Report - click.qimteq.com/ft1y9e/4a789b361b1816a1c6537315af0d53ff/3174

Report Overview

Submitted URL
click.qimteq.com/ft1y9e/4a789b361b1816a1c6537315af0d53ff/3174
IP
54.144.130.63
ASN
#14618 AMAZON-AES
Submitted
2023-03-21 12:48:06
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T18:12:03Z	2.7 kB	7.1 kB	23.36.77.32
radioactiva1011.com	unknown	2015-07-01T00:45:27Z	2023-03-21T14:14:57Z	494 B	283 B	62.171.152.86
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-25T22:19:37Z	409 B	1.3 kB	142.250.74.163
app.babydop.com	unknown	2021-08-24T11:33:47Z	2023-03-24T14:33:52Z	2.8 kB	19 kB	3.13.139.51
google.com	1	2013-10-02T17:25:49Z	2023-03-26T06:57:01Z	681 B	795 B	142.250.74.78
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-26T05:56:25Z	1.5 kB	69 kB	142.250.74.35
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	3.2 kB	63 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-25T18:14:26Z	782 B	2.4 kB	35.241.9.150
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606 B	127 B	52.43.107.188
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-26T05:10:41Z	2.1 kB	4.2 kB	216.58.211.3
click.qimteq.com	unknown			392 B	547 B	54.144.130.63
www.google.com	7	2015-05-10T13:11:19Z	2023-03-25T21:05:45Z	685 B	58 kB	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-21 12:48:02	low	3.13.139.51	Client IP	ET INFO Generic 302 Redirect to Google

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.gstatic.com/og/_/js/k=og.qtm.en_US.x3ks5OQMuEM.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTsLMDC5ShDgua5PEfbsQVpNWEqjoQ	185 kB	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/og/_/js/k=og.qtm.en_US.x3ks5OQMuEM.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTsLMDC5ShDgua5PEfbsQVpNWEqjoQ IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 05:42:45 Last Seen2023-03-29 20:54:03 Times Seen168 Hash 0cfe9d0ceb93520de2fd163211d068f7 a3dbacfdf8cbc2098a8c45fca7909b154c1a460c aabfa6317e0a40c9e971423ec70fe66fd142c8dd81982d85995f7c532e2d2acc Loading...

	www.google.com/	45 kB	2023-03-26	2023-03-26
Pretty URL www.google.com/ IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:03:36 Last Seen2023-03-26 13:03:36 Times Seen1 Hash a2b96b2bab4a04804d2e0fc635b8a584 805a6c0602e70cea33432f3d8eb3069192e4fcb2 fc8240561c4c003e51dcfbe4dbb4918d994b9196b9758edaaa99f792e41de79e Loading...

	www.google.com/	6.4 kB	2023-03-26	2023-03-29
Pretty URL www.google.com/ IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 05:42:45 Last Seen2023-03-29 20:54:03 Times Seen300 Hash 6a1b7eaab43b673be5f1843d1567fb9b 94382fc21e08f3db6900790d82e31b25577c126d a313a0c0b5be154f7f10938efbecbd9e8ccc16f71265f04b8f5ad2e9636c8306 Loading...

	www.google.com/	21 kB	2023-03-26	2023-03-26
Pretty URL www.google.com/ IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:03:36 Last Seen2023-03-26 13:03:36 Times Seen1 Hash e29848e9a56ba549e38a6764c6123a26 2ea865980c9080d3e1edc8f500c93acbe6883381 c837c293e08f4b1cd927aa6b048d4f17563cb24c087a0350a675bbf655b9c868 Loading...

	www.google.com/	108 B	2023-03-26	2023-03-26
Pretty URL www.google.com/ IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:28:47 Last Seen2023-03-26 13:18:23 Times Seen12 Hash 9290e555d600552ca4f66e870c8f94b2 628e280ea63a013014146c84ed0fe96470730c49 4c9eca832c91cc58bca2565eb10d55eeadcc816ac584ca0a47fc79580c5b02b6 Loading...

	www.google.com/	3.6 kB	2023-03-26	2023-03-26
Pretty URL www.google.com/ IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:03:36 Last Seen2023-03-26 13:03:36 Times Seen1 Hash d1c3ea42e0bf74faaac5391121728e9c 1a2098d9f7fc642fc40382d0b3513abc5c12ef9f 91fb44395b33d92680ae79db2ed81c431411b16aebb8e5de3fbea4a640677ffc Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0	114 kB	2023-03-14	2023-11-02
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 09:28:04 Last Seen2023-11-02 21:08:08 Times Seen2606 Hash ab4929e07ca474f25a80fb6de06b8825 e84afec2b54a74f5ef53a2fde492887a5257931c 0674d7a70c47e6894ec3b635835c6068429c925b500b25787e93778bc722c9ab Loading...

	app.babydop.com/35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com	1.9 kB	2023-03-26	2023-03-26
Pretty URL app.babydop.com/35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com IP 3.13.139.51 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:03:36 Last Seen2023-03-26 13:03:36 Times Seen1 Hash eebda9d3689ebed8207083c81f51b212 22a822297fb62515779a313e63b5901b5c54d98a 9c5a6e0d923ad458d0b058fbe624041fc2808caae7c1df8d66d8e83acff31a16 Loading...

	www.google.com/	30 kB	2023-03-26	2023-03-26
Pretty URL www.google.com/ IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:28:44 Last Seen2023-03-26 13:30:15 Times Seen26 Hash 9ad2bb1c49f674208debcc1658db696d 752806b25e8b8453df74978a7f971cb7160ba2f3 26e16afd59fed073f2ee6ea83b0760143231cc5d2900c8bd44550e0e02d1ce0f Loading...

HTTP Transactions (36)

	URL	IP	Response	Size
	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 28774b36cf8bb6b054329393a33f6239 728313ddff6d5ceb6db3eb8445f039779616a140 08378fe6a897ab5a9c8d3bc2748c9670659d0d0d164317fdfac88d23fee78fa0 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "08378FE6A897AB5A9C8D3BC2748C9670659D0D0D164317FDFAC88D23FEE78FA0" Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6754 Expires: Tue, 21 Mar 2023 14:40:29 GMT Date: Tue, 21 Mar 2023 12:47:55 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash ec332b81a27117ce9c16b67a5a8e4fac b6d2afa2c859d000ad830d3d8d73f57bac6ffce2 1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F" Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8114 Expires: Tue, 21 Mar 2023 15:03:09 GMT Date: Tue, 21 Mar 2023 12:47:55 GMT Connection: keep-alive`

	firefox.settings.services.mozilla.com/v1/	35.241.9.150	200 OK	939 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/ IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size 939 B (939 bytes) Hash bc86ef2a0cee04915bc360f5821adc8f 3658f9028cce204d38f7f48fcfaa2a8e4f54383a aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454 HTTP Headers `GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Tue, 21 Mar 2023 12:14:57 GMT content-type: application/json age: 1978 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 4e6141892ec4705c6a0134f3157b969d 4169fdea42b0fa9cb565e14b8e8fdb293575c78e 905537ef3e3a4a9030391b44bd6ac6bb5d7c9ec752b1821d683dfbf483096163 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "905537EF3E3A4A9030391B44BD6AC6BB5D7C9EC752B1821D683DFBF483096163" Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8739 Expires: Tue, 21 Mar 2023 15:13:34 GMT Date: Tue, 21 Mar 2023 12:47:55 GMT Connection: keep-alive`

	content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain	34.160.144.191	200 OK	5.3 kB
URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain IP 34.160.144.191:0 ASN #15169 GOOGLE File type PEM certificate\012- , ASCII text Size 5.3 kB (5348 bytes) Hash e7bace7c1e04d44012e37ddffe36e5d5 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2 HTTP Headers `GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK x-amz-id-2: bXGcPMNmr3MFWLwpJuZKRQ2OjDHP0zmUJ7x0ygAF5AwWBinlZWF+m/d60GPxsVuLh7UTO0PzXkc= x-amz-request-id: HK9J6HKQFZFRCE7R x-amz-server-side-encryption: AES256 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Tue, 21 Mar 2023 11:53:10 GMT age: 3285 last-modified: Sat, 11 Mar 2023 16:53:15 GMT etag: "e7bace7c1e04d44012e37ddffe36e5d5" content-type: binary/octet-stream cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2

	contile.services.mozilla.com/v1/tiles	34.117.237.239	200 OK	12 B
URL HTTP/2 contile.services.mozilla.com/v1/tiles IP 34.117.237.239:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with no line terminators Size 12 B (12 bytes) Hash 23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 HTTP Headers `GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Tue, 21 Mar 2023 12:47:56 GMT content-type: application/json content-length: 12 access-control-expose-headers: content-type access-control-allow-credentials: true vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2`

	firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US	35.241.9.150	200 OK	329 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size 329 B (329 bytes) Hash 0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 HTTP Headers `GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Tue, 21 Mar 2023 12:14:33 GMT age: 2003 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" content-type: application/json cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 4c195a3fc0c2abb831630cef1dcfa770 eda338de3063640556177b9db364c33193d7f6dc c22eb0537cd79666b82fe61dd77fe9b0b3c059a4c65d405412acfc2c6800b444 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "C22EB0537CD79666B82FE61DD77FE9B0B3C059A4C65D405412ACFC2C6800B444" Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8175 Expires: Tue, 21 Mar 2023 15:04:11 GMT Date: Tue, 21 Mar 2023 12:47:56 GMT Connection: keep-alive`

	click.qimteq.com/ft1y9e/4a789b361b1816a1c6537315af0d53ff/3174	54.144.130.63	200 OK	263 B
URL HTTP/1.1 click.qimteq.com/ft1y9e/4a789b361b1816a1c6537315af0d53ff/3174 IP 54.144.130.63:0 ASN #14618 AMAZON-AES File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 263 B (263 bytes) Hash c195b5788c56157b03ddf9d9056af1be be5b7557c53473efe629cd4f4900ffe5c939ade3 2ffc726a51659d027889eaaea3c78b6e3b45de180e8881108728411e5861cacc HTTP Headers `GET /ft1y9e/4a789b361b1816a1c6537315af0d53ff/3174 HTTP/1.1 Host: click.qimteq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1` `HTTP/1.1 200 OK Date: Tue, 21 Mar 2023 12:47:55 GMT Server: Apache/2.4.41 (Ubuntu) Cache-Control: no-cache, private Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 263 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8`

	push.services.mozilla.com/	52.43.107.188	101 Switching Protocols	0 B
URL HTTP/1.1 push.services.mozilla.com/ IP 52.43.107.188:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: S8JIHht1ggWiuJzKJz33uA== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket `HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: wDePDc7Vk9ilqiBkyqlpOxWKBMk=`

	radioactiva1011.com/start.php?page=35&sub=&email=dwhenderson@hillhillcarter.com	62.171.152.86	302 Found	0 B
URL HTTP/1.1 radioactiva1011.com/start.php?page=35&sub=&email=dwhenderson@hillhillcarter.com IP 62.171.152.86:0 ASN #51167 Contabo GmbH File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /start.php?page=35&sub=&email=dwhenderson@hillhillcarter.com HTTP/1.1 Host: radioactiva1011.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site` `HTTP/1.1 302 Found Date: Tue, 21 Mar 2023 12:47:56 GMT Server: Apache Location: http://app.babydop.com/35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com Strict-Transport-Security: max-age=31536000 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash de95776582936b8e129e876cf6d80fa8 0233251e1cf0123f1260d980d7c8ef92718723f9 49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36" Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7735 Expires: Tue, 21 Mar 2023 14:56:53 GMT Date: Tue, 21 Mar 2023 12:47:58 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash de95776582936b8e129e876cf6d80fa8 0233251e1cf0123f1260d980d7c8ef92718723f9 49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36" Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7735 Expires: Tue, 21 Mar 2023 14:56:53 GMT Date: Tue, 21 Mar 2023 12:47:58 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash de95776582936b8e129e876cf6d80fa8 0233251e1cf0123f1260d980d7c8ef92718723f9 49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36" Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7735 Expires: Tue, 21 Mar 2023 14:56:53 GMT Date: Tue, 21 Mar 2023 12:47:58 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash de95776582936b8e129e876cf6d80fa8 0233251e1cf0123f1260d980d7c8ef92718723f9 49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36" Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7735 Expires: Tue, 21 Mar 2023 14:56:53 GMT Date: Tue, 21 Mar 2023 12:47:58 GMT Connection: keep-alive`

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg	34.120.237.76	200 OK	8.2 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 8.2 kB (8195 bytes) Hash 2a940b362660fdee25faaa51e08c439b 85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c 18b99e3e890fdc959421c895ce343b8b3ed88819c83fa0009823e8ded23458f1 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 8195 x-amzn-requestid: c6844a50-a6b2-4ef4-ad28-f1a0fbcec14f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CDFESEDGoAMFQ8A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6417821b-22fa560d4b7811c233fe07fa;Sampled=0 x-amzn-remapped-date: Sun, 19 Mar 2023 21:43:55 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: WZ5MqPZ-MEjDt3N53EIx1XrerDmUkyvK-5FUXAmI29GXlGe6AaPqEg== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google date: Mon, 20 Mar 2023 22:23:21 GMT age: 51877 etag: "85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6943b819-ab3e-4698-a81d-266be026b4b8.jpeg	34.120.237.76	200 OK	11 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6943b819-ab3e-4698-a81d-266be026b4b8.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 11 kB (10855 bytes) Hash f73dbc0fc3d196647ddc1e30450989d4 75d0a1414a5d350ba426dc37333a6ea131f66753 2a6954b3ccf01567c0c0c2911dd8b02c1cd264fc78178cef2eef6a6796c16c3f HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6943b819-ab3e-4698-a81d-266be026b4b8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 10855 x-amzn-requestid: bb845712-834d-49b1-97f0-f3750f132741 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CEZD0GCHIAMFq6A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6418087e-4361bbd40ec5f0d10dabdf85;Sampled=0 x-amzn-remapped-date: Mon, 20 Mar 2023 07:17:18 GMT x-amz-cf-pop: SEA19-C3 x-cache: Miss from cloudfront x-amz-cf-id: gnFLBOJmRcgsHzy_KXjzE6LwwN4CSqz99pIhYMBx8xrHa8UO6O0kJA== via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google date: Tue, 21 Mar 2023 07:30:21 GMT age: 19057 etag: "75d0a1414a5d350ba426dc37333a6ea131f66753" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc78f90b-41af-4ead-ad86-702e5fda80ad.jpeg	34.120.237.76	200 OK	10 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc78f90b-41af-4ead-ad86-702e5fda80ad.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 10 kB (10326 bytes) Hash 2b8211ace94cc818c0b092a0f8c24c7e 785e7ca94d770a89c2d738d38c880d676bf14652 f14171e1bf278f881e63d81884e84b0395f37871bfdad187c57ee8b1c337602d HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc78f90b-41af-4ead-ad86-702e5fda80ad.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 10326 x-amzn-requestid: 21739424-faef-436b-9024-5354854b622c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CGWI8E4poAMFsvg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6418d09f-1627c1db7ff0c2f05f9c4e6e;Sampled=0 x-amzn-remapped-date: Mon, 20 Mar 2023 21:31:11 GMT x-amz-cf-pop: HIO50-C1, SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: Of4HaJ0jyQi4UtDzfCkHvtGbM96VDYUBzPhhf2icz-g47rIM9Zdz7Q== via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 google date: Mon, 20 Mar 2023 21:45:43 GMT age: 54135 etag: "785e7ca94d770a89c2d738d38c880d676bf14652" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg	34.120.237.76	200 OK	6.5 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 6.5 kB (6511 bytes) Hash 4e5f234aedfabd736b50fef3017380f9 71672a6c3523d9999522e005091863d07ea0e94a 3314df7a93e317d509aeffc1cde69ec450ddad116a27dc197db1abce966da344 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 6511 x-amzn-requestid: 82d12180-bdcb-4ce0-8588-4239ee27f236 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CGWI_E_eoAMF3sA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6418d09f-2f5df7cd5f6cee4762703d29;Sampled=0 x-amzn-remapped-date: Mon, 20 Mar 2023 21:31:11 GMT x-amz-cf-pop: SEA19-C1, SEA19-C3 x-cache: Miss from cloudfront x-amz-cf-id: yQgmYjA3RIk8IVzzOoHdYl60H1BO_IeCF_7d7AmTqjuIOxQIS2dyDw== via: 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 1d0860167e2100a6d1cd9c0213c2b8e8.cloudfront.net (CloudFront), 1.1 google date: Mon, 20 Mar 2023 22:08:29 GMT etag: "71672a6c3523d9999522e005091863d07ea0e94a" content-type: image/jpeg age: 52769 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c30d472-b18d-4143-87bb-ee8773cd5f78.jpeg	34.120.237.76	200 OK	9.2 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c30d472-b18d-4143-87bb-ee8773cd5f78.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 9.2 kB (9160 bytes) Hash 83b411d866428669d03b1976161389e7 7ea69307d21876d48217e4845204c7cc84db101e 461a26b9fcda639f3935a9355cbe12f49a17e4eb754281fa9468317ec40eccce HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c30d472-b18d-4143-87bb-ee8773cd5f78.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 9160 x-amzn-requestid: 8f8a7d81-ac5e-4992-a0cf-95b3c9791bc6 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CEW3qFRnIAMFZBg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641804fd-64acec7844b88457144b35ce;Sampled=0 x-amzn-remapped-date: Mon, 20 Mar 2023 07:02:21 GMT x-amz-cf-pop: SEA19-C3 x-cache: Miss from cloudfront x-amz-cf-id: nXc8T4YB4Rfq6CIt6rCUV94uQ61TMPabrrHpBOX74N0wFhlk0BNRjA== via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 3f3347264bcaae7af741e2a2f692c6a0.cloudfront.net (CloudFront), 1.1 google date: Tue, 21 Mar 2023 07:45:05 GMT age: 18173 etag: "7ea69307d21876d48217e4845204c7cc84db101e" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc7839c7-2b7e-47fa-a8d7-b001f2527406.jpeg	34.120.237.76	200 OK	11 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc7839c7-2b7e-47fa-a8d7-b001f2527406.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 11 kB (11397 bytes) Hash e7f3f5682ef230a0e5ead556ccbb9c8d 93bcb7e0d7f2e7648f2749060e0a58bca3a033b9 e63beb09275f78a899e992ce814b4a079aaf38a4932a32b9f9431552702224b8 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc7839c7-2b7e-47fa-a8d7-b001f2527406.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 11397 x-amzn-requestid: 9c96a37a-b2e6-46f1-94dd-1a299da61a02 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CGWw1HwVIAMF0Hg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6418d19e-0638254835be22cc17465cc2;Sampled=0 x-amzn-remapped-date: Mon, 20 Mar 2023 21:35:26 GMT x-amz-cf-pop: HIO50-C1, SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: YtVPOnaUmqtoUPrpegn0YVgVNWj8x2GOrMBU1MM85yB5Bx_DIB3ANw== via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 5292c0d5844327feadb38f1efe42ebc6.cloudfront.net (CloudFront), 1.1 google date: Mon, 20 Mar 2023 21:45:43 GMT age: 54135 etag: "93bcb7e0d7f2e7648f2749060e0a58bca3a033b9" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	app.babydop.com/35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com	3.13.139.51	200 OK	786 B
URL HTTP/1.1 app.babydop.com/35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com IP 3.13.139.51:0 ASN #16509 AMAZON-02 File type HTML document text\012- HTML document, ASCII text Size 786 B (786 bytes) Hash f293659234b94b0b302c6039a0d78f32 9ee5e0e0d2d7068fbbeb49289595ba305969916b 03c06712ea7ccf94ba84833a448e03d65d6f31121ac5a973db806fb9ccde9dc3 HTTP Headers `GET /35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com HTTP/1.1 Host: app.babydop.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1` HTTP/1.1 200 OK Date: Tue, 21 Mar 2023 12:47:58 GMT Server: nginx/1.14.0 (Ubuntu) content-type: text/html; charset=UTF-8 cache-control: no-cache, private content-encoding: gzip set-cookie: XSRF-TOKEN=eyJpdiI6IkdldFdRVzh6cnFqUnlva3dhV0xodGc9PSIsInZhbHVlIjoiSkJISXJndEVENnhWc1Q0VzZOdGc3TjhKZ3B3bDcrbUUxWE42cUlhalhWd24wOTBTbWNMY05iczRNVzNldzZMbiIsIm1hYyI6Ijk0YmViZjU2N2NhZGVmZGE2YzE1YmJjZmM5NDlhZjZiZDRiM2Q4MTdmMWZmOGJmNDFlMjk5ZTg5YTY5ZTY2ZTQifQ%3D%3D; expires=Tue, 21-Mar-2023 14:47:58 GMT; Max-Age=7200; path=/; samesite=lax laravel_session=eyJpdiI6IlBKT3pZUGxJbHU4ck1YYUpzS1JFZFE9PSIsInZhbHVlIjoiOGRrZzBoQlZYcUtYZENBMVdaSmpLVjM5UStHcnl1d3VUbXFGcXFHQ05WMXg4VmVpY2FNcDhQU0NiOXFiT0psNCIsIm1hYyI6ImExNDMxZGM3NWI2MDgxMThjN2I1NTMxNWEyY2I4MDlmMjliODIxM2FiNzFkMTM2MTM3ODk5MGVhZDBiY2YyOWEifQ%3D%3D; expires=Tue, 21-Mar-2023 14:47:58 GMT; Max-Age=7200; path=/; httponly; samesite=lax SRVNAME=w2; path=/ Connection: close Transfer-Encoding: chunked

	app.babydop.com/scripts/fp.v3.646d4b3deea4287def3fdfc18906bcc7.js	3.13.139.51	200 OK	15 kB
URL HTTP/1.1 app.babydop.com/scripts/fp.v3.646d4b3deea4287def3fdfc18906bcc7.js IP 3.13.139.51:0 ASN #16509 AMAZON-02 File type Unicode text, UTF-8 text, with very long lines (40096) Size 15 kB (15413 bytes) Hash d4ab9a8ee8a165842673d9cc031d25bb b4381f4385696b202eaef1f38bb6ed0c940234d6 b95d91fd7fb92c3c87b97e642bd1111c66d3bacac1dc8b4def489d88e36420db HTTP Headers GET /scripts/fp.v3.646d4b3deea4287def3fdfc18906bcc7.js HTTP/1.1 Host: app.babydop.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://app.babydop.com/35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com Cookie: XSRF-TOKEN=eyJpdiI6IkdldFdRVzh6cnFqUnlva3dhV0xodGc9PSIsInZhbHVlIjoiSkJISXJndEVENnhWc1Q0VzZOdGc3TjhKZ3B3bDcrbUUxWE42cUlhalhWd24wOTBTbWNMY05iczRNVzNldzZMbiIsIm1hYyI6Ijk0YmViZjU2N2NhZGVmZGE2YzE1YmJjZmM5NDlhZjZiZDRiM2Q4MTdmMWZmOGJmNDFlMjk5ZTg5YTY5ZTY2ZTQifQ%3D%3D; laravel_session=eyJpdiI6IlBKT3pZUGxJbHU4ck1YYUpzS1JFZFE9PSIsInZhbHVlIjoiOGRrZzBoQlZYcUtYZENBMVdaSmpLVjM5UStHcnl1d3VUbXFGcXFHQ05WMXg4VmVpY2FNcDhQU0NiOXFiT0psNCIsIm1hYyI6ImExNDMxZGM3NWI2MDgxMThjN2I1NTMxNWEyY2I4MDlmMjliODIxM2FiNzFkMTM2MTM3ODk5MGVhZDBiY2YyOWEifQ%3D%3D; SRVNAME=w2 `HTTP/1.1 200 OK Date: Tue, 21 Mar 2023 12:47:58 GMT Server: nginx/1.14.0 (Ubuntu) content-type: application/javascript; charset=utf-8 last-modified: Wed, 08 Mar 2023 14:41:17 GMT etag: "64089e8d-9ca8-gzip" accept-ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Connection: close Transfer-Encoding: chunked`

	app.babydop.com/click?s1=ctct1&s2=&s3=35&s4=&src=1pc&l=35&v=&r=1&lbid=&email=dwhenderson@hillhillcarter.com&ph=c93361a85f9fb1b7db9d1f4deb196c22&vd=e30=&fp=OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzg=&ft=WyJCaXRzdHJlYW0gVmVyYSBTYW5zIE1vbm8iXQ==&tz=VVRD&lg=WyJlbi1VUyIsImVuIl0=&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA=&sc=eyJ3aWR0aCI6MTI4MCwiaGVpZ2h0IjoxMDI0LCJjb2xvckRlcHRoIjoyNCwicGl4ZWxEZXB0aCI6MjQsIm1heFRvdWNoUG9pbnRzIjowfQ==&gyro=InVua25vd24i	3.13.139.51	302 Found	191 B
URL HTTP/1.1 app.babydop.com/click?s1=ctct1&s2=&s3=35&s4=&src=1pc&l=35&v=&r=1&lbid=&email=dwhenderson@hillhillcarter.com&ph=c93361a85f9fb1b7db9d1f4deb196c22&vd=e30=&fp=OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzg=&ft=WyJCaXRzdHJlYW0gVmVyYSBTYW5zIE1vbm8iXQ==&tz=VVRD&lg=WyJlbi1VUyIsImVuIl0=&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA=&sc=eyJ3aWR0aCI6MTI4MCwiaGVpZ2h0IjoxMDI0LCJjb2xvckRlcHRoIjoyNCwicGl4ZWxEZXB0aCI6MjQsIm1heFRvdWNoUG9pbnRzIjowfQ==&gyro=InVua25vd24i IP 3.13.139.51:0 ASN #16509 AMAZON-02 File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 191 B (191 bytes) Hash 89807136eda7229357d22bd95ae4482a 0b159f41b8442985ddedd971613e0776e0712843 c992ac32b98fedd8b173c27ec7ab0bcffcc224da725472468d55d1e6028c039e HTTP Headers GET /click?s1=ctct1&s2=&s3=35&s4=&src=1pc&l=35&v=&r=1&lbid=&email=dwhenderson@hillhillcarter.com&ph=c93361a85f9fb1b7db9d1f4deb196c22&vd=e30=&fp=OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzg=&ft=WyJCaXRzdHJlYW0gVmVyYSBTYW5zIE1vbm8iXQ==&tz=VVRD&lg=WyJlbi1VUyIsImVuIl0=&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA=&sc=eyJ3aWR0aCI6MTI4MCwiaGVpZ2h0IjoxMDI0LCJjb2xvckRlcHRoIjoyNCwicGl4ZWxEZXB0aCI6MjQsIm1heFRvdWNoUG9pbnRzIjowfQ==&gyro=InVua25vd24i HTTP/1.1 Host: app.babydop.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://app.babydop.com/35?s1=ctct1&s3=&email=dwhenderson@hillhillcarter.com Cookie: XSRF-TOKEN=eyJpdiI6IkdldFdRVzh6cnFqUnlva3dhV0xodGc9PSIsInZhbHVlIjoiSkJISXJndEVENnhWc1Q0VzZOdGc3TjhKZ3B3bDcrbUUxWE42cUlhalhWd24wOTBTbWNMY05iczRNVzNldzZMbiIsIm1hYyI6Ijk0YmViZjU2N2NhZGVmZGE2YzE1YmJjZmM5NDlhZjZiZDRiM2Q4MTdmMWZmOGJmNDFlMjk5ZTg5YTY5ZTY2ZTQifQ%3D%3D; laravel_session=eyJpdiI6IlBKT3pZUGxJbHU4ck1YYUpzS1JFZFE9PSIsInZhbHVlIjoiOGRrZzBoQlZYcUtYZENBMVdaSmpLVjM5UStHcnl1d3VUbXFGcXFHQ05WMXg4VmVpY2FNcDhQU0NiOXFiT0psNCIsIm1hYyI6ImExNDMxZGM3NWI2MDgxMThjN2I1NTMxNWEyY2I4MDlmMjliODIxM2FiNzFkMTM2MTM3ODk5MGVhZDBiY2YyOWEifQ%3D%3D; SRVNAME=w2 Upgrade-Insecure-Requests: 1 HTTP/1.1 302 Found Date: Tue, 21 Mar 2023 12:47:59 GMT Server: nginx/1.14.0 (Ubuntu) content-type: text/html; charset=UTF-8 cache-control: no-cache, private location: https://google.com set-cookie: XSRF-TOKEN=eyJpdiI6IjcwMlpBRzBTU1dWek5wRWc2bTdmQlE9PSIsInZhbHVlIjoiK0x2dGQ3ayt0Tnk4Y01SY1huQkIwR2NFd0RiQ016djk0VHFOL2lCQ2dVUFl4UlNFaU1pQnlZc0JJM2IrSU9IZyIsIm1hYyI6ImRmYzVlODMwZDI4OGFiMjY4MzUzYmI4NmNhNDUwNDE3MzExMDZlOTM3NDAxNzI4NjNjMTg0MDE4ZTYzMDQ0MjAifQ%3D%3D; expires=Tue, 21-Mar-2023 14:47:59 GMT; Max-Age=7200; path=/; samesite=lax laravel_session=eyJpdiI6IlFiQVV5eXkyV0NsRlNYNUsvL2IwSUE9PSIsInZhbHVlIjoiU0dkVElwd1pheUY0Y3pPYkFsN3lNMmdwckNxV3ZjNGdGUndUREFTMnk3OUNnN0xKbVRJQjZ1TlpXazg5T1pyciIsIm1hYyI6IjlmYjQzMDJiYTZhMjI2OGYyYzUxZTFmNDQ5NDkwNmM0MTg2ZTM3NzljZDk4OTk4ODhjMTQ2ZDI0M2JkMWZjMGUifQ%3D%3D; expires=Tue, 21-Mar-2023 14:47:59 GMT; Max-Age=7200; path=/; httponly; samesite=lax Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 191 Connection: close

	ocsp.pki.goog/gts1c3	216.58.211.3	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 216.58.211.3:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash bfa45bb31acdcad04104ab759ca396b0 f8290df5a249f0dd192fec38584618205b2d4bc7 97b4f123c07d8ccbbb7f6757f55e2b2b055ea296a29f52a729efdc996e9c8592 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 21 Mar 2023 12:47:59 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	google.com/	142.250.74.78	301 Moved Permanently	220 B
URL HTTP/2 google.com/ IP 142.250.74.78:0 ASN #15169 GOOGLE File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators Size 220 B (220 bytes) Hash 276bbb20c29087e88db63899fd8f9129 b52854d1f79de5ebeebf0160447a09c7a8c2cde4 5b61b0c2032b4aa9519d65cc98c6416c12415e02c7fbbaa1be5121dc75162edb HTTP Headers GET / HTTP/1.1 Host: google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://app.babydop.com/ Connection: keep-alive Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site HTTP/2 301 Moved Permanently location: https://www.google.com/ content-type: text/html; charset=UTF-8 cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} date: Tue, 21 Mar 2023 12:47:59 GMT expires: Thu, 20 Apr 2023 12:47:59 GMT cache-control: public, max-age=2592000 server: gws content-length: 220 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	216.58.211.3	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 216.58.211.3:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash bfa45bb31acdcad04104ab759ca396b0 f8290df5a249f0dd192fec38584618205b2d4bc7 97b4f123c07d8ccbbb7f6757f55e2b2b055ea296a29f52a729efdc996e9c8592 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 21 Mar 2023 12:47:59 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	216.58.211.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 216.58.211.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 8535613a8a8fd6ee9e928b3539dcfccd 75d939e05c094dda5410c98b8264d7c3270a6672 b09eaa3afbf3c651a41228d2297ff907b3f98102bce5277c7b9a1af8a1f346f3 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 21 Mar 2023 12:47:59 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.google.com/	142.250.74.164	200 OK	56 kB
URL HTTP/2 www.google.com/ IP 142.250.74.164:0 ASN #15169 GOOGLE File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19850) Size 56 kB (56525 bytes) Hash 6309c90a2d7cde79bbdf5c667c5e5a1d 58f2d4d03d2ddf27cf379c740c82e49bcd0509ac ff4f6bb907cd799eaabec02099cee97dd516b3adc36f349534ce5db2e3f1cc79 HTTP Headers GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://app.babydop.com/ Connection: keep-alive Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site HTTP/2 200 OK date: Tue, 21 Mar 2023 12:48:00 GMT expires: -1 cache-control: private, max-age=0 content-type: text/html; charset=UTF-8 strict-transport-security: max-age=31536000 cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." content-encoding: br server: gws content-length: 56525 x-xss-protection: 0 x-frame-options: SAMEORIGIN set-cookie: AEC=ARSKqsKO3F1JI9GEDsUvbt6Xbx4lzNWOdtWK2rvSbW5zxXGh_99ScZtSYQ; expires=Sun, 17-Sep-2023 12:48:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax __Secure-ENID=10.SE=c76fczlZjX0mjkxFGE4fTevhIfltsPhtCZflnWZIXc2u0YK9VtAOtU971dDyK_TJv29ew6Cw0wRMLH4VhmsmPJlJg58OK13ewD3ycW2rz2bZHbmdnLrhdA6C8xSVCSP4f_eXE8d9c0Qp4Kle7IcULCgWx4n1CJx4M9sqGnrcQEs; expires=Sat, 20-Apr-2024 05:06:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	216.58.211.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 216.58.211.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash c26dba42c0d5a8ae943ac677b38929ea 21c68777a8249158f53f6f1bbf33d12769146cec a890859401ea2f9079622841f24a700215fcab7fe291d0b1f581e675ae130342 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 21 Mar 2023 12:48:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fonts.gstatic.com/s/i/productlogos/googleg/v6/24px.svg	142.250.74.163	200 OK	438 B
URL HTTP/2 fonts.gstatic.com/s/i/productlogos/googleg/v6/24px.svg IP 142.250.74.163:0 ASN #15169 GOOGLE File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (742), with no line terminators Size 438 B (438 bytes) Hash 55034acc07f2e9996714f3a26001a021 466900a397cef93422a85bd415fa47101e1f6832 d7e3613dad665c5681aa7d2896f9f840e117b0275db09e16070ed6e06fb5ea0c HTTP Headers `GET /s/i/productlogos/googleg/v6/24px.svg HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-length: 438 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Fri, 17 Mar 2023 23:48:58 GMT expires: Sat, 16 Mar 2024 23:48:58 GMT cache-control: public, max-age=31536000 last-modified: Wed, 20 Apr 2022 17:17:30 GMT content-type: image/svg+xml vary: Accept-Encoding age: 305942 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.gstatic.com/inputtools/images/tia.png	142.250.74.35	200 OK	151 B
URL HTTP/2 www.gstatic.com/inputtools/images/tia.png IP 142.250.74.35:0 ASN #15169 GOOGLE File type PNG image data, 19 x 11, 8-bit/color RGBA, non-interlaced\012- data Size 151 B (151 bytes) Hash 0667c2bf932c77b80ef533c5dc1bd7ff 18015c76d9b6861d576841652e6963dad26a3e35 4ebecfbb2c9cff1741b805876370db38d862a037f652d6f647ce51995e03df2c HTTP Headers `GET /inputtools/images/tia.png HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK accept-ranges: bytes content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/inputtools cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="inputtools" report-to: {"group":"inputtools","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/inputtools"}]} content-length: 151 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Fri, 17 Mar 2023 09:07:44 GMT expires: Sat, 16 Mar 2024 09:07:44 GMT cache-control: public, max-age=31536000 last-modified: Tue, 03 Mar 2020 20:15:00 GMT content-type: image/png vary: Origin age: 358816 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.gstatic.com/og/_/ss/k=og.qtm.ATD6NhVhEYg.L.F4.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/ct=zgms/rs=AA2YrTtjUfiRlzDPJiiPypZ1rIMH6JdRTg	142.250.74.35	200 OK	273 B
URL HTTP/2 www.gstatic.com/og/_/ss/k=og.qtm.ATD6NhVhEYg.L.F4.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/ct=zgms/rs=AA2YrTtjUfiRlzDPJiiPypZ1rIMH6JdRTg IP 142.250.74.35:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (386), with no line terminators Size 273 B (273 bytes) Hash 2a1bf977b13c5f91c9dc23e52de924e5 cc4e7d1f18c409c61cb63afa21c21dfe7c01dd28 72e237dce16d88b812bbbab2e4d098ea9aadeae5194504c1447af177bf294792 HTTP Headers GET /og/_/ss/k=og.qtm.ATD6NhVhEYg.L.F4.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/ct=zgms/rs=AA2YrTtjUfiRlzDPJiiPypZ1rIMH6JdRTg HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/one-google-eng cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="one-google-eng" report-to: {"group":"one-google-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/one-google-eng"}]} content-length: 273 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Mon, 20 Mar 2023 14:02:57 GMT expires: Tue, 19 Mar 2024 14:02:57 GMT cache-control: public, max-age=31536000 last-modified: Wed, 08 Mar 2023 02:39:36 GMT content-type: text/css; charset=UTF-8 vary: Accept-Encoding, Origin age: 81903 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.gstatic.com/og/_/js/k=og.qtm.en_US.x3ks5OQMuEM.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTsLMDC5ShDgua5PEfbsQVpNWEqjoQ	142.250.74.35	200 OK	66 kB
URL HTTP/2 www.gstatic.com/og/_/js/k=og.qtm.en_US.x3ks5OQMuEM.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTsLMDC5ShDgua5PEfbsQVpNWEqjoQ IP 142.250.74.35:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (2127) Size 66 kB (65953 bytes) Hash 79c9553a02a082b09f125107bfdcfa55 344bd399d41e260f7d7bcb2bf0de6c00d6c5347e 9fefc29a7361c74d1cf3256e1f7c1cb3670f9abeb592c64bfd8bd30708c554c7 HTTP Headers GET /og/_/js/k=og.qtm.en_US.x3ks5OQMuEM.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTsLMDC5ShDgua5PEfbsQVpNWEqjoQ HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/one-google-eng cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="one-google-eng" report-to: {"group":"one-google-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/one-google-eng"}]} content-length: 65953 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 16 Mar 2023 06:48:32 GMT expires: Fri, 15 Mar 2024 06:48:32 GMT cache-control: public, max-age=31536000 last-modified: Mon, 13 Mar 2023 01:39:52 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding, Origin age: 453568 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	216.58.211.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 216.58.211.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash c26dba42c0d5a8ae943ac677b38929ea 21c68777a8249158f53f6f1bbf33d12769146cec a890859401ea2f9079622841f24a700215fcab7fe291d0b1f581e675ae130342 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 21 Mar 2023 12:48:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	216.58.211.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 216.58.211.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash bb99b9844b66c9df3819b987e46b7923 5f996c3d574444a33ed6c6091a076400236dd5a0 d534a628804664c315710e377fd1f7ca467c2d4eb480b217e89040dc8a875c6c HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 21 Mar 2023 12:48:00 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML