CnotKaiin%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c24=notAD&c25=New&v25=New&c26=2023%2F2%2F5&v26=2023%2F2%2F5&c27=8%3A45PM&v27=8%3A45PM&c28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c29=%7CnotAd%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c30=%7CNew%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v34=D%3Dc34&c44=20151225_1%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c45=20151225_1&c48=aoi.fit&v48=aoi.fit&c49=D%3Dr&c50=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=150&AQE=1
IP 13.37.25.97:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/gmoinonamaecom/1/JS-2.8.0/s76291199709963?AQB=1&pccr=true&vidn=31EFCC740AF03D48-600017D65356E42C&ndh=1&pf=1&t=5%2F1%2F2023%2011%3A54%3A54%200%200&fid=44DA9429366BC7BD-0F9B420DD8821D1F&ce=UTF-8&ns=gmointernet&cdp=2&pageName=https%3A%2F%2Fwww.onamae.com%2Finclude%2Fparking.html&g=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&cc=JPY&ch=include&c6=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c18=%7C%7CnotKaiin%7C%7C&c19=%7C%7CnotKaiin%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c24=notAD&c25=New&v25=New&c26=2023%2F2%2F5&v26=2023%2F2%2F5&c27=8%3A45PM&v27=8%3A45PM&c28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v28=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c29=%7CnotAd%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c30=%7CNew%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&v34=D%3Dc34&c44=20151225_1%7Chttp%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&c45=20151225_1&c48=aoi.fit&v48=aoi.fit&c49=D%3Dr&c50=http%3A%2F%2Faoi.fit%2Finclude%2Fparking.html&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=150&AQE=1 HTTP/1.1
Host: gmointernet.112.2o7.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://aoi.fit/
Connection: keep-alive
HTTP/1.1 200 OK
access-control-allow-origin: *
date: Sun, 05 Feb 2023 11:54:16 GMT
expires: Sat, 04 Feb 2023 11:54:16 GMT
last-modified: Mon, 06 Feb 2023 11:54:16 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31EFCC74034777DD-4000132F33586BF4[CE]; Path=/; Domain=gmointernet.112.2o7.net; Max-Age=63072000; Expires=Tue, 04 Feb 2025 11:54:54 GMT; SameSite=None;
etag: 3598319425935572992-4619834701825731571
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&RedC=c.clarity.ms&MXFR=39E70C691C8F64E93A7A1EC6188F6AE9
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=39E70C691C8F64E93A7A1EC6188F6AE9; domain=.clarity.ms; expires=Fri, 01-Mar-2024 11:54:16 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sun, 05 Feb 2023 11:54:16 GMT
content-length: 0
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&RedC=c.clarity.ms&MXFR=39E70C691C8F64E93A7A1EC6188F6AE9
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&RedC=c.clarity.ms&MXFR=39E70C691C8F64E93A7A1EC6188F6AE9
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&RedC=c.clarity.ms&MXFR=39E70C691C8F64E93A7A1EC6188F6AE9 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://aoi.fit/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&MUID=11FAE8DA51F769BA1909FA7550026851
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=11FAE8DA51F769BA1909FA7550026851; domain=c.bing.com; expires=Fri, 01-Mar-2024 11:54:16 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 97AB61BAA4CD4CB6859066155A44EA41 Ref B: OSL30EDGE0520 Ref C: 2023-02-05T11:54:16Z
date: Sun, 05 Feb 2023 11:54:16 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&MUID=11FAE8DA51F769BA1909FA7550026851
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&MUID=11FAE8DA51F769BA1909FA7550026851
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=3E7864A1FE564937A9D1EC466893A836&MUID=11FAE8DA51F769BA1909FA7550026851 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://aoi.fit/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Tue, 17 Jan 2023 20:36:49 GMT
accept-ranges: bytes
etag: "b1c8df6cb32ad91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sun, 05-Feb-2023 12:04:17 GMT; path=/; SameSite=None; Secure;
date: Sun, 05 Feb 2023 11:54:16 GMT
content-length: 42
X-Firefox-Spdy: h2
d.clarity.ms/collect
40.76.174.66204 No Content 0 B IP 40.76.174.66:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: d.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 17611
Origin: http://aoi.fit
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
access-control-allow-origin: http://aoi.fit
access-control-allow-credentials: true
date: Sun, 05 Feb 2023 11:54:17 GMT
X-Firefox-Spdy: h2
www.clarity.ms/tag/5bqcl3zem4
13.107.238.53200 OK 0 B URL HTTP/2 www.clarity.ms/tag/5bqcl3zem4
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /tag/5bqcl3zem4 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=ea82c297e3354a64a418af5c97632d28.20230205.20240205; expires=Mon, 05 Feb 2024 11:54:14 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
x-cache: CONFIG_NOCACHE
x-azure-ref: 05pjfYwAAAACZHdnz+/wPRJTzseWxxsLuQ1BIMzBFREdFMDQxOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 05 Feb 2023 11:54:14 GMT
X-Firefox-Spdy: h2
www.clarity.ms/eus/s/0.7.1/clarity.js
13.107.238.53200 OK 0 B URL HTTP/2 www.clarity.ms/eus/s/0.7.1/clarity.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /eus/s/0.7.1/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aoi.fit/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d936557825629e"
server: Microsoft-IIS/10.0
x-cache: TCP_HIT
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
x-azure-ref-originshield: 0r2veYwAAAACIp2aZcoTJQJvkDKp4lzCkRlJBMjMxMDUwNDE4MDExADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-azure-ref: 05pjfYwAAAADI8QHhWCAeQKRj6ZqkTvA1Q1BIMzBFREdFMDQxOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 05 Feb 2023 11:54:14 GMT
X-Firefox-Spdy: h2